SlideShare a Scribd company logo
U2F - Universal 2nd Factor
Dirk Balfanz
(Google)
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
password == bearer token
REUSED PHISHED KEYLOGGED
Today's solution: One time codes: SMS or Device
SMS USABILITY
Coverage Issues - Delay - User Cost
DEVICE USABILITY
One Per Site - Expensive - Fragile
USER EXPERIENCE
Users find it hard
PHISHABLE
German Police re: iTan:
".. we still lose money"
The U2F solution: How it works
● One device, many services
● Easy: Insert and press button
● Safe: Un-phishable Security
U2F Protocol
Core idea: Standard public key cryptography:
● User's device mints new key pair, gives public key to server
● Server asks user's device to sign data to verify the user.
● One device, many services, "bring your own device" enabled
Lots of refinement for this to be consumer facing:
● Privacy: Site Specific Keys, No unique ID per device
● Security: No phishing, man-in-the-middles
● Trust: Verify who made the device
● Pragmatics: Affordable today, ride hardware cost curve down
● Speed for user: Fast crypto in device (Elliptic Curve)
Think "Smartcard re-designed for modern consumer web"
DEMO
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
proofThatUserIsThere
Phisher
server
proofThatUserIsThere
server server
proofThatUserIsThere
“I promise a user is here”,
“the server challenge was: 337423”,
“the origin was: accounts.google.com”,
“the TLS connection state was: 342384”
Signed
proofThatUserIsThere
“I promise a user is here”,
“the server challenge was: 337423”,
“the origin was: accounts.google.com”,
“the TLS connection state was: 342384”
Signed
this is where the key is
this guy knows the key
Relying Party
FIDO Client
1. Setup
2. Processing
3. Verification
U2F Token
FIDO Client/
Browser
Relying
Party
app id, challenge
a; challenge, origin, channel id, etc.
c
a
check
app id
generate:
key kpub
key kpriv
handle h
kpub
, h, attestation cert, signature(a,c,kpub
,h)
c, kpub
, h, attestation cert, s
store:
key kpub
handle h
s
Registration
cookie
U2F Token
FIDO Client/
Browser
Relying
Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
a
check
app id
retrieve:
key kpriv
from
handle h;
counter++
counter, signature(a,c,counter)
counter, c, s
check:
signature
using
key kpub
s
h
retrieve:
key kpub
from
handle h
Authentication
set cookie
User Presence API
u2f.register({
‘challenge’: ‘KSDJsdASAS-AIS_AsS’,
‘app_id’: ‘https://www.google.com/facets.json’
}, callback);
callback = function(response) {
sendToServer(
response[‘clientData’],
response[‘tokenData’]);
};
u2f..handleRegistrationRequest({
‘challenge’: ‘KSDJsdASAS-AIS_AsS’,
‘app_id’: ‘https://www.google.com/facets.json’
}, callback);
callback = function(response) {
sendToServer(
response[‘clientData’],
response[‘tokenData’]);
};
User Presence API{
"typ":"register",
"challenge":"KSDJsdASAS-AIS_AsS",
"cid_pubkey": {
"kty":"EC",
"crv":"P-256",
"x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8",
"y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4"
},
"origin":"https://accounts.google.com"
}
User Presence API
u2f.sign({
‘challenge’: ‘KSDJsdASAS-AIS_AsS’,
‘app_id’: ‘https://www.google.com/facets.json’,
‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-sadsAJDKLSAD’
}, callback);
callback = function(response) {
sendToServer(
response[‘clientData’],
response[‘tokenData’]);
};
User Presence API
u2f.sign({
‘challenge’: ‘KSDJsdASAS-AIS_AsS’,
‘app_id’: ‘https://www.google.com/facets.json’,
‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-sadsAJDKLSAD’
}, callback);
callback = function(response) {
sendToServer(
response[‘clientData’],
response[‘tokenData’]);
};
{
"typ":"authenticate",
"challenge":"KSDJsdASAS-AIS_AsS",
"cid_pubkey": {
"kty":"EC",
"crv":"P-256",
"x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8",
"y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4"
},
"origin":"https://accounts.google.com"
}
What if…
...I want to accept U2F logins?
● Browser: Call JS APIs
○ (simulated today with browser extension)
● Server: Implement registration flow
○ decide how to handle attestation certificates
○ verify registration response
○ store public key, key handle with user account
● Server: Implement login flow
○ check username/password, look up key handle
○ verify authentication response (origin, signature, counter, …)
● Check your account recovery flow
What if…
...I want to offer a USB U2F token?
● Implement ECDSA P-256
● Implement counter
● Decide on key handle strategy
○ must recover private key, app id
● Implement USB framing spec
● No responses without user presence!
○ (with one exception)
○ check that app id matches
What if…
...I want to offer a NFC/BLE/... token?
● Come join FIDO!
What if…
...I have a different token form factor?
● Come join FIDO!
Next Steps
● Other platforms: browsers on Android, etc.
● Other platforms: native apps on Android, etc.
● Other message framing: BLE, NFC, etc.
● Other plugin mechanisms: ASM
Thanks!

