EXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 Data Breaches are out of control
2 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 3 We have a PASSWORD PROBLEM
4 TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND TOO VULNERABLE
Re-used Phished Keylogged
5 Adding more authentication has largely been rejected by users
6 ONE-TIME PASSCODES Improve security but aren’t easy enough
SMS Token Poor User Still Reliability Necklace Experience Phishable
7 WE NEED A NEW MODEL Fast IDentity Online 8 THE OLD PARADIGM OTP Passwords PINs 2FA
SECURITY USABILITY
9 ™ SECURITY Strong OTP THE FIDO 2FA PARADIGM
Passwords PINs Weak
Poor Good USABILITY
10 Single Sign-On MODERN AUTHENTICATION Federation
Passwords Strong Risk-Based Authentication
User Management
Physical-to-digital identity
11
10 HOW DOES FIDO WORK?
USER VERIFICATION FIDO AUTHENTICATION
AUTHENTICATOR
12 Passwordless Experience (FIDO UAF Standards) Success 1 2 3
$10,000
Transfer Now
Transaction Detail User Authentication Done
Second Factor Experience (FIDO U2F Standards) Success 1 2 3
Login & Password Insert dongle Done Press Button
13 Fido Registration
1 2 3
User Approval New Key Created
Registration Begins
4
Key Registered using Public Key Cryptography
14 Fido Login
1 2 3
Login Challenge Key Selected
Login User Approval
4
Login Complete Login Response using Public Key Cryptography
15 online authentication using public key cryptography
16 THE BUILDING BLOCKS
FIDO USER DEVICE RELYING PARTY
BROWSER/APP WEB SERVER
TLS Server Key FIDO CLIENT FIDO SERVER
FIDO UPDATE
ASM
FIDO AUTHENTICATOR Cryptographic Authenticator authentication Metadata key & attestation reference DB trust store
Authentication Attestation keys keys METADATA SERVICE
17 ATTESTATION & METADATA
Verify using Signed trust anchor Attestation Included in Object Metadata
FIDO FIDO Server Metadata Authenticator
Understand Authenticator security characteristic by looking into Metadata (and potentially other sources)
18 FIDO UNIVERSAL 2ND FACTOR
Is a user present?
USER VERIFICATION FIDO AUTHENTICATION
AUTHENTICATOR
Same authenticator as registered before?
19 Step 1 U2F AUTHENTICATION DEMO EXAMPLE
20 Step 2 U2F AUTHENTICATION DEMO EXAMPLE
21 Step 3 U2F AUTHENTICATION DEMO EXAMPLE
22 Step 4 U2F AUTHENTICATION DEMO EXAMPLE
+Bob
23 FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF
Same User Same as enrolled Authenticator before? as registered before?
USER VERIFICATION FIDO AUTHENTICATION
AUTHENTICATOR
24 STEP 1 UAF AUTHENTICATION DEMO EXAMPLE
25 STEP 2 UAF AUTHENTICATION DEMO EXAMPLE
26 STEP 3 UAF AUTHENTICATION DEMO EXAMPLE
27 STEP 4 UAF AUTHENTICATION DEMO EXAMPLE
28 USABILITY, SECURITY and PRIVACY
29 No 3rd Party in the Protocol
No Secrets on the Server side
Biometric data (if used) never leaves device
No link-ability between Services or Accounts
30 Better Security for online services Reduced cost for the enterprise Simple & Safe for consumers
31 The FIDO Alliance is an open association of more than 180 diverse member organizations
32 Online Services Chip Providers Device Providers Biometrics Vendors Enterprise Servers Platform Providers
Board Members
33 FIDO TIMELINE
FIDO 1.0 FINAL Specification First UAF & U2F Deployments Specification FIDO Ready Review Draft Program Alliance Announced
FEB DEC FEB FEB-OCT DEC 9 2013 2013 2014 2014 2014 (6 Members) (59 Members) (84 Members) (129 Members) (152 Members)
34 News from the front
The significance of early 2015 announcements
35 Windows used by 1.5 billion users Windows 10 in 190 countries by Q3 Free upgrade
FIDO in Windows 10
36 First healthcare deployment Physician access to health records up to 50 million Healthcare users
FIDO in Healthcare
37 PayPal continues FIDO enablement in improved mobile wallet app. Google has FIDO in Chrome and 2-Step Verification. Samsung adds touch to Galaxy® S6 and ships FIDO on all Galaxy® devices
2014 Deployments
38 A range of FIDO PRODUCTS is now available
39 Online Services
Chip Providers
Device Providers
Biometrics Technology Providers
Implementing 1.0 Specifications (this is only a subset of active implementations)
Enterprise Servers
Open Source
Mobile Apps/Clients
WWW Browsers
40 JOIN THE FIDO ALLIANCE
41 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION
42