The document discusses the security issues surrounding traditional authentication methods, highlighting vulnerabilities such as phishing and password theft. It introduces the FIDO (Fast Identity Online) framework, which utilizes public key cryptography to enhance authentication security by separating user verification from authentication. The FIDO protocol supports various user verification methods and aims to provide a passwordless experience while ensuring convenience and security.

1. FIDO U2F&UAF Tutorial

2. How Secure is Authentication?

3. How Secure is Authentication?

4. How Secure is Authentication?

5. Cloud Authentication

6. Password might be entered
into untrusted App / Web-site
(“phishing”)
Password could be stolen
from the server
Too many passwords to
remember
 re-use / cart
abandonment
Inconvenient to type
password on phone
Password Issues

7. Classifying Threats
Remotely attacking central servers
steal data for impersonation
1
Physically attacking user
devices
misuse them for
impersonation
6
Physically attacking user
devices
steal data for impersonation
5
Remotely
attacking lots of
user devices
steal data for
impersonation
Remotely
attacking lots of
user devices
misuse them for
impersonation
Remotely
attacking lots of
user devices
misuse
authenticated
sessions
2 3 4
Scalable attacks
Physical attacks
possible on lost or
stolen devices
(3% in the US in 2013)

8. How does FIDO work?
Device

9. How does FIDO work?
Private key
dedicated to one App
Public key
challenge
(signed)
response
Require user gesture
before private key
can be used

10. How does FIDO work?
… …SE

11. How does FIDO work?
Can recognize the user
(i.e. user verification), but
doesn’t know its identity
attributes.
Same Authenticator
as registered before?
Same User as
enrolled before?

12. How does FIDO work?
Identity binding to be done
outside FIDO: This this
“John Doe with customer
ID X”.
Can recognize the user
(i.e. user verification), but
doesn’t know its identity
attributes.
Same Authenticator
as registered before?
Same User as
enrolled before?

13. How does FIDO work?
… …SE
How is the key protected (TPM,
SE, TEE, …)?
Which user verification method is
used?

14. Attestation & Metadata
Metadata
Signed Attestation Object
Verify using trust anchor
included in Metadata
Understand Authenticator security
characteristic by looking into
Metadata from mds.fidoalliance.org
(or other sources)
Private attestation key

15. Passwordless Experience (UAF Standards)
Second Factor Experience (U2F Standards)
Authenticated
Online
3
Biometric User
Verification*
2
Authentication Challenge
1
?
Authenticated
Online
3
Second Factor Challenge
1
Insert Dongle* / Press Button
2
*There are other types of authenticators

16. Relying
Party
AppID, challenge
a; challenge, origin, channel id, etc.
a
generate:
key kpub
key kpriv
handle h kpub, h, attestation cert, signature(a,fc,kpub,h)
fc, kpub, h, attestation cert, s
cookie store:
key kpub
handle h
s
FIDO Client /
BrowserU2F Authenticator
check AppID
fc
U2F Registration

17. U2F Authenticator
FIDO Client /
Browser
Relying
Party
h, a; challenge, origin, channel id, etc.
retrieve:
key kpriv
from
handle h;
cntr++
cntr, signature(a,fc,cntr)
cntr, fc, s
check
signature
using
key kpub
s
fc
a
handle, AppID, challenge
U2F Authentication
hcheck AppID
set cookie
retrieve
key kpub
from
handle h

18. Passwordless Experience (UAF Standards)
Second Factor Experience (U2F Standards)
Authenticated
Online
3
Biometric User
Verification*
2
Authentication Challenge
1
?
Authenticated
Online
3
Second Factor Challenge
1
Insert Dongle* / Press Button
2
*There are other types of authenticators

19. Registration Overview
FIDO AUTHENTICATOR
FIDO SERVER
FIDO CLIENT
Send Registration Request:
- Policy
- Random Challenge
Start
registration
Verify user
Generate key pair
Sign attestation object:
• Public key
• AAID
• Hash(FinalChallenge)
• Name of relying party
Signed by attestation key
Verify signature
Check AAID against policy
Store public key
AAID = Authenticator Attestation ID, i.e. model ID
FinalChallenge=AppID | FacetID | channelBinding
| serveChallenge
Perform legacy authentication first, in order to bind authenticator to an electronic identity,
then perform FIDO registration.

20. Authentication Overview
FIDO AUTHENTICATOR
FIDO SERVER
FIDO CLIENT
Send Authentication Request:
- Policy
- Random Challenge
- Opt: TransactionText
Start
authentication
Verify user
Opt: Display TransactionText
Sign signData object:
• Signature alg
• Hash(FinalChallenge)
• Opt: Hash(TransactionText)
• Signature counter
• Authenticator random
Signature (Uauth key)
Verify signature
Check AAID against policy
FinalChallenge=AppID | FacetID | channelBinding
| serveChallenge

21. Convenience & Security
Convenience
Security
Password
Password + OTP

22. Convenience & Security
Convenience
Security
Password
Password + OTP
FIDO
In FIDO:
• Same user verification
method for all servers
In FIDO: Arbitrary user
verification methods are
supported (+ they are
interoperable)

23. Convenience & Security
Convenience
Security
Password
Password + OTP
FIDO
In FIDO:
• Only public keys on server
• Not phishable
In FIDO: Scalable security
depending on Authenticator
implementation

24. Conclusion
• Different authentication use-cases lead to different
authentication requirements
• FIDO separates user verification from authentication
and hence supports all user verification methods
• FIDO supports scalable convenience & security
• User verification data is known to Authenticator only
• FIDO complements federation
Rolf Lindemann, Nok Nok Labs, rolf@noknok.com