Introduction to FIDO2 (Korean Language)FIDO Alliance
Introduction to FIDO2 by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Korea Working Group Technical Seminar on July 16th, 2018
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
Introduction to FIDO2 (Korean Language)FIDO Alliance
Introduction to FIDO2 by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Korea Working Group Technical Seminar on July 16th, 2018
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
This document discusses the growing adoption of FIDO authentication standards for passwordless, phishing-resistant multi-factor authentication. It predicts that in 2022, enterprise passwordless deployments will grow rapidly as mobile platforms provide consumer-ready solutions at scale. The document outlines how FIDO specifications offer simpler and stronger authentication using public key cryptography backed by major technology companies. It notes that over 5 billion devices now support FIDO and more than 150 million people are using passwordless methods each month. Government policies are evolving to recognize FIDO authentication as the preferred choice and gold standard for phishing-resistant multi-factor authentication.
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
The document discusses the FIDO Alliance, which aims to address password problems and vulnerabilities by developing open authentication standards called FIDO. FIDO uses public key cryptography during authentication to securely verify users to online services from any device. The Alliance has over 250 members developing FIDO specifications and certification programs to advance adoption. Several large companies have implemented FIDO standards to strengthen authentication for their users and services.
The document describes the FIDO2 specification which includes WebAuthn and CTAP. WebAuthn introduces a new JavaScript API for browser-based authentication and CTAP introduces a new API for platform-based authentication. It provides an overview of the registration and authentication flows including the use of public key credentials on servers to authenticate users. It also describes extensions, attestations, credential management and the goals of convenience and strong security in the FIDO standards.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience. From FIDO Alliance Seminar in Tokyo, Japan, November, 2015.
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
This document provides instructions for implementing passwordless authentication for a web application using WebAuthn and FIDO2 security keys. It describes setting up a sample Spring Boot web app with traditional username/password authentication and then enhancing it with passwordless authentication. The workshop is split into modules, with this module focusing on implementing the authentication REST endpoints and updating the UI to allow passwordless sign-in. It provides code examples and diagrams to explain how the authentication flow works when a user attempts to sign in using a previously registered security key.
The document describes the FIDO2 specification which includes two new standards: WebAuthn for authentication in browsers and CTAP for platform authentication. It provides overviews and code snippets for how credentials can be registered and used for authentication on websites using public key cryptography with FIDO2 compliant security keys or platform authenticators on devices. The specification also covers credential management APIs and the processes of decommissioning credentials.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
FIDO 2.0 specifications are being developed to standardize strong web authentication across platforms. This includes a Web Authentication API submitted to W3C, key attestation and signature formats. A Client to Authenticator Protocol enables authentication using external devices over transports like USB, Bluetooth, and NFC. FIDO aims to accelerate adoption by providing authentication built into browsers, operating systems, and platforms.
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
This document discusses the growing adoption of FIDO authentication standards for passwordless, phishing-resistant multi-factor authentication. It predicts that in 2022, enterprise passwordless deployments will grow rapidly as mobile platforms provide consumer-ready solutions at scale. The document outlines how FIDO specifications offer simpler and stronger authentication using public key cryptography backed by major technology companies. It notes that over 5 billion devices now support FIDO and more than 150 million people are using passwordless methods each month. Government policies are evolving to recognize FIDO authentication as the preferred choice and gold standard for phishing-resistant multi-factor authentication.
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
The document discusses the FIDO Alliance, which aims to address password problems and vulnerabilities by developing open authentication standards called FIDO. FIDO uses public key cryptography during authentication to securely verify users to online services from any device. The Alliance has over 250 members developing FIDO specifications and certification programs to advance adoption. Several large companies have implemented FIDO standards to strengthen authentication for their users and services.
The document describes the FIDO2 specification which includes WebAuthn and CTAP. WebAuthn introduces a new JavaScript API for browser-based authentication and CTAP introduces a new API for platform-based authentication. It provides an overview of the registration and authentication flows including the use of public key credentials on servers to authenticate users. It also describes extensions, attestations, credential management and the goals of convenience and strong security in the FIDO standards.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience. From FIDO Alliance Seminar in Tokyo, Japan, November, 2015.
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
This document provides instructions for implementing passwordless authentication for a web application using WebAuthn and FIDO2 security keys. It describes setting up a sample Spring Boot web app with traditional username/password authentication and then enhancing it with passwordless authentication. The workshop is split into modules, with this module focusing on implementing the authentication REST endpoints and updating the UI to allow passwordless sign-in. It provides code examples and diagrams to explain how the authentication flow works when a user attempts to sign in using a previously registered security key.
