SlideShare a Scribd company logo

FIDO UAF Tutorial: Mobile Authentication and Cloud Security

FIDO Alliance
FIDO Alliance

1. Passwords are insecure and inconvenient, especially on mobile devices, while alternative authentication methods are siloed and don't scale well. 2. FIDO separates user verification from authentication, supporting all verification methods and providing scalable convenience and security. 3. In FIDO, only public keys are stored on servers and authentication relies on private keys protected in authenticators, making it resistant to phishing and password theft.

Technology
1 of 40
Download to read offline
FIDO  UAF  Tutorial
Mobile Authentication Helps Drive Business 770  million  biometric   authentication   applications  will  be   downloaded  per   annum  by  2019,  up   from  just  6  million  this   year  and  dramatically   reducing  dependence   on  alphanumeric   passwords  in  the   mobile  phone  market. -­Juniper  Research,   20  January  2016 Source:  Criteo,  State  of  Mobile  Commerce  Report  4Q  2015  
How Secure is Authentication?
Cloud Authentication
Password  might  be   entered  into  untrusted   App  /  Web-­site   (“phishing”) 2 Password  could  be  stolen   from  the  server 1 Too  many  passwords  to   remember à re-­use  /  cart abandonment 3 Inconvenient  to  type   password  on  phone 4 Password Issues
OTP Issues OTP  vulnerable  to  real-­ time  MITM  and  MITB   attacks 1 SMS  security  questionable,   especially  when  Device  is  the   phone 2 OTP  HW  tokens  are   expensive  and  people   don’t  want  another  device 3 Inconvenient  to  type  OTP   on  phone 4
Do you want to login? 1 Authentication Needs Authentication today: Ask user for a password… (and perhaps a one time password) Do you want to share your dental records? 4 Do you want to change your shipping address? 3 Do you want to delete all of your emails? 2 Do you want to transfer $100 to Frank? 5 Do you want to transfer $10,000 to mymerchant.com? 6
Classifying Threats Remotely  attacking  central  servers   steal  data for  impersonation 1 Physically  attacking  user   devices   misuse  them for   impersonation 6 Physically  attacking  user   devices steal  data for  impersonation 5 Remotely   attacking  lots  of   user  devices steal  data for   impersonation Remotely   attacking  lots  of   user  devices misuse  them for   impersonation Remotely   attacking  lots  of   user  devices misuse   authenticated   sessions 2 3 4 Scalable  attacks Physical  attacks   possible  on  lost  or stolen  devices ( 3%  in  the  US  in  2013)
Summary 1. Passwords  are  insecure  and  inconvenient   especially  on  mobile  devices 2. Alternative  authentication   methods  are  silos  and   hence  don‘t  scale  to  large  scale  user  populations 3. The  required  security  level  of  the  authentication   depends  on  the  use 4. Risk  engines  need  information  about  the  explicit   authentication   security  for  good  decision  
How does FIDO work? Device
How does FIDO work? Private  key Public  key challenge (signed)   response Require  user  gesture before  private  key   can  be  used
How does FIDO UAF work? … …SE
How does FIDO UAF work? Can  recognize the  user   (i.e.  user  verification),  but   doesn’t  know  its  identity   attributes. Same  Authenticator   as  registered  before? Same  User  as   enrolled  before?
How does FIDO UAF work? Identity  binding   to  be  done   outside  FIDO:  This  this   “John  Doe  with  customer   ID  X”. Can  recognize the  user   (i.e.  user  verification),  but   doesn’t  know  its  identity   attributes. Same  Authenticator   as  registered  before? Same  User  as   enrolled  before?
How does FIDO UAF work? … …SE How  is  the  key  protected  (TPM,   SE,  TEE,  …)? Which  user  verification  method  is   used?
Binding Keys to Apps Use  google.com  key Use  paypal.com  key Use  same  user  gesture (e.g.  same  finger  or  PIN) for  unlocking  each  private  key.
FIDO  USER  DEVICE FIDO  CLIENT FIDO  AUTHENTICATOR BROWSER  /  APP FIDO Building Blocks ASM RELYING  PARTY Attestation  key Authentication   keys FIDO  SERVER METADATA   SERVICE WEB  APPLICATION Update Cryptographic   authentication  key   DB Authenticator   Metadata UAF  Protocol TLS  Server  Key
Registration Overview FIDO AUTHENTICATOR FIDO SERVER FIDO CLIENT Send  Registration  Request: -­ Policy -­ Random  Challenge Start   registration Verify  user Generate  key  pair Sign  attestation  object: • Public  key • AAID • Random  Challenge • Name  of  relying  party Signed  by  attestation  key Verify  signature Check  AAID  against  policy Store  public  key AAID  =  Authenticator  Attestation   ID,  i.e.  model  ID Perform  legacy  authentication  first,  in  order  to  bind  authenticator  to  an  electronic  identity, then  perform  FIDO  registration.
FIDO Authenticator FIDO Server Web   App App Prepare0 UAF Authentication
FIDO Authenticator FIDO Server Web   App App Prepare UAF Authentication 0
FIDO Authenticator FIDO Server Web   App App Prepare UAF Authentication 0
