Tatyana-Arnaudova - English
- 1. Fast Identity Online /FIDO/ Tatyana Arnaudova
- 2. Contents: - Introduction - How FIDO works? - What Makes FIDO Different ? – Advantages and Disadvantages
- 3. FIDO's aim is that its specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC).
- 4. The USB security token device may be used to authenticate using a simple password or by pressing a button. Authentication over the wire happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds.The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.
- 5. FIDO Registration 1. User choose an available FIDO authenticator 2. User unlocks the FIDO authenticator 3. User’s device creates a new public/private key pair unique for the local device, online service and user’s account. 4. Public key is sent to the online service
- 6. FIDO Login 1. Login 2. User unlocks the FIDO authenticator using the same method as at Registration time 3. Device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge 4. Login complete
- 7. - User registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. Universal Authentication Framework (UAF) Protocol - Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN.
- 8. Universal Authentication Framework (UAF) Protocol
- 9. U2F – User Second Factor Protocol - U2F allows online services to increase the security of their existing password infrastructure by adding a strong second factor to user login. This factor allows the service to simplify its passwords (e.g. 4–digit PIN) without compromising security. -The user can use their FIDO U2F device across all online services that support the protocol leveraging built– in support in web browsers.
- 10. U2F – User Second Factor Protocol
- 12. The Mission of the FIDO Alliance is to change the nature of online authentication by: Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users. Operating industry programs to help ensure successful worldwide adoption of the Specifications. Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.
- 13. Disadvantages: - We need appropriate hardware; - Forget the device; Advantages: - Choice based on standards; - Users don't need to use complex password, deal with complex strong password rules and or go through recovery procedures when they forget a password; - Waterproof USB-Security Key device;
- 15. Sources: 1. https://fidoalliance.org 2. https://en.wikipedia.org/wiki/FIDO_Alliance 3. http://zonese7en.com/ostp-could-this-lead- to-the-elimination-of-passwords/ 4.http://searchsecurity.techtarget.com/definiti on/FIDO-Fast-Identity-Online
- 16. Thank you for your attention!