The document describes the FIDO2 specification which includes two new standards: WebAuthn for authentication in browsers and CTAP for platform authentication. It provides overviews and code snippets for how credentials can be registered and used for authentication on websites using public key cryptography with FIDO2 compliant security keys or platform authenticators on devices. The specification also covers credential management APIs and the processes of decommissioning credentials.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
FIDO 2.0 specifications are being developed to standardize strong web authentication across platforms. This includes a Web Authentication API submitted to W3C, key attestation and signature formats. A Client to Authenticator Protocol enables authentication using external devices over transports like USB, Bluetooth, and NFC. FIDO aims to accelerate adoption by providing authentication built into browsers, operating systems, and platforms.
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
스마트 프로덕트: 제조사를 위한 IoT 연결성 극대화 비즈니스 모델 및 사례 소개 – 정재연 AWS 인프라스트럭처 아키텍트, 장재영 경동나...Amazon Web Services Korea
AWS는 제조사의 커넥티드 디바이스를 보다 안정적이고 안전하게 운영할 수 있는 다양한 AWS IoT 서비스를 제공하고 있습니다. 본 강연에서는 스마트 프로덕트에 AWS IoT를 도입한 국내 제조사 사례를 소개하고, 귀사의 비지니스에 IoT 기술을 어떻게 적용할 수 있는지 소개해드립니다.
조직내 권한 계정에 대한 탐색-온보딩-접근제어-감사-기록
접근제어 및 인증 관리
-통합 인증
(Single Sign-On)
- 비밀번호 사용 없는
MFA적용
- 엔드포인트 접속
-Identity 보안
권한 제어
- 자격증명 정보 관리
-공용 계정 및 접속 계정에
대한 세션 관리
- 적절한 권한으로 적절한 시간에 사용 제어
자격관리(Entitlements)
- 프로비저지닝/디프로비저닝 관리
- 사용 권한에 대한 모니터링 및
관리
K-Defense R8(vKeypad)는 가상 보안키패드로서, 키보드를 사용하지 않고 입력단 정보를 보호는 기능을 제공 합니다. 가상 보안키패드와 키보드보안 솔루션을 병행 운영하여 이용자 환경과 선택에 따라 사용 할 수 있으며, 이는 보다 높은 안정성과 보안성을 제공 됩니다.
키보드 입력 값에 대한 탈취는 정통적이고 지속적으로 발생되는 해킹 기법 중에 하나 하며, 점점 지능화 고도화 되고 있습니다. 그에 대응하여 키보드보안솔루션 영역이 확대되었고, 그 연장선에서 종단간암복화(End-To-End) 기능은 키보드 입력부터 암호화하여 WAS 서버에서 복호화를 수행하는데 패스워드 형태 값은 기밀성, 텍스트 행태 값은 무결성을 보장하게 하여 메모리 참조 및 변조 취약점에 대응하는 보안성 높은 구조를 제공 합니다.
ActiveX 형태에서 제공 되던 인터페이스 함수를 똑 같이 non-ActiveX에서도 지원하여 실 작업자 분들에게 편의성과 호환성을 제공하고 사후 관리에서도 도움 됩니다.
4. All Rights Reserved | FIDO Alliance | Copyright 2018444444
1.FIDO2 ?
● FIDO2는 글로벌 바이오 인증 기술 및 표준 단체인 FIDO Alliance 에서 제정한 바이오 인증
기술
● 종전의 FIDO 1.0 은 Android 와 iOS 와 같은 스마트폰 OS 를 기준으로 지문 센서 등 바이오
정보 인식 모듈을 이용하여 Local 인증 후 PKI (PublicKey Infrastructure) 기반의 인증을 수행
● FIDO2는 인터넷 웹 표준 제정 기구인 W3C에서 정의한 웹 인증사양 (WebAuthn)과 Client-To-
Authenticator Protocol (CTAP) 기술이 적용된 OS 혹은 웹 브라우저에서 PKI 기반의 바이오
인증을 수행
PC 에서 No-Plugin 기반의 바이오 인증 기술을 이용한 No-Password 인증 시대 개막
5. All Rights Reserved | FIDO Alliance | Copyright 2018555555
2.FIDO2 Architecture
User Device
Relying Party Application
Browser
Platform
Authenticator (Bound) Authenticator (External)
Relying Party
Application Server
Javascript 기반 Web Authentication
FIDO2 Authentication
CTAP
FIDO Server
6. All Rights Reserved | FIDO Alliance | Copyright 2018666666
3.CrossCertFIDO2
● FIDO 1.x 와 FIDO2 를 동시에 지원하는 J2EE 기반의 FIDO 서버
