UAF Tutorial How Secure is Authentication? Cloud Authentication Password Issues
Password might be Password could be stolen entered into untrusted from the server App / Web-site (“phishing”)
Inconvenient to type password on phone
Too many passwords to remember re-use / cart abandonment OTP Issues
OTP vulnerable to real- time MITM and MITB attacks
Inconvenient to type OTP on phone
OTP HW tokens are expensive and people don’t want another device SMS security questionable, especially when Device is the phone
Attack Classes
5 6
Physical attacks Physically attacking user possible on lost or Physically attacking user devices devices stolen devices misuse them for ( 3% in the US in 2013) steal data for impersonation impersonation
2 3 4
Remotely attacking Remotely attacking Remotely attacking lots of user devices lots of user devices lots of user devices
misuse steal data for misuse them for authenticated Scalable attacks impersonation impersonation sessions
1 Remotely attacking central servers steal data for impersonation Summary
1. Passwords are insecure and inconvenient especially on mobile devices 2. Alternative authentication methods are silos and hence don‘t scale to large scale user populations 3. The required security level of the authentication depends on the use 4. Risk engines need information about the explicit authentication security for good decision How does FIDO work?
Device How does FIDO UAF work?
… … SE How does FIDO UAF work?
Same Authenticator Same User as as registered before? enrolled before?
Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO UAF work? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
Same Authenticator Same User as as registered before? enrolled before?
Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO UAF work?
How is the key protected (TPM, SE, TEE, …)? What user verification method is used?
… … SE Attestation & Metadata
FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object
Verify using trust anchor included in Metadata
Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata How does FIDO UAF work?
2. Define policy 3. Store public keys of acceptable on the server 4. Provide Authenticators 6. Use site-specific (no secrets) cryptographic proof of keys in order to authenticator model protect privacy
8. Use channel binding to protect against MITM
5. Generate key pair in 7. Verify user Authenticator to protect before signing against phishing authentication response 1. Use Metadata to understand Authenticator model security characteristic FIDO Building Blocks Registration Overview
Send Registration Request: - Policy - Random Challenge FIDO CLIENT FIDO SERVER
Verify signature Start Check AAID against policy registration FIDO AUTHENTICATOR Store public key
Authenticate user Generate key pair Sign attestation object: • Public key • AAID • Random Challenge • Name of relying party Signed by attestation key AAID = Authenticator Attestation
ID, i.e. model ID
Registration Overview (2)
Relying Party foo.com
WEB Application “Know Your Customer” rules Physical Identity { userid=1234, [email protected], known since 03/05/04, payment history=xx, … } Legacy Authentication
FIDO AUTHENTICATOR FIDO SERVER Virtual Identity Registration AAID y key for foo.com: 0xfa4731
{ userid=1234, Link new pubkey=0x43246, AAID=x +pubkey=0xfa4731, AAID=y Authenticator to } existing userid UAF Authentication UAF Authentication UAF Authentication UAF Authentication UAF Authentication UAF Authentication UAF Authentication
Pat Johnson [email protected] UAF Authentication
SignedData: • SignatureAlg • Hash(FinalChallenge) • Authenticator random Pat Johnson 650• CastroSignature Street Counter Mountain View, CA 94041 United• StatesSignature
FinalChallenge=AppID | FacetID | channelBinding | challenge UAF Authentication
Pat Johnson [email protected]
Payment complete!
Return to the merchant’s web site to continue shopping
Return to the merchant Transaction Confirmation
SignedData: • SignatureAlg • Hash(FinalChallenge) • Authenticator random • Signature Counter • Hash(Transaction Text) • Signature
FinalChallenge=AppID | FacetID | channelBinding | challenge The FIDO Authenticator Concept
Injected at manufacturing, doesn’t change
FIDO Authenticator
User Verification / Attestation Key Presence
Transaction Confirmation Authentication Key(s) Display
Optional Generated at Components runtime (on Registration) Using Secure Hardware
FIDO Authenticator in SIM Card
SIM Card User Verification (PIN) Attestation Key
Authentication Key(s) Client Side Biometrics
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Verification / Presence Attestation Key
Store at Enrollment
Authentication Key(s)
Compare at Authentication Unlock after comparison Combining TEE and SE
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
Secure Element User Verification / Presence Attestation Key e.g. GlobalPlatform Trusted UI Transaction Confirmation Authentication Key(s) Display FIDO & Federation
First Mile Second Mile FIDO ReadyTM Products Shipping today
OEM Enabled: Samsung Galaxy S5 smartphone & Galaxy Tab S OEM Enabled: Lenovo ThinkPads with tablets Fingerprint Sensors
Clients available for these operating systems:
Software Authenticator Examples: Aftermarket Hardware Authenticator Examples: Speaker/Face recognition, PIN, QR Code, etc. USB fingerprint scanner, MicroSD Secure Element FIDO is used Today Conclusion • Different authentication use-cases lead to different authentication requirements • Today, we have authentication silos • FIDO separates user verification from authentication protocol and hence supports all user verification methods • FIDO supports scalable security and convenience • User verification data is known to Authenticator only • FIDO complements federation Consider developing or piloting FIDO-based authentication solutions
Dr. Rolf Lindemann, Nok Nok Labs, [email protected] UAF Registration UAF Registration UAF Registration UAF Registration UAF Registration UAF Registration UAF Registration
Pat Johnson [email protected]
Link your fingerprint UAF Registration
Pat Johnson [email protected]
Link your fingerprint UAF Registration
Pat Johnson [email protected]
KeyLink Registration your fingerprint Data: • Hash(FinalChallenge) • AAID • Public key • KeyID • Registration Counter • Signature Counter • Signature (attestation key)
FinalChallenge=AppID | FacetID | channelBinding | challenge UAF Registration
Pat Johnson [email protected]