Fido Overview: Status and Future
0 likes482 views
1) Data breaches are widespread, resulting in over 1 billion stolen records since 2012. Passwords are vulnerable and difficult for users. 2) The FIDO Alliance proposes a new authentication model called FIDO that provides strong security without compromising usability. FIDO uses public key cryptography during registration and login to securely authenticate users. 3) FIDO authentication works across devices and applications, providing a simple and secure login experience for users. Major companies like Google, PayPal, and Samsung have already implemented FIDO standards in their products.
Fido Overview: Status and Future
- 2. Data Breaches are out of control 2
- 3. 783 data breaches IN 2014... >1 billion records stolen since 2012 3 $3.5 million average cost per breach
- 4. We have a PASSWORD PROBLEM 4
- 5. Re-used Phished Keylogged TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND TOO VULNERABLE 5
- 6. Adding more authentication has largely been rejected by users 6
- 7. ONE-TIME PASSCODES Improve security but aren’t easy enough Still Phishable Poor User Experience Token Necklace SMS Reliability 7
- 9. WE NEED A NEW MODEL Fast IDentity Online9
- 11. HOW DOES FIDO WORK? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR 11
- 12. Fido Registration 2 Registration Begins 1 12 User Approval 3 New Key Created 4 Key Registered using Public Key Cryptography
- 13. Fido Login 2 Login 1 13 Login Challenge 3 Key Selected 4 Login Response using Public Key Cryptography User Approval Login Complete
- 14. online authentication using public key cryptography 14
- 15. Passwordless Experience (FIDO UAF Standards) Second Factor Experience (FIDO U2F Standards) Transaction Detail User Authentication Done 1 2 3 Success $10,000 Transfer Now Login & Password 1 Insert dongle Press Button 2 Done 3 Success 15
- 16. 2014 Deployments 16 ü PayPal continues FIDO enablement in improved mobile wallet app. ü Google has FIDO in Chrome and 2-Step Verification. ü Samsung adds FIDO enabled Touch authentication to Galaxy® S6
- 17. FIDO UNIVERSAL 2ND FACTOR AUTHENTICATOR Is a user present? Same authenticator as registered before? USER VERIFICATION FIDO AUTHENTICATION 17
- 18. 18 Step 1 U2F AUTHENTICATION DEMO EXAMPLE
- 19. 19 Step 2 U2F AUTHENTICATION DEMO EXAMPLE
- 20. 20 Step 3 U2F AUTHENTICATION DEMO EXAMPLE
- 21. 21 Step 4 U2F AUTHENTICATION DEMO EXAMPLE +Bob
- 22. AUTHENTICATOR USER VERIFICATION FIDO AUTHENTICATION FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF 22 Same User as enrolled before? Same Authenticator as registered before?
- 28. 28 No 3rd Party in the Protocol No Secrets on the Server side Biometric data (if used) never leaves device No link-ability between Services or Accounts
- 29. Better Security for online services Reduced cost for the enterprise Simple & Safe for consumers 29
- 30. The FIDO Alliance is an open association of more than 180 diverse member organizations 30
- 31. 31 Physical-to-digital identity User Management Authentication Federation Single Sign-On Passwords Risk-BasedStrong MODERN AUTHENTICATION 10
- 32. Board Members 32 ü Online Services ü Chip Providers ü Device Providers ü Biometrics Vendors ü Enterprise Servers ü Platform Providers
- 33. FIDO TIMELINE FIDO 1.0 FINAL Specification First UAF & U2F Deployments Specification Review Draft FIDO Ready Program Alliance Announced FEB 2013 (6 Members) DEC 2013 (59 Members) FEB 2014 (84 Members) FEB-OCT 2014 (129 Members) DEC 9 2014 (152 Members) 33
- 34. FIDO implementations and deployments 34 FIDO in 2015
- 35. 35 A range of FIDO PRODUCTS is now available
- 36. 36 Implementing 1.0 Specifications (this is only a subset of active implementations) Online Services Chip Providers Device Providers Biometrics Technology Providers Enterprise Servers Open Source Mobile Apps/Clients WWW Browsers
- 37. FIDO in Windows 10 37 ü Windows used by 1.5 billion users ü Windows 10 in 190 countries by Q3 ü Free upgrade for consumer
- 38. FIDO in Snapdragon 38 ü Market leader to ship FIDO client ü 85+ OEMs as of Q4 ü >1 billion Android devices shipped ü Innovative sensor
- 39. FIDO in Healthcare 39 ü First healthcare deployment ü Physician access to health records ü up to 50 million Healthcare users
- 40. FIDO in Enterprise 40 ü Google for Work announced Enterprise admin support for FIDO® U2F “Security Key” – April 21 ü Google for Work is used by over 5 million businesses worldwide ü “The Security Keys are a great step forward, as they are very practical and more secure.” – Woolsworth IT
- 41. FIDO & Government 41 2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security) noted that 76% of 2012 network intrusions exploited weak or stolen credentials. -- NIST Roadmapfor Improving CriticalInfrastructure Cybersecurity,12- Feb-2014 ü Governments worldwide are looking at FIDO ü FIDO featured at White House Summit ü New collaboration framework…
- 42. Infineon NSP NNL New Government Membership Class Ø Reflecting an increased focus on Government collaboration worldwide Ø Details are now published in the new FIDO Alliance Membership Agreement 42