CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
8 likes5,126 views
This document provides an overview of the FIDO UAF (Universal Authentication Framework) protocol. It describes common password and one-time password issues like phishing, theft, and inconvenience. It then explains how FIDO UAF works by using a cryptographic authenticator device to verify the user and sign authentication responses. The document outlines the registration and authentication flows and describes how metadata is used to understand the authenticator's security characteristics. It also discusses various implementation options for the authenticator including hardware-based devices, software authenticators, and leveraging trusted execution environments.
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
- 3. Password might be entered into untrusted App / Web-site (“phishing”) 1 Password could be stolen from the server 2 Too many passwords to remember à re-use / cart abandonment 3 Inconvenient to type password on phone 4 Password Issues
- 4. OTP vulnerable to real- time MITM and MITB attacks 1 SMS security questionable, especially when Device is the phone 2 OTP HW tokens are expensive and people don’t want another device 3 Inconvenient to type OTP on phone 4 OTP Issues
- 5. Authentication silos COMPLEXITY, REDUNDANCY, COSTS App 2 New App? RP 1 RP 1 App 1 ? ApplicationsAuthentication Methods
- 6. How does FIDO UAF work? Device
- 7. How does FIDO UAF work? … …SE
- 8. How does FIDO UAF work? Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. Same Authenticator as registered before?Same User as enrolled before?
- 9. How does FIDO UAF work? Same Authenticator as registered before?Same User as enrolled before? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”. Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user.
- 10. How does FIDO UAF work? Generate key pair in Authenticator and give public key to server Verify user before signing authentication response Provide cryptographic proof of authenticator model Use Metadata to understand Authenticator model security characteristic Define policy of acceptable AuthenticatorsUse site-specific keys in order to protect privacy Knows user IDs for registered web sites
- 11. FIDO Server AppFIDO Authenticator Device Relying Party Web App UAF Registration Prepare0
- 14. FIDO Authenticator FIDO Server Web App App Legacy Auth + Initiate Reg. 1 Prepare UAF Registration 0
- 15. FIDO Authenticator FIDO Server Web App App 1 Prepare UAF Registration 0 Legacy Auth + Initiate Reg.
- 16. FIDO Authenticator FIDO Server Web App App 1 Prepare 2 UAF Registration 0 Legacy Auth + Initiate Reg. Reg. Request + Policy
- 17. FIDO Authenticator FIDO Server Web App App 1 pat@example.com Pat Johnson Link your fingerprint Prepare 2 UAF Registration 0 Legacy Auth + Initiate Reg. Reg. Request + Policy
- 18. FIDO Authenticator FIDO Server Web App App 1 pat@example.com Pat Johnson Link your fingerprint Prepare 2 3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration 0 Legacy Auth + Initiate Reg. Reg. Request + Policy
- 19. FIDO Authenticator FIDO Server Web App App 1 pat@example.com Pat Johnson Link your fingerprint Prepare Reg. Request + Policy 2 3 Verify User & Generate New Key Pair (specific to RP Webapp) Reg. Response 4 UAF Registration 0 Legacy Auth + Initiate Reg. Key Registration Data: • Hash(FinalChallenge) • AAID • Public key • KeyID • Registration Counter • Signature Counter • Signature (attestation key) FinalChallenge=Hash(AppID | FacetID | tlsData | challenge)
- 20. FIDO Authenticator FIDO Server Web App App 1 pat@example.com Pat Johnson Prepare 2 3 Verify User & Generate New Key Pair (specific to RP Webapp) Reg. Response 4 Success 5 UAF Registration 0 Legacy Auth + Initiate Reg. Reg. Request + Policy
- 21. FIDO Building Blocks FIDO USER DEVICE FIDO CLIENT RELYING PARTY FIDO SERVER Metadata Service FIDO AUTHENTICATOR WEB SERVERBROWSER / APP Cryptographic authentication key reference DB Authenticator Metadata & attestation trust store Attestation key Authentication keys Update UAF Protocol TLS Server Key ASM
- 22. AAID & Attestation FIDO Authenticator FIDO Authenticator Using HW based crypto Pure SW based implementation Based on FP Sensor X Based on Face Recognition alg. Y AAID 1 AAID 2 Attestation Key 1 Attestation Key 2 AAID: Authenticator Attestation ID (=model name)
- 23. Privacy & Attestation Bob’s FIDO Authenticator Using HW based crypto Based on FP Sensor X FIDO SERVER RP1 FIDO SERVER RP2 Model A Model A Model A Serial #
- 24. Attestation & Metadata FIDO SERVERFIDO AUTHENTICATOR Metadata Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources)
- 30. FIDO Authenticator FIDO Server Web App App Prepare UAF Authentication Initiate Authentication 1 0
- 31. FIDO Authenticator FIDO Server Web App App Prepare UAF Authentication Initiate Authentication 1 Auth. Request with Challenge 2 0
- 32. FIDO Server Web App App Prepare UAF Authentication pat@example.com Pat Johnson Initiate Authentication 1 3 Verify User & Sign Challenge (Key specific to RP Webapp) FIDO Authenticator Auth. Request with Challenge 2 0