FIDO Authenticator FIDO Server Web   App App Prepare UAF Authentication Initiate   Authentication 1 0
FIDO Authenticator FIDO Server Web   App App Prepare UAF Authentication Initiate   Authentication 1 Auth.  Request with  Challenge 2 0
FIDO Server Web   App App Prepare UAF Authentication pat@example.com Pat  Johnson Initiate   Authentication 1 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) FIDO Authenticator Auth.  Request with  Challenge 2 0
FIDO Server Web   App App Prepare UAF Authentication Pat  Johnson 650  Castro  Street Mountain  View,  CA  94041 United  States Initiate   Authentication 1 FIDO Authenticator 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) Auth. Response 4 Auth.  Request with  Challenge 2 0
FIDO Server Web   App App Prepare UAF Authentication pat@example.com Pat  Johnson Payment  complete! Return  to  the  merchant’s  web   site  to  continue  shopping Return  to  the  merchant Initiate   Authentication 1 FIDO Authenticator 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) Auth.  Request with  Challenge 2 Auth.   Response 4 Success 5 0
FIDO Server Browser  or   Native  App FIDO Authenticator Initiate  Transaction Authentication   Response +  Text  Hash,   signed  by  User’s  private  key Validate Response  &   Text  Hash  using User’s  Public  Key Authentication   Request  +   Transaction  Text 2 4 5 Device Relying  Party 1 3 Web   App Display  Text,  Verify   User  & Unlock  Private   Key (specific  to  User  +  RP  Webapp) Transaction Confirmation
Convenience & Security Convenience Security Password
Convenience & Security Convenience Security Password Password  +  OTP
Convenience & Security Convenience Security Password Password  +  OTP FIDO In  FIDO: • Same  user  verification   method  for  all  servers In  FIDO:    Arbitrary  user   verification  methods  are   supported  (+  they  are   interoperable)
Convenience & Security Convenience Security Password Password  +  OTP FIDO In  FIDO: • Only  public  keys  on  server • Not  phishable In  FIDO:    Scalable  security   depending  on  Authenticator   implementation
What about rubber fingers? Protection  methods  in  FIDO 1. Attacker  needs  access  to  the  Authenticator  and  swipe  rubber   finger  on  it.    This  makes  it  a  non-­scalable  attack. 2. Authenticators  might  implement  presentation  attack  detection   methods. Remember: Creating  hundreds  of  millions  of  rubber  fingers  +  stealing  the  related   authenticators  is  expensive.    Stealing  hundreds  of  millions  of   passwords  from  a  server  has  low  cost  per  password.
But I can’t revoke my finger… • Protection  methods  in  FIDO You  don’t  need  to  revoke  your  finger,  you  can  simply   de-­register  the  old  (=attacked)  authenticator.  Then,   1. Get  a  new  authenticator 2. Enroll  your  finger  (or  iris,  …)  to  it 3. Register  the  new  authenticator  to  the  service
FIDO is used Today
Conclusion • Different  authentication  use-­cases  lead  to  different   authentication   requirements • FIDO  separates  user  verification  from  authentication   and  hence  supports  all  user  verification  methods • FIDO  supports  scalable  convenience  &  security • User  verification  data  is  known  to  Authenticator  only • FIDO  complements  federation Todd  Thiemann,  Nok  Nok Labs,  tthiemann@noknok.com
How does FIDO UAF work? 5.  Generate  key  pair  in   Authenticator  to  protect   against  phishing 7.  Verify  user  before   signing  authentication   response 4.  Provide  cryptographic   proof  of  authenticator   model 1.  Use  Metadata  to   understand  Authenticator     security  characteristic 2.  Define  policy  of   acceptable   Authenticators 6.  Use  site-­specific   keys  in  order  to  protect   privacy 3.  Store  public  keys  on   the  server   (no  secrets) 8.  Use  channel  binding  to   protect  against  MITM
Registration Overview (2) Physical  Identity Virtual  Identity FIDO AUTHENTICATOR FIDO SERVER WEB Application {  userid=1234,   jane@mail.com, known  since  03/05/04, payment  history=xx,   …   } {  userid=1234,   pubkey=0x43246,  AAID=x +pubkey=0xfa4731,  AAID=y } Registration AAID  y key  for  foo.com:  0xfa4731 Relying  Party  foo.com Link  new   Authenticator  to   existing  userid “Know  Your  Customer”  rules Legacy  Authentication
SIM  Card FIDO  Authenticator Attestation  Key Authentication  Key(s) Using Secure Hardware PIN   Verification PIN  Entry User Verification /   Presence
Trusted  Execution  Environment  (TEE) FIDO  Authenticator  as  Trusted  Application  (TA) User  Verification  /  Presence Attestation  Key Authentication  Key(s) Store  at  Enrollment Compare  at  Authentication Unlock  after  comparison Client Side Biometrics
Trusted  Execution  Environment   (TEE) Secure  Element Combining TEE and SE FIDO  Authenticator  as  Trusted  Application  (TA) Attestation  Key Authentication  Key(s) User  Verification     /  Presence Transaction   Confirmation   Display e.g.  GlobalPlatform   Trusted  UI

