SlideShare a Scribd company logo

Beware of Passwords - FIDO helps to go passwordless

Download as PPTX, PDF
P
Parul Jain

Gates predicted the death of passwords in the RSA conference in 2003, so why are we in the era of passwords even after more than a decade. How can FIDO help us go to password-less using Public Key Cryptography standards. How are FIDO and Aadhar inherently different even though both are based on Public Key Cryptography.

Travel
1 of 27
#GHCI17 Beware of Passwords Parul Jain | @paruljaintweety
PAGE 2 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Password
PAGE 3 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Password Challenge Yet Another password Complex Rotate your passwords Reuse Write it down Vulnerable
PAGE 4 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Password Maturity
PAGE 5 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Passwordless
PAGE 6 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Authentication What I KNOW What I HAVE What I AM Username Password Sign In Enter OTP Submit
PAGE 7 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 What I Am • Universal • Unique • Permanent • Record once and match later Physical Biometrics Behavioral Biometrics
PAGE 8 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Biometric Challenges • Specialized device/hardware • Reliability can change over time • Match is not an exact match • Can’t be stored as hash values • Can’t be changed if forged or stolen
PAGE 9 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 FIDO
PAGE 10 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 What is FIDO • Fast IDentity Online • Industry consortium formed in July 2012 • Two protocol specs • Universal Authentication Framework - UAF • Universal Second Factor - U2F • Based on public key cryptography
PAGE 11 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF
PAGE 12 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Universal Authentication Framework • Passwordless • Any Device, Any Application, Any Authenticator • No secrets on Server • Biometric data never leaves the device
PAGE 13 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – User Device FIDO Authenticators Browser/Mobile App … FIDO UAF Client Authenticator Abstraction …
PAGE 14 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – User Device FIDO Authenticators Browser/Mobile App … FIDO UAF Client Authenticator Abstraction … FIDO Authenticator Attestation Key Authentication Keys Private Keys
PAGE 15 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Relying Party Web Server FIDO Server FIDO Metadata Service Public Keys • Attestation Keys • Authentication Keys
PAGE 16 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Architecture Web Server FIDO Server FIDO Metadata Service FIDO Authenticators Browser/ App FIDO UAF Client Authenticator Abstraction UAF Protocol 1. Registration 2. Authentication 3. Tx Confirmation 4. Deregisteration User Device Relying Party
PAGE 17 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Registration Web Server FIDO Server FIDO Metadata Service FIDO Authenticator User Agent FIDO UAF Client User Device Relying Party A B C 1. Initiate Registration 2. Registration Request + Policy 3.Verify User Create Private Key Per User andApp 4. Registration Response + Attestation + User’s Public Key 5.Validate response and attestation, Store User’s Public Key
PAGE 18 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Authentication Web Server FIDO Server FIDO Metadata Service FIDO Authenticator User Agent FIDO UAF Client User Device Relying Party A B C 1. Initiate Authentication 2. Authentication Request + Challenge + Policy 3.Verify User and unlock Private Key 4. Authentication Response signed by User’s private Key 5.Validate response using user’s Public Key
PAGE 19 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 FIDO helps with biometric challenges • Specialized device/hardware - Standardization • Reliability can change over time – Multi Modal • Match is not an exact match – Per Authenticator & Risk Based • Can’t be stored as hash values – Store on client • Can’t be changed if forged or stolen – Deregister
PAGE 20 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Adopting Organizations
PAGE 21 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 ASA Server Aadhaar Biometric Capture Device Or Application 1. Provide biometrics 2. Create Pid XML block, D 3. Generate Session Key,SK 4. Base64 (Encrypt(D, SK)) 5. Encrypt (SK, UPbK) : RSA AUA Server 6. HMAC : Base64 of Encrypt( SHA-256 (D), SK) UIDAI Server 8. Add License Key 7. 9. Sign using Private Key 10. 11.Verify signature 12. Decrypt SK 13.Validate Pid 14.Y/N
PAGE 22 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 FIDO vs Aadhaar Biometrics on Client Biometrics on Server FIDO Aadhaar Biometrics never leave client Biometrics travel over network No Symmetric Key Crypto AES to encrypt data Public key not by CA Public Key Cert by CA
Thank you
PAGE 24 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Appendix
PAGE 25 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF - Registration Taken From - https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf
PAGE 26 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF - Authentication Taken From - https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf
PAGE 27 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 References • https://fidoalliance.org/specs/ • https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido- uaf-protocol-v1.1-id-20170202.html • https://www.ietf.org/proceedings/92/slides/slides-92- tokbind-3.pdf • https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido- security-ref-v1.0-ps-20141208.html • http://zeropasswords.com/pdfs/WHATisWRONG_FIDO.pdf • https://authportal.uidai.gov.in/static/aadhaar_authenticatio n_api_1_6.pdf