- 33. FIDO Server Web App App Prepare UAF Authentication Pat Johnson 650 Castro Street Mountain View, CA 94041 United States Initiate Authentication 1 FIDO Authenticator 3 Verify User & Sign Challenge (Key specific to RP Webapp) Auth. Response 4 Auth. Request with Challenge 2 0 SignedData: • SignatureAlg • Hash(FinalChallenge) • Authenticator random • Signature Counter • Signature FinalChallenge=Hash(AppID | FacetID | tlsData | challenge)
- 34. FIDO Server Web App App Prepare UAF Authentication pat@example.com Pat Johnson Payment complete! Return to the merchant’s web site to continue shopping Return to the merchant Initiate Authentication 1 FIDO Authenticator 3 Verify User & Sign Challenge (Key specific to RP Webapp) Auth. Request with Challenge 2 Auth. Response 4 Success 5 0
- 35. FIDO Server Browser or Native App FIDO Authenticator Initiate Transaction Authentication Response + Text Hash, signed by User’s private key Validate Response & Text Hash using User’s Public Key Authentication Request + Transaction Text 2 4 5 Device Relying Party 1 3 Web App Display Text, Verify User & Unlock Private Key (specific to User + RP Webapp) Transaction Confirmation SignedData: • SignatureAlg • Hash(FinalChallenge) • Authenticator random • Signature Counter • Hash(Transaction Text) • Signature FinalChallenge=Hash(AppID | FacetID | tlsData | challenge)
- 36. The Authenticator Concept FIDO Authenticator User Verification / Presence Secure Display Attestation Key Authentication Key(s) User Injected at manufacturing, doesn’t change Generated at runtime (on Registration) Optional Components
- 37. Using Secure Hardware FIDO Authenticator in SIM Card User Verification (PIN) SIM Card Attestation Key Authentication Key(s)
- 38. Trusted Execution Environment (TEE) FIDO Authenticator as Trusted Application (TA) Client Side Biometrics User Verification / Presence Attestation Key Authentication Key(s) Store at Enrollment Compare at Authentication Unlock after comparison
- 39. Trusted Execution Environment (TEE) Using Secure Hardware FIDO Authenticator as Trusted Application (TA) User Verification / Presence Secure Display Secure Element Attestation Key Authentication Key(s) e.g. GlobalPlatform Trusted UI
- 40. Leveraging hardware security User Space Secure Hardware ASM UX Layer Input, Display Crypto Layer ASM UX Layer Input, Display Crypto Layer ASM Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment and/or Secure Elements
- 41. FIDO & Federation FIDO USER DEVICE FIDO CLIENT IdP FIDO SERVER FIDO AUTHENTICATOR FEDERATION SERVERBROWSER / APP UAF Protocol Service Provider Federation Id DB Knows details about the Authentication strength Knows details about the Identity and its verification strength. First Mile Second Mile
- 42. How FIDO Addresses Threat Classes
- 44. FIDO at Industry Event – Readiness SIM as Secure Element Fingerprint, TEE, Mobile Speaker Recognition Mobile via NFC PIN + MicroSD USB SE Embedded SE
- 46. OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors OEM Enabled: Samsung Galaxy S5 smartphone & Galaxy Tab S tablets Clients available for these operating systems: Software Authenticator Examples: Speaker/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element FIDO READY™ PRODUCTS SHIPPING TODAY
- 47. The FIDO Alliance and Nok Nok Labs Standards Products Industry Standard Protocol “FIDO Ready™” FIRST FIDO Ready™ Server and Client Software: NNL S3 Suite Key Industry Partnerships
- 48. Call to Action • FIDO is ready for use – launch a PoC, Pilot • Get Involved: o Develop or adapt your products to FIDO o Come to the plenary, meet and mingle, speak with the pioneers, select your partners o Join the Alliance and contribute – we are a volunteer run organization o Contact donal@fidoalliance.org for membership details o Other questions – rolf@noknok.com
- 50. Relying Party (example.com) username, policy, AppID, challenge username u, ak; hash(fcp) a generate: key kpub key kpriv handle h aaid, kpub, fc, h, attestation cert, reg-cntr, cntr, signature(aaid,fc,reg-cntr,cntr,kpub) aaid, kpub, fc, h, attestation cert, reg-cntr, cntr, s store: key kpub handle h s UAF Registration ASM + FIDO Client + Browser1stF IAuthnr select Authenticator according to policy; check AppID, get tlsData (i.e. channel id, etc.); generate APIKey random, compute access key ak := hash(AppID|APIKey|PersonaID|CallerID) fcp := {a, challenge, facetID, tlsData} fc Note: This represents using a FIDO First-Factor Internal Authenticator -- it makes the differences to U2F more clear.
- 51. 1stF IAuthnr ASM + FIDO Client + Browser Relying Party h, ak; hash(fcp) select Authenticator according to policy; check AppID, get tlsData (i.e. channel id, etc.); lookup key handle h and access key ak; fcp := {a, challenge, facetID, tlsData} check: ak retrieve: key kpriv from h; cntr++ generate Authnr Nonce n fc, n, cntr, signature(fc,n,cntr) fcp, n, cntr, s lookup kpub from DB check: policy + signature using key kpub s UAF Authentication fc a policy, AppID, challenge Note: NO username+Password login required before this sequence. Click on FIDO Button (or similar trigger) is sufficient.
- 52. Binding Authenticator to User Login with legacy credential User A Cloud Service 1 Perform FIDO Register function Authenticator 1 2 User A Authenticator 1 Case A: Existing User
- 53. Binding Authenticator to User Create new account User B Cloud Service 1 Perform FIDO Register function Authenticator 2 Cloud Service 2 User B Authenticator 2 Case B: New User Opt.: verify attrs. with 3rd party
- 55. Thank you