Case study of FIDO deployments from Yubico for U2F. From FIDO Alliance Seminar in Washington, D.C., in October, 2015. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

1. 1

2. U2F Case Study
Examining the U2F paradox

3. 3
What is Universal 2nd
Factor (U2F)?

4. 4
Simple, Secure, Scalable 2FA

5. 5
Didn’t We Solve This Already?
SMS OTP Devices
Coverage
Delay
Cost
Battery
Policy
One per site
Provisioning costs
Battery
Smart Cards
Readers/drivers
Middleware
Cost

6. 6
Bad User experience Still phishable
Users find it hard to use Successful attacks
carried out today
MitM
Successful attacks
carried out today
And...

7. 7
Why U2F?
• Simple
– To register and authenticate -- a simple touch!
– No drivers or client software to install
• Secure
– Public key cryptography
– Protects against phishing and man-in-the-middle
•Scalable
– One U2F device, many services
•Protects Privacy
– No secrets shared between service providers

8. 8
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Google Login With U2F

9. 9
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Dropbox Login With U2F

10. 10
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
GitHub Login With U2F

11. 11
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F

12. 12
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F

13. 13
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F

14. 14
Protocol Overview

15. Server sends challenge
1
Server receives and verifies device signature
using attestation cert5
Key handle and public key are stored in database6
Device generates key pair2
Device creates key handle3
Device signs challenge + client info4
Registration
Server sends challenge + key handle 1
Server receives and verifies using stored public key 4
Device unwraps/derives private key
from key handle 2
Device signs challenge + client info 3
Authentication
Individual with U2F Device
, Relying Party

16. 16
Protocol Design
Step-By-Step

17. 17
U2F
Device Client
Relying
Party
challenge
challenge
Sign
with
kpriv signature(challenge)
s
Check
signature (s)
using kpub
s
Lookup
kpub
Authentication

18. 18
U2F
Device Client
Relying
Party
challenge
challenge, origin, channel id
Sign
with kpriv
signature(c)
c, s
Check s
using kpub
Verify origin &
channel id
s
Lookup
kpub
Phishing/MitM Protection

19. 19
U2F
Device Client
Relying
Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
a
Check
app id
Lookup
the kpriv
associated
with h
Sign
with kpriv
signature(a,c)
c, s
Check s
using kpub
Verify origin &
channel id
s
h
Lookup
the kpub
associate
d with h
Application-Specific Keys

20. 20
U2F
Device Client
Relying
Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
a
Check
app id
Lookup
the kpriv
associated
with h
Sign
with kpriv
counter++
counter, signature(a,c, counter)
counter, c, s
Check s
using kpub
Verify origin,
channel id &
counter
s
h
Lookup
the kpub
associate
d with h
Device Cloning

21. 21
U2F
Device Client
Relying
Party
app id, challenge
a; challenge, origin, channel id, etc.
c
a
Check
app id
Generate:
kpub
kpriv
handle h kpub, h, attestation cert, signature(a,c,kpub,h)
c, kpub, h, attestation cert, s
Associate
kpub with
handle h
for user
s
Registration + Device Attestation

22. 22
Bad User
Experience
Still
Phishable
MitM
x xx
So How Did We Do?

23. 23
Resources
Strengthen 2 step verification with Security Key
Yubico Security Key
Yubico Libraries, Plugins, Sample Code,
Documentation
FIDO U2F Protocol Specification
Yubico Demo Server - Test U2F
Yubico Demo Server - Test Yubico OTP
Google security blog
yubico.com/security-key
developers.yubico.com
fidoalliance.org/specifications
demo.yubico.com/u2f
demo.yubico.com

24. 24
Questions, Comments
Derek Hanson
derek@yubico.com
@derekhanson
@yubico