Recommended

Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014
Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014
Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014Abhishek Kumbhat
 
Case Study: Hero Moto Corp Ltd.
Case Study: Hero Moto Corp Ltd.Case Study: Hero Moto Corp Ltd.
Case Study: Hero Moto Corp Ltd.Matrix COSEC
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
Deployment Snapshot from Japan: NTT DOCOMO, Yahoo! Japan
Deployment Snapshot from Japan: NTT DOCOMO, Yahoo! JapanDeployment Snapshot from Japan: NTT DOCOMO, Yahoo! Japan
Deployment Snapshot from Japan: NTT DOCOMO, Yahoo! JapanFIDO Alliance
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 
A First Step to a World without Passwords
A First Step to a World without PasswordsA First Step to a World without Passwords
A First Step to a World without PasswordsFIDO Alliance
 
FIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Alliance
 

Recommended

Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014
Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014
Gaming Technology for Emerging Markets - Skilrock Technologies - ICE 2014Abhishek Kumbhat
 
Case Study: Hero Moto Corp Ltd.
Case Study: Hero Moto Corp Ltd.Case Study: Hero Moto Corp Ltd.
Case Study: Hero Moto Corp Ltd.Matrix COSEC
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
Deployment Snapshot from Japan: NTT DOCOMO, Yahoo! Japan
Deployment Snapshot from Japan: NTT DOCOMO, Yahoo! JapanDeployment Snapshot from Japan: NTT DOCOMO, Yahoo! Japan
Deployment Snapshot from Japan: NTT DOCOMO, Yahoo! JapanFIDO Alliance
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 
A First Step to a World without Passwords
A First Step to a World without PasswordsA First Step to a World without Passwords
A First Step to a World without PasswordsFIDO Alliance
 
FIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPRFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & MicrosoftFIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationFIDO Alliance
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
 
Deployment Snapshots from Japan
Deployment Snapshots from JapanDeployment Snapshots from Japan
Deployment Snapshots from JapanFIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
The Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipThe Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipFIDO Alliance
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsFIDO Alliance
 
FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance
 
Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Alliance
 
FIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Alliance
 
2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond PasswordsFIDO Alliance
 
FIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Alliance
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APACFIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 

More Related Content

What's hot

FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPRFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationFIDO Alliance
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
 
Deployment Snapshots from Japan
Deployment Snapshots from JapanDeployment Snapshots from Japan
Deployment Snapshots from JapanFIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
The Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipThe Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipFIDO Alliance
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsFIDO Alliance
 
FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance
 
Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Alliance
 
FIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Alliance
 
2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond PasswordsFIDO Alliance
 
FIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Alliance
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APACFIDO Alliance
 

What's hot (20)

FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and Recommendations
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPR
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the Enterprise
 
Deployment Snapshots from Japan
Deployment Snapshots from JapanDeployment Snapshots from Japan
Deployment Snapshots from Japan
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
The Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipThe Value of FIDO Alliance Membership
The Value of FIDO Alliance Membership
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation Protocols
 
FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication
 
Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
 
FIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory Landscape
 
2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords
 
FIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile Connect
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APAC
 

Similar to Beware of Passwords - FIDO helps to go passwordless

Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowellFIDO Alliance
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO AuthenticationFIDO Alliance
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Alliance
 
GHC16_BuildingResiliencyInMulti-tierSystems
GHC16_BuildingResiliencyInMulti-tierSystemsGHC16_BuildingResiliencyInMulti-tierSystems
GHC16_BuildingResiliencyInMulti-tierSystemsShreya Mukhopadhyay
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusFIDO Alliance
 
Identity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authenticationIdentity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authenticationLeonard Moustacchis
 

Similar to Beware of Passwords - FIDO helps to go passwordless (20)

Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 
GHC16_BuildingResiliencyInMulti-tierSystems
GHC16_BuildingResiliencyInMulti-tierSystemsGHC16_BuildingResiliencyInMulti-tierSystems
GHC16_BuildingResiliencyInMulti-tierSystems
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and Status
 
Identity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authenticationIdentity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authentication
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
 

Recently uploaded

08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking MenDelhi Call girls
 
Genesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by verseGenesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by versemaricelcanoynuay
 
Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779
Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779
Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779Delhi Call girls
 
Kanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Kanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceKanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Kanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.
❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.
❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.Nitya salvi
 
🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...
🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...
🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...Apsara Of India
 
08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking Men08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking MenDelhi Call girls
 
Study Consultants in Lahore || 📞03094429236
Study Consultants in Lahore || 📞03094429236Study Consultants in Lahore || 📞03094429236
Study Consultants in Lahore || 📞03094429236Sherazi Tours
 