Recommended

FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 

Recommended

FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyHaniyama Wataru
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?Thomas Konrad
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 

More Related Content

What's hot

FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyHaniyama Wataru
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?Thomas Konrad
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 

What's hot (20)

FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
 

Viewers also liked

CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Predicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering CommunitiesPredicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering CommunitiesGregoire Burel
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Cultures in Community Question Answering
Cultures in Community Question AnsweringCultures in Community Question Answering
Cultures in Community Question AnsweringNicolas Kourtellis
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Tutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender SystemsTutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender Systemsneilhurley
 
Google Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableGoogle Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableFIDO Alliance
 
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...Marco Brambilla
 
Neural Network and NLP
Neural Network and NLPNeural Network and NLP
Neural Network and NLPMark Chang
 
Leveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile DevicesLeveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile DevicesNok Nok Labs, Inc
 
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...YONG ZHENG
 
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요![스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!SPACECLOUD
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례Lee Ji Eun
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAASrahmed_sct
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 
Introduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tasselIntroduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tasselAwais Khan
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 

Viewers also liked (20)

CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Predicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering CommunitiesPredicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering Communities
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
FOAF & SIOC applications
FOAF & SIOC applicationsFOAF & SIOC applications
FOAF & SIOC applications
 
Cultures in Community Question Answering
Cultures in Community Question AnsweringCultures in Community Question Answering
Cultures in Community Question Answering
 
Touch id in iphone 5s
Touch id in iphone 5sTouch id in iphone 5s
Touch id in iphone 5s
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Tutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender SystemsTutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender Systems
 
Google Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableGoogle Case Study: Becoming Unphishable
Google Case Study: Becoming Unphishable
 
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
 
Neural Network and NLP
Neural Network and NLPNeural Network and NLP
Neural Network and NLP
 
Leveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile DevicesLeveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile Devices
 
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
 
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요![스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership
 
Introduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tasselIntroduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tassel
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 

Similar to FIDO UAF Tutorial: Mobile Authentication and Cloud Security

FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsFIDO Alliance
 
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...apidays
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with MicrosoftFIDO Alliance
 

Similar to FIDO UAF Tutorial: Mobile Authentication and Cloud Security (20)

FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
 
WebAuthn
WebAuthnWebAuthn
WebAuthn
 

More from FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポートFIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