More Related Content

What's hot

FIDO U2F 1.0 Specs: Overview and Insights
FIDO U2F 1.0 Specs: Overview and InsightsFIDO U2F 1.0 Specs: Overview and Insights
FIDO U2F 1.0 Specs: Overview and Insights
FIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
FIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
Nov Matake
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2F
FIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
OWASP Delhi
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
FIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
FIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
FIDO Alliance
 
Identity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authenticationIdentity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authentication
Leonard Moustacchis
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
FIDO Alliance
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
FIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
FIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
FIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
FIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
FIDO Alliance
 

What's hot (20)

FIDO U2F 1.0 Specs: Overview and Insights
FIDO U2F 1.0 Specs: Overview and InsightsFIDO U2F 1.0 Specs: Overview and Insights
FIDO U2F 1.0 Specs: Overview and Insights
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2F
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
Identity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authenticationIdentity Tech Talks #3 FIDO futur of authentication
Identity Tech Talks #3 FIDO futur of authentication
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
 

Viewers also liked

FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
FIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 
NTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleNTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More Simple
FIDO Alliance
 
LinOTP Elevator Pitch
LinOTP Elevator PitchLinOTP Elevator Pitch
LinOTP Elevator Pitch
Univention GmbH
 
Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationGoogle-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor Authentication
nCircle - a Tripwire Company
 
Ing voice biometrics nuance
Ing voice biometrics nuanceIng voice biometrics nuance
Ing voice biometrics nuance
Radu Dumitru
 
Voice Biometrics - how to recognize a speaker.
Voice Biometrics - how to recognize a speaker.Voice Biometrics - how to recognize a speaker.
Voice Biometrics - how to recognize a speaker.
Tomasz Zietek
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
FIDO Alliance
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
COMPUTEX TAIPEI
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
Kan-Han (John) Lu
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major Impact
Salesforce Admins
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
FIDO Alliance
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
FIDO Alliance
 
Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
ForgeRock
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
FIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
FIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
FIDO Alliance
 

Viewers also liked (20)

FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
NTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleNTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More Simple
 
LinOTP Elevator Pitch
LinOTP Elevator PitchLinOTP Elevator Pitch
LinOTP Elevator Pitch
 
Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationGoogle-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor Authentication
 
Ing voice biometrics nuance
Ing voice biometrics nuanceIng voice biometrics nuance
Ing voice biometrics nuance
 
Voice Biometrics - how to recognize a speaker.
Voice Biometrics - how to recognize a speaker.Voice Biometrics - how to recognize a speaker.
Voice Biometrics - how to recognize a speaker.
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major Impact
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
 
Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 

Similar to CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification

CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CloudIDSummit
 
Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)
CloudIDSummit
 
FIDO-U2F-Case-Study_Hanson.pptx
FIDO-U2F-Case-Study_Hanson.pptxFIDO-U2F-Case-Study_Hanson.pptx
FIDO-U2F-Case-Study_Hanson.pptx
VladVlad504281
 
