Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Protecting IDAAS with FIDO Authentication

3,982 views

Published on

A case study from FIDO Member, Neowave and their client Trustelem on securing "identity as a service" (IDAAS) with FIDO Certified Authenticators.

Published in: Internet
  • Hey guys! Who wants to chat with me? More photos with me here 👉 http://www.bit.ly/katekoxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Protecting IDAAS with FIDO Authentication

  1. 1. All Rights Reserved | FIDO Alliance | Copyright 20171 NEOWAVE + TRUSTELEM PROTECTING IDAAS* (WEB/CLOUD SSO*) WITH FIDO U2F * IDAAS: IDENTITY AS A SERVICE SSO: SINGLE SIGN ON
  2. 2. All Rights Reserved | FIDO Alliance | Copyright 20172 Deployment Case Study: Trustelem & Neowave Protecting IDAAS with FIDO U2F Gregory Haïk, CEO, Trustelem Frederic Martin, Security Architect, NEOWAVE
  3. 3. All Rights Reserved | FIDO Alliance | Copyright 20173 FIDO U2F TO PROTECT IDENTITY AS A SERVICE
  4. 4. All Rights Reserved | FIDO Alliance | Copyright 20174 NEOWAVE: SMART CARD BASED SECURITY PRODUCTS NEOWAVE mission is to address these issues through strong authentication, encryption and digital signatures based on secure smart card based products. Identity theft (phishing), fraud, data theft and cyber attacks are on the rise
  5. 5. All Rights Reserved | FIDO Alliance | Copyright 20175 EASY PHISHING ATTACKS AGAINST SMS CODES User Real website username password SMS username password SMS Send SMS3 1 4 5 2 Fake website or MITM attack
  6. 6. All Rights Reserved | FIDO Alliance | Copyright 20176 EASY PHISHING ATTACKS AGAINST OTP / TOTP username password OTP username password OTP OTP generator2 1 3 5 4 User Real websiteFake website or MITM attack
  7. 7. All Rights Reserved | FIDO Alliance | Copyright 20177 EASY PHISHING ATTACKS AGAINST SCANNED QR CODE VALIDATION User Real websiteFake website or MITM attack Give access Read QR Code 2 3 1 Validate (wrong) access4 5
  8. 8. All Rights Reserved | FIDO Alliance | Copyright 20178 FIDO U2F: SIMPLE / SECURE SOLUTION AGAINST PHISHING ATTACKS 2 – Data to be signed (challenge, hashed url, etc.) 4 – Signed Data 3 – Digital Signature (built-in smart card) 6 – Signature Verification 1 – Data to be signed (challenge, hashed url, etc.) 5 – Signed Data SSL Token Binding MITM protection
  9. 9. All Rights Reserved | FIDO Alliance | Copyright 20179 FIDO U2F USB SECURITY KEY PLUG KEYDO SECURITY KEY IN ENTER USERNAME & PASSWORD THAT’S IT
  10. 10. All Rights Reserved | FIDO Alliance | Copyright 201710 FIDO U2F NFC CARD APPROACH BADGEO NFC CARD THAT’S IT ENTER USERNAME & PASSWORD
  11. 11. All Rights Reserved | FIDO Alliance | Copyright 201711 TRUSTELEM: IDENTITY AS A SERVICE Company Corporate applications Trustelem enables your IT users to go from one application to another, without the need to re-authenticate. Trustelem manages digital identities of your IT users (IDaaS - Identity-as-a-Service Cloud Single Sign-On, SSO).
  12. 12. All Rights Reserved | FIDO Alliance | Copyright 201712 FIDO U2F ADVANTAGES FOR WEB SSO LOGON • No driver installation requirement • Web browser built-in support • Multi-platform / multi-channel protocol • High security level (built-in smart card) • Ultimate solution against identity theft
  13. 13. All Rights Reserved | FIDO Alliance | Copyright 201713 SIMPLE /SECURE WEB SSO LOGON Password then FIDO U2F
  14. 14. All Rights Reserved | FIDO Alliance | Copyright 201714 ALL-IN-ONE USER DASHBOARDS ACCESS PROTECTION Now you don’t have to wait for Microsoft to integrate FIDO U2F authentication :)
  15. 15. All Rights Reserved | FIDO Alliance | Copyright 201715 APPLICATIONS ACCESS e.g. facebook workplace
  16. 16. All Rights Reserved | FIDO Alliance | Copyright 201716 ADMIN CONSOLE Setup directories, users, apps, permissions… Logs, deployment audit
  17. 17. All Rights Reserved | FIDO Alliance | Copyright 201717 MORE FIDO U2F ADVANTAGES • FIDO U2F devices are anonymous (no user information, just anonymous keys, association is done on the server side) • FIDO U2F devices can be filtered, web services can be locked only for our own customized devices (attestation certificate)
  18. 18. All Rights Reserved | FIDO Alliance | Copyright 201718 CONCLUSION • FIDO U2F strongly recommended for Web SSO users and/or administrators • Secure but easy to use and deploy

×