This is PPT is all about The U2F protocol of FIDO alliance.How it works, bheind the scenes, flow, implementation etc.

1. U2F - Universal 2nd Factor
By
Ather Ali

2. 1. The FIDO (Fast IDentity Online) Alliance is a non-profit organization nominally formed
in July 2012 to address the lack of interoperability among strong authentication
devices as well as the problems users face with creating and remembering multiple
usernames and passwords.
2. The FIDO Alliance plans to change the nature of authentication by developing
specifications that define an open, scalable, interoperable set of mechanisms that
supplant reliance on passwords to securely authenticate users of online services.
3. This new standard for security devices and browser plugins will allow any website or
cloud application to interface with a broad variety of existing and future FIDO-enabled
devices that the user has for online security.

3. FIDO Alliance has 2 UAF and U2F Specifications

4. Agenda
1. Introduction
2. Threats
3. Todays Solutions
4. U2F Solution
5. Fido Ready Device
6. Demo
7. Behind the Scene
8. How to implement

6. REUSED PHISHED KEYLOGGED
POSSIBLE THREATS

7. SMS USABILITY
Coverage Issues - Delay - User Cost
DEVICE USABILITY
One Per Site - Expensive - Fragile
USER EXPERIENCE
Users find it hard
Today's solution: One time codes: SMS or Device

8. ● One device, many services
● Easy: Insert and press button
● Safe: Un-phishable Security
The U2F solution: How it works

9. Core idea: Standard public key cryptography:
User's device mints new key pair, gives public key to server
Server asks user's device to sign data to verify the user.
One device, many services, "bring your own device" enabled
Lots of refinement for this to be consumer facing:
Privacy: Site Specific Keys, No unique ID per device
Security: No phishing, man-in-the-middles
Trust: Verify who made the device(Attestation Certificate)
Pragmatics: Affordable today, ride hardware cost curve down
Speed for user: Fast crypto in device (Elliptic Curve)
Think "Smartcard re-designed for modern consumer web"
U2F PROTOCOL

10. FIDO READY SECURITY KEY
http://www.amazon.in/gp/offer-
listing/B00NLKA0D8/ref=sr_1_1_olp?ie=UTF8&qid=14347
38887&sr=8-1&keywords=fido+key&condition=new

11. DEMO

12. https://demo.yubico.com/u2f?tab=login

14. server
PHISHER
Proof that User is there

15. “I promise a user is here”,
“the server challenge was: 337423”,
“the origin was: accounts.google.com”,
“the TLS connection state was: 342384”
proofThatUserIsThere

16. 2. Processing
3. Verification
1. Setup
Relying Party
FIDO CLIENT
PROCESS FLOW

21. https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-overview-ps-
20141009.html#goal-strong-authentication-and-privacy-for-the-web
1. How it works
2. How handle generated
3. How it secure by Mitm, phishing , malware etc.
4. Device is Genuine
5. Etc
Folllow the link
If you want to cover them in details the topics below

22. https://developers.yubico.com/Software_Projects/FIDO_U2F/
For Developers

23. Thanks!
E-mail: Mohammad.Ather55@gmail.com