U2F Case Study: Examining the U2F Paradox
U2F Case Study: Examining the U2F ParadoxU2F Case Study: Examining the U2F Paradox
U2F Case Study: Examining the U2F Paradox
FIDO Alliance
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
Haniyama Wataru
 
Social Gold In-Flash Payments Webinar
Social Gold In-Flash Payments WebinarSocial Gold In-Flash Payments Webinar
Social Gold In-Flash Payments Webinar
Social Gold
 
Social Gold in-Flash Webinar Jan 2010
Social Gold in-Flash Webinar Jan 2010Social Gold in-Flash Webinar Jan 2010
Social Gold in-Flash Webinar Jan 2010
Social Gold
 
Fido U2F PROTOCOL
Fido U2F PROTOCOLFido U2F PROTOCOL
Fido U2F PROTOCOL
Ather Ali
 
1. device onboarding
1. device onboarding1. device onboarding
1. device onboarding
JudePragashVedam
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyCheckmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Adar Weidman
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
Channa Ly
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application securityDenis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application security
Аліна Шепшелей
 
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
Inhacking
 
Cross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-InCross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-In
Peter Friese
 
1. device onboarding pdf
1. device onboarding pdf1. device onboarding pdf
1. device onboarding pdf
JudePragashVedam
 
Using the GSMA OneAPI Gateway
Using the GSMA OneAPI GatewayUsing the GSMA OneAPI Gateway
Using the GSMA OneAPI Gateway
GSMA OneAPI Gateway
 

Similar to CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification (20)

CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
 
Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)
 
FIDO-U2F-Case-Study_Hanson.pptx
FIDO-U2F-Case-Study_Hanson.pptxFIDO-U2F-Case-Study_Hanson.pptx
FIDO-U2F-Case-Study_Hanson.pptx
 
U2F Case Study: Examining the U2F Paradox
U2F Case Study: Examining the U2F ParadoxU2F Case Study: Examining the U2F Paradox
U2F Case Study: Examining the U2F Paradox
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
 
Social Gold In-Flash Payments Webinar
Social Gold In-Flash Payments WebinarSocial Gold In-Flash Payments Webinar
Social Gold In-Flash Payments Webinar
 
Social Gold in-Flash Webinar Jan 2010
Social Gold in-Flash Webinar Jan 2010Social Gold in-Flash Webinar Jan 2010
Social Gold in-Flash Webinar Jan 2010
 
Fido U2F PROTOCOL
Fido U2F PROTOCOLFido U2F PROTOCOL
Fido U2F PROTOCOL
 
1. device onboarding
1. device onboarding1. device onboarding
1. device onboarding
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyCheckmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application securityDenis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application security
 
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
 
Cross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-InCross-Platform Authentication with Google+ Sign-In
Cross-Platform Authentication with Google+ Sign-In
 
1. device onboarding pdf
1. device onboarding pdf1. device onboarding pdf
1. device onboarding pdf
 
Using the GSMA OneAPI Gateway
Using the GSMA OneAPI GatewayUsing the GSMA OneAPI Gateway
Using the GSMA OneAPI Gateway
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
OnBoard
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
Zilliz
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
The Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - CoatueThe Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - Coatue
Razin Mustafiz
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
Zilliz
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
FIDO Alliance
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
Stephanie Beckett
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
Alison B. Lowndes
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 

Recently uploaded (20)

Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
The Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - CoatueThe Path to General-Purpose Robots - Coatue
The Path to General-Purpose Robots - Coatue
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 

CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification

  • 1. U2F - Universal 2nd Factor Dirk Balfanz (Google)
  • 5. Today's solution: One time codes: SMS or Device SMS USABILITY Coverage Issues - Delay - User Cost DEVICE USABILITY One Per Site - Expensive - Fragile USER EXPERIENCE Users find it hard PHISHABLE German Police re: iTan: ".. we still lose money"
  • 6. The U2F solution: How it works ● One device, many services ● Easy: Insert and press button ● Safe: Un-phishable Security
  • 7. U2F Protocol Core idea: Standard public key cryptography: ● User's device mints new key pair, gives public key to server ● Server asks user's device to sign data to verify the user. ● One device, many services, "bring your own device" enabled Lots of refinement for this to be consumer facing: ● Privacy: Site Specific Keys, No unique ID per device ● Security: No phishing, man-in-the-middles ● Trust: Verify who made the device ● Pragmatics: Affordable today, ride hardware cost curve down ● Speed for user: Fast crypto in device (Elliptic Curve) Think "Smartcard re-designed for modern consumer web"
  • 12. proofThatUserIsThere “I promise a user is here”, “the server challenge was: 337423”, “the origin was: accounts.google.com”, “the TLS connection state was: 342384” Signed
  • 13. proofThatUserIsThere “I promise a user is here”, “the server challenge was: 337423”, “the origin was: accounts.google.com”, “the TLS connection state was: 342384” Signed this is where the key is this guy knows the key
  • 14. Relying Party FIDO Client 1. Setup 2. Processing 3. Verification
  • 15. U2F Token FIDO Client/ Browser Relying Party app id, challenge a; challenge, origin, channel id, etc. c a check app id generate: key kpub key kpriv handle h kpub , h, attestation cert, signature(a,c,kpub ,h) c, kpub , h, attestation cert, s store: key kpub handle h s Registration cookie
  • 16. U2F Token FIDO Client/ Browser Relying Party handle, app id, challenge h, a; challenge, origin, channel id, etc. c a check app id retrieve: key kpriv from handle h; counter++ counter, signature(a,c,counter) counter, c, s check: signature using key kpub s h retrieve: key kpub from handle h Authentication set cookie
  • 17. User Presence API u2f.register({ ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, ‘app_id’: ‘https://www.google.com/facets.json’ }, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); };
  • 18. u2f..handleRegistrationRequest({ ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, ‘app_id’: ‘https://www.google.com/facets.json’ }, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); }; User Presence API{ "typ":"register", "challenge":"KSDJsdASAS-AIS_AsS", "cid_pubkey": { "kty":"EC", "crv":"P-256", "x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8", "y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4" }, "origin":"https://accounts.google.com" }
  • 19. User Presence API u2f.sign({ ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, ‘app_id’: ‘https://www.google.com/facets.json’, ‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-sadsAJDKLSAD’ }, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); };
  • 20. User Presence API u2f.sign({ ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, ‘app_id’: ‘https://www.google.com/facets.json’, ‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-sadsAJDKLSAD’ }, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); }; { "typ":"authenticate", "challenge":"KSDJsdASAS-AIS_AsS", "cid_pubkey": { "kty":"EC", "crv":"P-256", "x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8", "y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4" }, "origin":"https://accounts.google.com" }
  • 21. What if… ...I want to accept U2F logins? ● Browser: Call JS APIs ○ (simulated today with browser extension) ● Server: Implement registration flow ○ decide how to handle attestation certificates ○ verify registration response ○ store public key, key handle with user account ● Server: Implement login flow ○ check username/password, look up key handle ○ verify authentication response (origin, signature, counter, …) ● Check your account recovery flow
  • 22. What if… ...I want to offer a USB U2F token? ● Implement ECDSA P-256 ● Implement counter ● Decide on key handle strategy ○ must recover private key, app id ● Implement USB framing spec ● No responses without user presence! ○ (with one exception) ○ check that app id matches
  • 23. What if… ...I want to offer a NFC/BLE/... token? ● Come join FIDO!
  • 24. What if… ...I have a different token form factor? ● Come join FIDO!
  • 25. Next Steps ● Other platforms: browsers on Android, etc. ● Other platforms: native apps on Android, etc. ● Other message framing: BLE, NFC, etc. ● Other plugin mechanisms: ASM