FIDO UAF Tutorial: Mobile Authentication and Cloud Security

  • 2. Mobile Authentication Helps Drive Business 770  million  biometric   authentication   applications  will  be   downloaded  per   annum  by  2019,  up   from  just  6  million  this   year  and  dramatically   reducing  dependence   on  alphanumeric   passwords  in  the   mobile  phone  market. -­Juniper  Research,   20  January  2016 Source:  Criteo,  State  of  Mobile  Commerce  Report  4Q  2015  
  • 3. How Secure is Authentication?
  • 5. Password  might  be   entered  into  untrusted   App  /  Web-­site   (“phishing”) 2 Password  could  be  stolen   from  the  server 1 Too  many  passwords  to   remember à re-­use  /  cart abandonment 3 Inconvenient  to  type   password  on  phone 4 Password Issues
  • 6. OTP Issues OTP  vulnerable  to  real-­ time  MITM  and  MITB   attacks 1 SMS  security  questionable,   especially  when  Device  is  the   phone 2 OTP  HW  tokens  are   expensive  and  people   don’t  want  another  device 3 Inconvenient  to  type  OTP   on  phone 4
  • 7. Do you want to login? 1 Authentication Needs Authentication today: Ask user for a password… (and perhaps a one time password) Do you want to share your dental records? 4 Do you want to change your shipping address? 3 Do you want to delete all of your emails? 2 Do you want to transfer $100 to Frank? 5 Do you want to transfer $10,000 to mymerchant.com? 6
  • 8. Classifying Threats Remotely  attacking  central  servers   steal  data for  impersonation 1 Physically  attacking  user   devices   misuse  them for   impersonation 6 Physically  attacking  user   devices steal  data for  impersonation 5 Remotely   attacking  lots  of   user  devices steal  data for   impersonation Remotely   attacking  lots  of   user  devices misuse  them for   impersonation Remotely   attacking  lots  of   user  devices misuse   authenticated   sessions 2 3 4 Scalable  attacks Physical  attacks   possible  on  lost  or stolen  devices ( 3%  in  the  US  in  2013)
  • 9. Summary 1. Passwords  are  insecure  and  inconvenient   especially  on  mobile  devices 2. Alternative  authentication   methods  are  silos  and   hence  don‘t  scale  to  large  scale  user  populations 3. The  required  security  level  of  the  authentication   depends  on  the  use 4. Risk  engines  need  information  about  the  explicit   authentication   security  for  good  decision  
  • 10. How does FIDO work? Device
  • 11. How does FIDO work? Private  key Public  key challenge (signed)   response Require  user  gesture before  private  key   can  be  used
  • 12. How does FIDO UAF work? … …SE
  • 13. How does FIDO UAF work? Can  recognize the  user   (i.e.  user  verification),  but   doesn’t  know  its  identity   attributes. Same  Authenticator   as  registered  before? Same  User  as   enrolled  before?
  • 14. How does FIDO UAF work? Identity  binding   to  be  done   outside  FIDO:  This  this   “John  Doe  with  customer   ID  X”. Can  recognize the  user   (i.e.  user  verification),  but   doesn’t  know  its  identity   attributes. Same  Authenticator   as  registered  before? Same  User  as   enrolled  before?
  • 15. How does FIDO UAF work? … …SE How  is  the  key  protected  (TPM,   SE,  TEE,  …)? Which  user  verification  method  is   used?
  • 16. Binding Keys to Apps Use  google.com  key Use  paypal.com  key Use  same  user  gesture (e.g.  same  finger  or  PIN) for  unlocking  each  private  key.
  • 17. FIDO  USER  DEVICE FIDO  CLIENT FIDO  AUTHENTICATOR BROWSER  /  APP FIDO Building Blocks ASM RELYING  PARTY Attestation  key Authentication   keys FIDO  SERVER METADATA   SERVICE WEB  APPLICATION Update Cryptographic   authentication  key   DB Authenticator   Metadata UAF  Protocol TLS  Server  Key
  • 18. Registration Overview FIDO AUTHENTICATOR FIDO SERVER FIDO CLIENT Send  Registration  Request: -­ Policy -­ Random  Challenge Start   registration Verify  user Generate  key  pair Sign  attestation  object: • Public  key • AAID • Random  Challenge • Name  of  relying  party Signed  by  attestation  key Verify  signature Check  AAID  against  policy Store  public  key AAID  =  Authenticator  Attestation   ID,  i.e.  model  ID Perform  legacy  authentication  first,  in  order  to  bind  authenticator  to  an  electronic  identity, then  perform  FIDO  registration.
  • 23. FIDO Authenticator FIDO Server Web   App App Prepare UAF Authentication Initiate   Authentication 1 Auth.  Request with  Challenge 2 0
  • 24. FIDO Server Web   App App Prepare UAF Authentication pat@example.com Pat  Johnson Initiate   Authentication 1 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) FIDO Authenticator Auth.  Request with  Challenge 2 0
