Identity Tech Talks #3 FIDO futur of authentication
0 likes405 views
FIDO aims to replace passwords with open authentication standards. It defines specifications for authenticators like security keys and fingerprints to verify users during the login process. The FIDO Alliance has over 250 member companies working to develop specifications like UAF, U2F, and the upcoming FIDO 2.0, and ensure interoperability between implementations. FIDO authentications use public key cryptography to authenticate users locally on their devices and then with online services, without exposing any secrets that could be used by third parties or across multiple accounts.
Identity Tech Talks #3 FIDO futur of authentication
- 1. FIDO: LE FUTUR DE L’AUTHENTIFICATION ? 23 Mars 2017
- 2. SAFRAN IDENTITY AND SECURITY RESTRICTED SAFRAN IDENTITY AND SECURITY Safran Identity and Security / 15-07-2016 / Direction2 R&D Investment equal to nearly 7% of revenue Workforce 8,700+ EMPLOYEES in 57 COUNTRIES €1.9 BILLION of revenue #1 worldwide in biometric IDENTITY SOLUTIONS (fingerprint, iris and face) Systems deployed in MORE THAN 100 COUNTRIES A GLOBAL LEADER IN IDENTITY AND SECURITY
- 3. SAFRAN IDENTITY AND SECURITY RESTRICTED Intro Safran Identity & Security / 23 Mars 20173 1. FIDO en bref 2. Les cas d’usages FIDO UAF, U2F, 2.0
- 4. SAFRAN IDENTITY AND SECURITY RESTRICTED Safran Identity & Security / 23 Mars 20174 FIDO EN BREF 1
- 5. SAFRAN IDENTITY AND SECURITY RESTRICTED The FIDO Alliance is an open industry association of over 250 organizations with a focused mission: authentication standards 5 All Rights Reserved | FIDO Alliance | Copyright 2017.
- 6. SAFRAN IDENTITY AND SECURITY RESTRICTED FIDO Alliance Mission Develop Specifications Operate Adoption Programs Pursue Formal Standardization 1 2 3 define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to authenticate users of online services All Rights Reserved | FIDO Alliance | Copyright 2017.
- 7. SAFRAN IDENTITY AND SECURITY RESTRICTED Board Members 7 All Rights Reserved | FIDO Alliance | Copyright 2017.
- 8. SAFRAN IDENTITY AND SECURITY RESTRICTED HOW “Shared Secrets” WORK ONLINE The user authenticates themselves online by presenting a human-readable “shared secret” All Rights Reserved | FIDO Alliance | Copyright 2017.
- 9. SAFRAN IDENTITY AND SECURITY RESTRICTED HOW FIDO WORKS AUTHENTICATOR LOCAL ONLINE The user authenticates “locally” to their device (by various means) The device authenticates the user online using public key cryptography All Rights Reserved | FIDO Alliance | Copyright 2017.
- 10. SAFRAN IDENTITY AND SECURITY RESTRICTED No 3rd Party in the Protocol No Secrets on the Server Side Biometric Data (if used) Never Leaves Device No (*new*) Link-ability Between Services No (*new*) Link-ability Between Accounts All Rights Reserved | FIDO Alliance | Copyright 2017.
- 11. SAFRAN IDENTITY AND SECURITY RESTRICTED Certification Growth An open competitive market Ensures interoperability Sign of mature FIDO ecosystem 250+ FIDO® Certified products available today 230 74 32 62 74 108 162 216 253 304 Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Jan-17 TOTAL 11 All Rights Reserved | FIDO Alliance | Copyright 2017.
- 12. SAFRAN IDENTITY AND SECURITY RESTRICTED Safran Identity & Security / 23 Mars 201712 LES CAS D’USAGE FIDO UAF FIDO U2F FIDO 2.0 2
- 13. SAFRAN IDENTITY AND SECURITY RESTRICTED UAF (Universal Authentication Framework) • Specifications • V1.0 : Final • V1.1 : implementation draft U2F (Universal Second Factor) • Specifications • V1.0 : Final • V1.1 : implementation draft FIDO 2.0 (ex UFS) • Technical improvement • CTAP : interfaces with Authenticator • WebAuthn : Browser API defined by W3C • Specifications • Draft FIDO Specifications 13
- 14. SAFRAN IDENTITY AND SECURITY RESTRICTED ATTENTION : FIDO = AUTHENTIFICATION (et non identité) 14 = (site.com) jdoe -> Phase 1: l’enregistrement Phase 2: l’authentification 01001… 10110…
- 15. SAFRAN IDENTITY AND SECURITY RESTRICTED A Fido Server is the backend service that cryptographically authenticate an application user through a FIDO authenticator. Main features • Compliance with FIDO protocol (U2F/UAF/Fido 2.0) • Authenticator policy management • API with the user Agent (Registration) FIDO Server Safran Identity & Security / 23 Mars 201715
- 16. SAFRAN IDENTITY AND SECURITY RESTRICTED FIDO Standard : Compatibility Aspects U2F FIDO “Gold” Server FIDO2 FIDO2 FIDO2 UAF U2F Interoperability still to finalize Roaming Authenticator through CTAP bound authenticator WebAuthn/U2F U2F JS API UAF JS API UAF WebAuthn/CTAP Safran Identity & Security / 23 Mars 201716
- 17. SAFRAN IDENTITY AND SECURITY RESTRICTED Fido 2.0 (WebAuthn + CTAP) Safran Identity & Security / 23 Mars 201719 IDP User Device Browser Roaming Authenticators with transport channels and CTAP payload Relying Party WebApplication FIDO Server HTTPS Registration, Authentication & Transaction Confirmation FIDO Alliance Metadata Service BLE USB NFC Mobile Apps OS Bound authenticators
- 18. SAFRAN IDENTITY AND SECURITY RESTRICTED • Technical: • UAF: decreasing to almost stalled activity, trying to bring keystore as level 2 authenticators and bridging to WebAuthn • U2F: most of the work bridging to WebAuthn • CTAP: stalled waiting for a final status on WebAuthn • Related: WebAuthn very active development effort on Chrome, Edge and Mozilla • Working Groups • SRWG: Move initial levels 1=>4 to 2=>5 with an initial level for compliance and high level security overview (include software and TouchID authenticators) • CWG: Continue the biometric certification without PAD, rely upon TEE certification levels for 2+ levels • P3WG: Influence US NIST, EU for identity and banking standards Status update Safran Identity & Security / 23 Mars 201720
- 19. SAFRAN IDENTITY AND SECURITY RESTRICTED Safran Identity & Security / 23 Mars 201721