U2F (Universal 2nd Factor) is a simple, secure, and scalable 2-factor authentication standard that uses public key cryptography. It protects against phishing and man-in-the-middle attacks by requiring the insertion of a security key that signs a challenge along with the website domain and TLS channel ID. U2F addresses limitations of SMS one-time passwords and smart cards by providing a user-friendly solution that is compatible across multiple services using only a single physical security key.

1. 1

2. U2F Case Study
Examining the U2F paradox

3. 3
What is Universal 2nd
Factor (U2F)?

4. 4
Simple, Secure, Scalable 2FA

5. 5
Didn’t We Solve This Already?
SMS OTP Devices
Coverage
Delay
Cost
Battery
Policy
One per site
Provisioning costs
Battery
Smart Cards
Readers/drivers
Middleware
Cost

6. 6
Bad User experience Still phishable
Users find it hard to use Successful attacks
carried out today
MitM
Successful attacks
carried out today
And...

7. 7
Why U2F?
• Simple
– To register and authenticate -- a simple touch!
– No drivers or client software to install
• Secure
– Public key cryptography
– Protects against phishing and man-in-the-middle
•Scalable
– One U2F device, many services
•Protects Privacy
– No secrets shared between service providers

8. 8
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Google Login With U2F

9. 9
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Dropbox Login With U2F

10. 10
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
GitHub Login With U2F

11. 11
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F

12. 12
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F

13. 13
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F

14. 14
Protocol Overview

15. Server sends challenge
1
Server receives and verifies device signature
using attestation cert
5
Key handle and public key are stored in database
6
Device generates key pair
2
Device creates key handle
3
Device signs challenge + client info
4
Registration
Server sends challenge + key handle
1
Server receives and verifies using stored public key
4
Device unwraps/derives private key
from key handle
2
Device signs challenge + client info
3
Authentication
Individual
with
U2F
Device
,
Relying
Party

16. 16
Protocol Design
Step-By-Step

17. 17
U2F
Device Client
Relying
Party
challenge
challenge
Sign
with
kpriv signature(challenge)
s
Check
signature (s)
using kpub
s
Lookup
kpub
Authentication

18. 18
U2F
Device Client
Relying
Party
challenge
challenge, origin, channel id
Sign
with kpriv
signature(c)
c, s
Check s
using kpub
Verify origin &
channel id
s
Lookup
kpub
Phishing/MitM Protection

19. 19
U2F
Device Client
Relying
Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
a
Check
app id
Lookup
the kpriv
associated
with h
Sign
with kpriv
signature(a,c)
c, s
Check s
using kpub
Verify origin &
channel id
s
h
Lookup
the kpub
associate
d with h
Application-Specific Keys

20. 20
U2F
Device Client
Relying
Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
a
Check
app id
Lookup
the kpriv
associated
with h
Sign
with kpriv
counter++
counter, signature(a,c, counter)
counter, c, s
Check s
using kpub
Verify origin,
channel id &
counter
s
h
Lookup
the kpub
associate
d with h
Device Cloning

21. 21
U2F
Device Client
Relying
Party
app id, challenge
a; challenge, origin, channel id, etc.
c
a
Check
app id
Generate:
kpub
kpriv
handle h kpub, h, attestation cert, signature(a,c,kpub,h)
c, kpub, h, attestation cert, s
Associate
kpub with
handle h
for user
s
Registration + Device Attestation

22. 22
Bad User
Experience
Still
Phishable
MitM
x x
x
So How Did We Do?

23. 23
Resources
Strengthen 2 step verification with Security Key
Yubico Security Key
Yubico Libraries, Plugins, Sample Code,
Documentation
FIDO U2F Protocol Specification
Yubico Demo Server - Test U2F
Yubico Demo Server - Test Yubico OTP
Google security blog
yubico.com/security-key
developers.yubico.com
fidoalliance.org/specifications
demo.yubico.com/u2f
demo.yubico.com

24. 24
Questions, Comments
Derek Hanson
derek@yubico.com
@derekhanson
@yubico