  • 25. FIDO Server Web   App App Prepare UAF Authentication Pat  Johnson 650  Castro  Street Mountain  View,  CA  94041 United  States Initiate   Authentication 1 FIDO Authenticator 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) Auth. Response 4 Auth.  Request with  Challenge 2 0
  • 26. FIDO Server Web   App App Prepare UAF Authentication pat@example.com Pat  Johnson Payment  complete! Return  to  the  merchant’s  web   site  to  continue  shopping Return  to  the  merchant Initiate   Authentication 1 FIDO Authenticator 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) Auth.  Request with  Challenge 2 Auth.   Response 4 Success 5 0
  • 27. FIDO Server Browser  or   Native  App FIDO Authenticator Initiate  Transaction Authentication   Response +  Text  Hash,   signed  by  User’s  private  key Validate Response  &   Text  Hash  using User’s  Public  Key Authentication   Request  +   Transaction  Text 2 4 5 Device Relying  Party 1 3 Web   App Display  Text,  Verify   User  & Unlock  Private   Key (specific  to  User  +  RP  Webapp) Transaction Confirmation
  • 30. Convenience & Security Convenience Security Password Password  +  OTP FIDO In  FIDO: • Same  user  verification   method  for  all  servers In  FIDO:    Arbitrary  user   verification  methods  are   supported  (+  they  are   interoperable)
  • 31. Convenience & Security Convenience Security Password Password  +  OTP FIDO In  FIDO: • Only  public  keys  on  server • Not  phishable In  FIDO:    Scalable  security   depending  on  Authenticator   implementation
  • 32. What about rubber fingers? Protection  methods  in  FIDO 1. Attacker  needs  access  to  the  Authenticator  and  swipe  rubber   finger  on  it.    This  makes  it  a  non-­scalable  attack. 2. Authenticators  might  implement  presentation  attack  detection   methods. Remember: Creating  hundreds  of  millions  of  rubber  fingers  +  stealing  the  related   authenticators  is  expensive.    Stealing  hundreds  of  millions  of   passwords  from  a  server  has  low  cost  per  password.
  • 33. But I can’t revoke my finger… • Protection  methods  in  FIDO You  don’t  need  to  revoke  your  finger,  you  can  simply   de-­register  the  old  (=attacked)  authenticator.  Then,   1. Get  a  new  authenticator 2. Enroll  your  finger  (or  iris,  …)  to  it 3. Register  the  new  authenticator  to  the  service
  • 34. FIDO is used Today
  • 35. Conclusion • Different  authentication  use-­cases  lead  to  different   authentication   requirements • FIDO  separates  user  verification  from  authentication   and  hence  supports  all  user  verification  methods • FIDO  supports  scalable  convenience  &  security • User  verification  data  is  known  to  Authenticator  only • FIDO  complements  federation Todd  Thiemann,  Nok  Nok Labs,  tthiemann@noknok.com
  • 36. How does FIDO UAF work? 5.  Generate  key  pair  in   Authenticator  to  protect   against  phishing 7.  Verify  user  before   signing  authentication   response 4.  Provide  cryptographic   proof  of  authenticator   model 1.  Use  Metadata  to   understand  Authenticator     security  characteristic 2.  Define  policy  of   acceptable   Authenticators 6.  Use  site-­specific   keys  in  order  to  protect   privacy 3.  Store  public  keys  on   the  server   (no  secrets) 8.  Use  channel  binding  to   protect  against  MITM
  • 37. Registration Overview (2) Physical  Identity Virtual  Identity FIDO AUTHENTICATOR FIDO SERVER WEB Application {  userid=1234,   jane@mail.com, known  since  03/05/04, payment  history=xx,   …   } {  userid=1234,   pubkey=0x43246,  AAID=x +pubkey=0xfa4731,  AAID=y } Registration AAID  y key  for  foo.com:  0xfa4731 Relying  Party  foo.com Link  new   Authenticator  to   existing  userid “Know  Your  Customer”  rules Legacy  Authentication
  • 38. SIM  Card FIDO  Authenticator Attestation  Key Authentication  Key(s) Using Secure Hardware PIN   Verification PIN  Entry User Verification /   Presence
  • 39. Trusted  Execution  Environment  (TEE) FIDO  Authenticator  as  Trusted  Application  (TA) User  Verification  /  Presence Attestation  Key Authentication  Key(s) Store  at  Enrollment Compare  at  Authentication Unlock  after  comparison Client Side Biometrics
  • 40. Trusted  Execution  Environment   (TEE) Secure  Element Combining TEE and SE FIDO  Authenticator  as  Trusted  Application  (TA) Attestation  Key Authentication  Key(s) User  Verification     /  Presence Transaction   Confirmation   Display e.g.  GlobalPlatform   Trusted  UI