Introduction to FIDO and eIDAS Services
Report
FIDO AllianceFollow
May. 29, 2020•0 likes•1,446 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Check these out next
Introduction to FIDO and eIDAS Services
May. 29, 2020•0 likes•1,446 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
eIDAS stands for “electronic identification, authentication and trust services.” It builds the legal basis for cross-border interoperability of electronic identification, authentication, and electronic signatures amongst EU Member States. This webinar slide deck explores the relationship between FIDO2 standards and eIDAS compliant schemes that can accommodate modern authentication protocols. The webinar will include: An introduction to eIDAS An overview on how to use FIDO as part of an eID scheme An overview on using FIDO2 for authentication to Qualified Trust Service Providers (QTSPs) This webinar is ideal for governmental agencies that are interested in using FIDO2 as part of an eIDAS notified eID scheme, and QTSPs who are interested in deploying eIDAS remote signing services that leverage the FIDO2 standard.
FIDO AllianceFollow
Recommended
Introduction to FIDO and eIDAS Services
- © FIDO Alliance ©2020 Webinar: Introduction to FIDO and eIDAS Services
- © FIDO Alliance ©20202
- © FIDO Alliance ©2020 Today’s Speakers Andrew Shikiar Executive Director & CMO FIDO Alliance Sebastian Elfors Senior Solutions Architect Yubico
- © FIDO Alliance ©20204
- © FIDO Alliance ©2020 Intro to FIDO Andrew Shikiar Executive Director & CMO FIDO Alliance
- © FIDO Alliance ©2020 The Credential Theft Cycle Persists 6 Credential loss grew by 284% in 2019 Criminals purchase credentials, use botnets to prep attacks Up to 2% of stuffing attempts are successful Credentials cost $0.70 - $2.30 80-90% of login attempts to e-commerce sties are spoofs 15.1 billion exposed records in 2019 Data Breach leads to credentials for sale on Dark Web Credential stuffing attacks on e-commerce, enterprise, etc 7,098 data breaches last year Server-side Authentication Credentials Annual cost to US Businesses: $5 billion Sources: ITRC, Verizon, Shape Security, Akamai
- © FIDO Alliance ©20207 Security Usability Poor Easy WeakStrong = Single Gesture Possession-based Authentication Open standards for simpler, stronger authentication using asymmetric public key cryptography
- © FIDO Alliance ©20208 FIDO Breaks the Credential Theft Cycle & Prevents Account Takeovers Use of Public Key Cryptography eliminates dependence on server-side credentials Nothing of value for hackers to steal (public keys have no utility) Stuffed credentials won’t work Stops supply & demand for hackers
- © FIDO Alliance ©20209 + Sponsor members + Associate members + Liaison members FIDO Leadership
- © FIDO Alliance ©202010 Hello Since May 2018 Broader matrix of support across platforms and transports Over 2 Billion Devices can support FIDO Authentication
- © FIDO Alliance ©202011 Browser/Platform Support: A Detailed Update
- © FIDO Alliance ©2020 Intro to eIDAS Sebastian Elfors Senior Solutions Architect Yubico
- © FIDO Alliance ©202013
- © FIDO Alliance ©20201414
- © FIDO Alliance ©2020 Using FIDO for eIDAS Services Sebastian Elfors Senior Solutions Architect Yubico
- © FIDO Alliance ©20201616
- © FIDO Alliance ©20201717
- © FIDO Alliance ©20201818
- © FIDO Alliance ©20201919
- © FIDO Alliance ©20202020
- © FIDO Alliance ©20202121
- © FIDO Alliance ©20202222 https://fidoalliance.org/white- paper-introduction-of-fido-eidas- services/ https://fidoalliance.org/white-paper- using-fido-with-eidas-services/
- © FIDO Alliance ©2020 Q&A Andrew Shikiar Executive Director & CMO FIDO Alliance Sebastian Elfors Senior Solutions Architect Yubico
- © FIDO Alliance ©2020 If we didn’t have time to answer your question, please reach out to us at help@fidoalliance.org The webinar recording and slides will be emailed to you and posted on fidoalliance.org Please stay on to take the survey at the conclusion of the webinar 24
- © FIDO Alliance 2020 fidoalliance.org 25
Editor's Notes
- So let’s talk about credential theft.. It all starts with the fact that authentication has historically depended on centrally-stored, server side credentials. The problem with this is that the credentials are at risk of being stolen through a variety of mechanisms, which we’ll explore today. This is part of the landscape that FIDO was founded to address.
- We know that passwords have very weak security and poor usability – but the thing that doesn’t (or didn’t“) get enough attention was the risk associated with OTPs. Not only do OTPs present major usability challenges (what’s worse than one password? Two passwords) but OTPs are also centrally stored secrets, just for a shorter timeframe. As such, they are succeceptible to large-scale attacks and/or spear-phishing – as we’ve seen in some very well-documented breaches. This really is the crux of what FIDO is trying to do – it’s eliminating use of all shared secrets, not just passwords. FIDO’s goal from day one was to transform the market away from dependence on centrally stored shared secrets to a model that uses public key cryptography and allows consumers to authenticate through devices that they literally have in their fingertips every day. It’s simpler and stronger authentication. FIDO rapidly realized this goal with the initial release of FIDO’s UAF and U2F specifications in 2015.
- History of the Alliance: Organization was organized in 2012, open to any organization to join in 2013 with the mission to solve the world’s password problem FIDO was launched with just 6 member companies. Today we have more than 250 members from around the world – including the Board of Directors that you see represented here My favorite way of looking at this list of logos is consider closing your eyes and asking yourself “what companies do we need have sitting around a board table to help solve the password problem?” – and I suspect it would look a lot like this We have major platform providers and manufacturers creating devices that we all use every day We have leaders in security, biometrics and identity – both established companies and innovative start-ups Last but not least, we have companies whose very businesses depend on their ability to deliver high-assurance services to billions of users around the world
- -2019 was Significant year in terms of fido2 adoption -Platform authenticators are certified -Brings reach of fido2 to billions of users using these platforms -Browser support grown in breadth and depth -Ex: Stronger initial and growing support in safari for fido2 -Safari13 supports security keys on macOS, iOS and iPadOS
- -Significant year in terms of fido2 adoption -Platform authenticators are certified -Brings reach of fido2 to billions of users using these platforms -Browser support grown in breadth and depth -Ex: Stronger initial and growing support in safari for fido2 -Safari13 will support security keys on macoS - You can deploy across any mainstream OS today
- ANDREW