Book Cheap Flight Tickets - TraveljunctionUK
Book Cheap Flight Tickets - TraveljunctionUKBook Cheap Flight Tickets - TraveljunctionUK
Book Cheap Flight Tickets - TraveljunctionUKTravel Juncation
 
visa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa Consultantvisa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa ConsultantSherazi Tours
 
Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...
Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...
Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...Nitya salvi
 
Visa Consultant in Lahore || 📞03094429236
Visa Consultant in Lahore || 📞03094429236Visa Consultant in Lahore || 📞03094429236
Visa Consultant in Lahore || 📞03094429236Sherazi Tours
 
A tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism OrganizationA tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism OrganizationJuan Carlos Fonseca Mata
 
Hire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls AgencyHire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls AgencyNitya salvi
 
ITALY - Visa Options for expats and digital nomads
ITALY - Visa Options for expats and digital nomadsITALY - Visa Options for expats and digital nomads
ITALY - Visa Options for expats and digital nomadsMarco Mazzeschi
 
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh HaldighatiApsara Of India
 

Recently uploaded (20)

08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
08448380779 Call Girls In Bhikaji Cama Palace Women Seeking Men
 
Genesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by verseGenesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by verse
 
Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779
Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779
Night 7k Call Girls Noida Sector 93 Escorts Call Me: 8448380779
 
Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...
Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...
Call Girls Service !! New Friends Colony!! @9999965857 Delhi 🫦 No Advance VV...
 
Kanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Kanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceKanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Kanpur Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.
❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.
❤Personal Contact Number Varanasi Call Girls 8617697112💦✅.
 
🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...
🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...
🔥HOT🔥📲9602870969🔥Prostitute Service in Udaipur Call Girls in City Palace Lake...
 
08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking Men08448380779 Call Girls In Chirag Enclave Women Seeking Men
08448380779 Call Girls In Chirag Enclave Women Seeking Men
 
Discover Mathura And Vrindavan A Spritual Journey.pdf
Discover Mathura And Vrindavan A Spritual Journey.pdfDiscover Mathura And Vrindavan A Spritual Journey.pdf
Discover Mathura And Vrindavan A Spritual Journey.pdf
 
Study Consultants in Lahore || 📞03094429236
Study Consultants in Lahore || 📞03094429236Study Consultants in Lahore || 📞03094429236
Study Consultants in Lahore || 📞03094429236
 
Book Cheap Flight Tickets - TraveljunctionUK
Book Cheap Flight Tickets - TraveljunctionUKBook Cheap Flight Tickets - TraveljunctionUK
Book Cheap Flight Tickets - TraveljunctionUK
 
visa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa Consultantvisa consultant | 📞📞 03094429236 || Best Study Visa Consultant
visa consultant | 📞📞 03094429236 || Best Study Visa Consultant
 
Rohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 18 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...
Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...
Night 7k to 12k Daman Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Escort Service ...
 
Visa Consultant in Lahore || 📞03094429236
Visa Consultant in Lahore || 📞03094429236Visa Consultant in Lahore || 📞03094429236
Visa Consultant in Lahore || 📞03094429236
 
A tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism OrganizationA tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism Organization
 
Hire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls AgencyHire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
 
ITALY - Visa Options for expats and digital nomads
ITALY - Visa Options for expats and digital nomadsITALY - Visa Options for expats and digital nomads
ITALY - Visa Options for expats and digital nomads
 
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati
 
Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...
Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...
Call Girls Service !! Indirapuram!! @9999965857 Delhi 🫦 No Advance VVVIP 🍎 S...
 

