Introduction to FIDO2 by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Korea Working Group Technical Seminar on July 16th, 2018
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
The FIDO Alliance has launched a new microsite, LoginWithFIDO.com, for high level, non-technical information about FIDO for consumers and service providers. As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login?
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
The FIDO Alliance has launched a new microsite, LoginWithFIDO.com, for high level, non-technical information about FIDO for consumers and service providers. As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login?
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
How Rovio Uses Amazon CloudFront for Secure API Acceleration (CTD315) - AWS r...Amazon Web Services
In this session, learn how gaming company Rovio Entertainment Corporation uses Amazon CloudFront to accelerate their API globally, and how it gives them flexibility to apply various security measures at the edge. Join the engineers at Rovio for an in-depth and interactive discussion.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
How Rovio Uses Amazon CloudFront for Secure API Acceleration (CTD315) - AWS r...Amazon Web Services
In this session, learn how gaming company Rovio Entertainment Corporation uses Amazon CloudFront to accelerate their API globally, and how it gives them flexibility to apply various security measures at the edge. Join the engineers at Rovio for an in-depth and interactive discussion.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
4. All Rights Reserved | FIDO Alliance | Copyright 2018
444444
FIDO 개념
▶사용자 인증과 원격 인증 프로토콜의 분리
• 사용자 인증수단은 바이오, 토큰, 패턴 등 다양
• 원격 인증은 공개키 기반 단일 방식
☞ 서버 변경 없이 다양한 인증 수단 사용
5. All Rights Reserved | FIDO Alliance | Copyright 2018
555555
FIDO 1.0 구조
Relying PartyUser Device
Application
App. Server
FIDO Server
FIDO Client
ASM
Authenticator
UAF Protocol
(등록/인증/해지)
6. All Rights Reserved | FIDO Alliance | Copyright 2018
666666
FIDO 2 필요성
FIDO 2, 왜 필요한가?
▶ FIDO 클라이언트 보급 해소
• FIDO 1.0 클라이언트의 배포주체 모호
• 플랫폼에서 기본 제공해 문제 해결
▶ 웹(Web)에서도 바이오인증 요구
• W3C 표준화로 모든 웹브라우저에 FIDO
기술 적용 목표
▶ UAF와 U2F 통합 필요
• 인증서비스에 대해 모바일과 웹에서
동일한 사용자 경험 제공
▶ 플랫폼 주도권 확보 전략
• 결제 및 온라인 서비스의 첫 번째
관문인 인증 기술을 플랫폼 내 수용
7. All Rights Reserved | FIDO Alliance | Copyright 2018
User Device
777777
FIDO2 구조
Relying Party
Application
App. Server
FIDO2 Server
OS/Browser
(FIDO Client) 개발자 API /
WebAuthn API
FIDO CTAP
자체 프로토콜
(등록/인증)
인증장치에서 서버로 보내는 메시지
CTAP - Client-To-Authenticator Protocol
8. All Rights Reserved | FIDO Alliance | Copyright 2018
888888
Web Authentication API
Relying PartyUser Device
Web App
App. Server
FIDO2 Server
Web Browser
자체 프로토콜
(등록/인증)
Built-In
Authenticator
▶ Web Authentication API ?
• 웹앱에서 웹브라우저의 FIDO 기능을 호출하기 위해 사용하는 자바 스크립트 API
• 인증장치를 FIDO 서버에 등록 및 인증하기 위한 기능 제공
• 인증장치가 등록 및 인증에서 사용하는 메시지 포맷 정의
• 다양한 사용 시나리오를 위한 확장 기능 (위치, 바이오 인덱스) 제공
9. All Rights Reserved | FIDO Alliance | Copyright 2018
999999
FIDO2 Authentication
Ceremony – Registration or Authentication
Authorization Gesture - User Consent
User Presence User Verification
User Touch
Button pressed
Fingerprint
Retina Scan
Face Recognition
10. All Rights Reserved | FIDO Alliance | Copyright 2018
101010101010
FIDO 인증장치 개념
FIDO Authenticator Framework
Attestation Key
Interface
Authentication
Keys
User Verification
Transaction
Confirmation Display
Platform ▶ 사용자 인증
• 지문, 홍채, PIN, etc.
▶ 키 생성
• 인증 키 생성
▶ 전자서명 생성
• 등록 및 인증
• 거래 확인
11. All Rights Reserved | FIDO Alliance | Copyright 2018
111111111111
FIDO2 인증장치
Webauthn API
Cross Platform
Authenticator
CTAP
Mobile/PC
Application
Wep Application
Non-Platform
API
(SW Authenticator)
Platform FIDO API
Platform
authenticator
(SW or HW)
CTAP
(USB, NFC, BLE)
Android/iOS
Application
12. All Rights Reserved | FIDO Alliance | Copyright 2018
121212121212
CTAP Protocol
▶ Client To Authenticator Protocol ?
• 외부 인증장치를 위한 플랫폼 독립적인 범용 API 및 프로토콜 정의
• 플랫폼 연결 방법으로 USB, NFC, Bluetooth 지원
• CTAP은 스마트폰을 인증장치로 이용하여 다른 디바이스에 인증 가능
• O2O 서비스에서 FIDO 인증을 적용할 수 있는 기반 제공
USB Bluetooth
FIDO 기능 지원 디바이스
13. All Rights Reserved | FIDO Alliance | Copyright 2018
131313131313
FIDO 1.0과 FIDO2 비교
UAF - Universal Authentication Framework
ASM - Authenticator Specific Module
CTAP - Client-To-Authenticator Protocol
14. All Rights Reserved | FIDO Alliance | Copyright 2018
141414141414
FIDO2 활용
▶스마트폰 -> PC / 브라우저 (FIDO2)
• 모든 플랫폼에 FIDO 서비스 이용 가능
▶서버 인증 -> 주변기기 인증
• IOT환경에 사용자 인증 기술로 활용
▶온라인 -> 오프라인
• O2O 서비스에 다양하게 활용
15. All Rights Reserved | FIDO Alliance | Copyright 2018
151515151515
맺으며…
▶플랫폼에 FIDO 기능 장착
• 운영체제 -> Windows & Android
• 웹브라우저 -> W3C 표준화로 Edge, Chrome, Firefox
▶다양한 인증장치의 증가
• 플랫폼 기반의 빌트인 인증장치 제공
• USB, Bluetooth, NFC 기반의 외부 인증장치 사용 가능
▶FIDO와 연계한 다양한 인증서비스 가능
• 무자각 인증기술
• 바이오 키 생성 기술
• 블록체인 기술
16. All Rights Reserved | FIDO Alliance | Copyright 2018
161616161616
조상래 (sangrae@etri.re.kr)
감사합니다