● FIDO 1.x은 누적 2억건 이상의 트랜잭션을 처리하여 안정성이 검증됨
● Service 방식은 자사 Secure Datacenter 를 통해 24X365 무중단 서비스로 운영
(Solution Type도 제공)
J2EE
FIDO 1.x
Processor
PACKED
Processor
U2F
Processor
TPM
Processor
Android (Sec)
Processor
K-FIDO
Processor
CrosscertFIDO Server
JS API
7. All Rights Reserved | FIDO Alliance | Copyright 20187
2.응용 사례 :
클라우드 간편인증
CloudSign
8. All Rights Reserved | FIDO Alliance | Copyright 2018888888
1.국내 전자서명의 이슈
설치 프로그램 전자서명 Type 브라우저 전자서명 Type
www.aaa.com www.bbb.com
스마트폰 전자서명 APP
9. All Rights Reserved | FIDO Alliance | Copyright 2018999999
2.차세대 전자서명 Trend
편리성
안전성
비용
언제 어디서나
안전하고 저렴한
클라우드 기반의 인증 서비스
10. All Rights Reserved | FIDO Alliance | Copyright 2018101010101010
3.해외 클라우드 전자서명 Start
● Adobe사 클라우드 기반 디지털 서명 발표 (2017.2)
● GlobalSign Digital Signing Service 발표 (2017. 6)
11. All Rights Reserved | FIDO Alliance | Copyright 2018111111111111
4.한국전자인증 클라우드 전자서명 서비스
구분 기존 전자서명 서비스 클라우드사인
편리성
프로그램 설치 무설치
비밀번호 입력 FIDO (지문) 인증
저장매체 이동 클라우드 이용
안전성 인증서 유출
HSM 보관
(Hardware Security Module)
비용 고비용 무료(개인 1개 인증서)
12. All Rights Reserved | FIDO Alliance | Copyright 2018121212121212
5.클라우드사인 이용 절차
전자서명 요청
전자서명 완료
PC 스마트폰
13. All Rights Reserved | FIDO Alliance | Copyright 2018131313131313
6.FIDO2 기반의 클라우드사인
스마트폰 APP도 필요 없는 진정한 의미의 No-Plugin 인증서 서비스 제공
HSM
FIDO Server
PC (웹브라우저)
스마트폰
① FIDO2 Authentication
Biometric
17. All Rights Reserved | FIDO Alliance | Copyright 2018171717171717
1.전자서명 시장 향후 전망
❖ 전자서명 제도 개편 추진, 다양한 신기술 전자서명 및 No Plugin 서명수단 확산
❖ 과학기술정보통신부 “신기술 전자서명인증 기술세미나” 8월 개최 예정
✓ 클라우드 전자서명, 바이오 전자서명, 브라우저 전자서명
✓ 블록체인 연동 전자서명, 앱 기반 통합인증, 웹 표준 무설치 전자서명
❖ Global Trend
✓ Google RootCA 인수 : SSL Market, IoT Market, 자율주행
✓ UN RootCA 구축 진행 : 인증서+지문카드로 물리적통제, 논리적통제
✓ IoT Certificate : By 2020, over 25 billion things will be connected to the Internet
OCF, OIC, One M2M : PKI + 생체인증 => OCF IoT Root CA 구축 진행중
AWS IoT Service : Device Certificate 발급 및 등록
✓ 자율주행 : VPKI(Vehicular PKI) 또는 V2X PKI (Vehicle to X PKI). 차량인증기관
18. All Rights Reserved | FIDO Alliance | Copyright 2018181818181818
2. 협업과 KWG
Key Value 내용
Global
Practice
- Symantec 글로벌 인증센터 직접운영 Global Practice 경험
- Global Security Policy, Validation, Management
Secure
Data Center
운영
- 금융/공공/기업 분야 실시간 공인인증 서비스의 안정적 운영
- 2억건의 FIDO 처리 (최근 ‘리브똑똑’의 음성인증 서비스)
PKI,
FIDO,
Device 인증,
클라우드 인증
원천기술 보유
- 국정원 암호필 알고리즘, ECC 경량 알고리즘 보유
- 보안토큰, IC카드, USIM, 지문카드 관련 저장 기술 확보
- HSM 키 생성, 키 관리와 전자서명 기술
- ATM, Cable modem, Set-top Box 인증서 5천만개 이상 발급
- 인증기관 최초 FIDO UAF 1.0 전체 항목 인증 획득
4차 산업혁명
혁신 기술 선도
- AIBrain 설립(2012년) – Datamation 20대 AI회사로 선정
- 과학기술정통부 IITP 정보보안 블록체인 사업자 선정
- 서울대와 블록체인기반 BitCoupon Service
한국전자인증 핵심역량
❖ Open Innovation 협업
✓ 다양한 인증수단과 어떻게 경쟁?
✓ 기술을 어디에 서비스?
✓ 안전성, 보안성 해결은?
❖ FIDO KWG 활동
✓ Development and Marketing 분과
공동 리더
✓ 온-오프라인 행사 기획 및 운영
✓ FIDO 잠재 회원 발굴 및 교육
✓ 타 국가 지역 워킹 그룹과 협업하여
기술개발 / 기술영업 파트너십 기회
모색
✓ 12월 FIDO 세미나 기획/운영
✓ FIDO 한글 웹사이트 론칭
19. All Rights Reserved | FIDO Alliance | Copyright 2018191919191919
담당영업 : 이형준 부장 (hjlee@crosscert.com)