Beware of Passwords - FIDO helps to go passwordless

  • 1. #GHCI17 Beware of Passwords Parul Jain | @paruljaintweety
  • 2. PAGE 2 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Password
  • 3. PAGE 3 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Password Challenge Yet Another password Complex Rotate your passwords Reuse Write it down Vulnerable
  • 4. PAGE 4 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Password Maturity
  • 5. PAGE 5 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Passwordless
  • 6. PAGE 6 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Authentication What I KNOW What I HAVE What I AM Username Password Sign In Enter OTP Submit
  • 7. PAGE 7 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 What I Am • Universal • Unique • Permanent • Record once and match later Physical Biometrics Behavioral Biometrics
  • 8. PAGE 8 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Biometric Challenges • Specialized device/hardware • Reliability can change over time • Match is not an exact match • Can’t be stored as hash values • Can’t be changed if forged or stolen
  • 9. PAGE 9 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 FIDO
  • 10. PAGE 10 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 What is FIDO • Fast IDentity Online • Industry consortium formed in July 2012 • Two protocol specs • Universal Authentication Framework - UAF • Universal Second Factor - U2F • Based on public key cryptography
  • 11. PAGE 11 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF
  • 12. PAGE 12 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Universal Authentication Framework • Passwordless • Any Device, Any Application, Any Authenticator • No secrets on Server • Biometric data never leaves the device
  • 13. PAGE 13 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – User Device FIDO Authenticators Browser/Mobile App … FIDO UAF Client Authenticator Abstraction …
  • 14. PAGE 14 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – User Device FIDO Authenticators Browser/Mobile App … FIDO UAF Client Authenticator Abstraction … FIDO Authenticator Attestation Key Authentication Keys Private Keys
  • 15. PAGE 15 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Relying Party Web Server FIDO Server FIDO Metadata Service Public Keys • Attestation Keys • Authentication Keys
  • 16. PAGE 16 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Architecture Web Server FIDO Server FIDO Metadata Service FIDO Authenticators Browser/ App FIDO UAF Client Authenticator Abstraction UAF Protocol 1. Registration 2. Authentication 3. Tx Confirmation 4. Deregisteration User Device Relying Party
  • 17. PAGE 17 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Registration Web Server FIDO Server FIDO Metadata Service FIDO Authenticator User Agent FIDO UAF Client User Device Relying Party A B C 1. Initiate Registration 2. Registration Request + Policy 3.Verify User Create Private Key Per User andApp 4. Registration Response + Attestation + User’s Public Key 5.Validate response and attestation, Store User’s Public Key
  • 18. PAGE 18 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF – Authentication Web Server FIDO Server FIDO Metadata Service FIDO Authenticator User Agent FIDO UAF Client User Device Relying Party A B C 1. Initiate Authentication 2. Authentication Request + Challenge + Policy 3.Verify User and unlock Private Key 4. Authentication Response signed by User’s private Key 5.Validate response using user’s Public Key
  • 19. PAGE 19 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 FIDO helps with biometric challenges • Specialized device/hardware - Standardization • Reliability can change over time – Multi Modal • Match is not an exact match – Per Authenticator & Risk Based • Can’t be stored as hash values – Store on client • Can’t be changed if forged or stolen – Deregister
  • 20. PAGE 20 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Adopting Organizations
  • 21. PAGE 21 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 ASA Server Aadhaar Biometric Capture Device Or Application 1. Provide biometrics 2. Create Pid XML block, D 3. Generate Session Key,SK 4. Base64 (Encrypt(D, SK)) 5. Encrypt (SK, UPbK) : RSA AUA Server 6. HMAC : Base64 of Encrypt( SHA-256 (D), SK) UIDAI Server 8. Add License Key 7. 9. Sign using Private Key 10. 11.Verify signature 12. Decrypt SK 13.Validate Pid 14.Y/N
  • 22. PAGE 22 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 FIDO vs Aadhaar Biometrics on Client Biometrics on Server FIDO Aadhaar Biometrics never leave client Biometrics travel over network No Symmetric Key Crypto AES to encrypt data Public key not by CA Public Key Cert by CA
  • 24. PAGE 24 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 Appendix
  • 25. PAGE 25 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF - Registration Taken From - https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf
  • 26. PAGE 26 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 UAF - Authentication Taken From - https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf
  • 27. PAGE 27 | GRACE HOPPER CELEBRATION INDIA 17 Presented by AnitaB.org and Association for Computing Machinery India (ACM) India #GHCI17 References • https://fidoalliance.org/specs/ • https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido- uaf-protocol-v1.1-id-20170202.html • https://www.ietf.org/proceedings/92/slides/slides-92- tokbind-3.pdf • https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido- security-ref-v1.0-ps-20141208.html • http://zeropasswords.com/pdfs/WHATisWRONG_FIDO.pdf • https://authportal.uidai.gov.in/static/aadhaar_authenticatio n_api_1_6.pdf

Editor's Notes

  1. If not password, then what? Challenges in going passwordless?
  2. Universal – Everyone has it Unique - There are about 30 minutiae in a fingerprint scan obtained by a live fingerprint reader. The US Federal Bureau of Investigation (FBI) has evidenced that no two individuals can have more than 8 common minutiae. Permanent – There could be minor changes over time but its largely permanent Record once and match later - the recorded value to match later for authentication
  3. FIDO authenticators perform the actual biometric authentication Private attestation key Corresponding public key is shared with FIDO Server OOB First time use - register the biometric with the authenticator
  4. Attestation Key – AAID (Authenticator Attestation ID) Autehntication Key – KeyID AAID and KeyID Tuple uniquely identifies an authenticator's registration for a relying party
  5. User provides the biometrics to the authenticator Compared locally with the registered data Biometric verified => unlock authentication private key Authn response sent to FIDO server signed by private authentication key, attested withattestation key FIDO Server verifies the authentication message using User’s Public key FIDO Server verifies the authenticator attestation assertions using authenticator’s attestation public certificate.
  6. AES-256 – Symmetric encryption algo(AES/ECB/PKCS7Padding) 2048-bit UIDAI public key, asymmetric algo (RSA/ECB/PKCS1Padding)