replacing passwords with fido2
play

Replacing passwords with FIDO2 Nils Amiet June 29, 2020 - PowerPoint PPT Presentation

Aug 06, 2023 •543 likes •1.19k views

Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet Research team @ 2 Passwords are a problem 71% of accounts are guarded by password used on multiple 62% of breaches involved the use of

  1. Replacing passwords with FIDO2 Nils Amiet June 29, 2020

  2. Who am I? ● Nils Amiet ● Research team @ 2

  3. Passwords are a problem “ 71% of accounts are guarded by password used on multiple “ 62% of breaches involved the use of stolen sites ” - TeleSign credentials, brute force or phishing ” - Verizon “ The vast majority of data breaches are caused by stolen or weak credentials ” - Kaspersky “ There is a consensus on the need to move away from passwords ” - “ 86% of users would like to replace Forrester work-related password with fingerprint recognition technology if given the option ” – Secret Double Octopus 3

  4. FIDO2 FIDO Alliance founded by: ● Developed by FIDO Alliance – FIDO = Fast IDentity Online Today, members also include: ● 2 specifications – FIDO2 = WebAuthn + CTAP ● Addresses multiple authentication use cases – Passwordless (single factor) – Multi factor (passwordless + PIN or biometrics) – Second factor (CTAP1 / U2F) ● Backwards compatible with U2F (Universal 2 nd Factor) standard 4

  5. Overview Client device with Server at Embedded or web browser domain.com ejectable (USB/NFC) ↔ Authenticator ↔ Client Relying party (RP) WebAuthn API CTAP2 API 5

  6. Purpose of these 2 specifications ● WebAuthn – For web browsers – Javascript API ● CTAP (Client To Authenticator Protocol) – API between client and authenticator ● Standard for all ejectable authenticators – Messages encoded in Concise Binary Object Representation (CBOR) format, RFC 7049 – Also for desktop apps, command-line apps 6

  7. Authenticators ● 2 authenticator types – Platform authenticator (Embedded/non-ejectable) ● Your smartphone ● Your laptop/desktop – Roaming authenticator (Ejectable) ● A security key (USB or NFC) ● Many vendors – Open source: Solo Key, see also: OpenSK ● Entry price about $20 USD 7

  8. 8

  9. How does it work? 9

  10. Registration 10

  11. Registration 1) Serve registration page that includes JavaScript 11

  12. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 12

  13. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 3) Call authenticator 13

  14. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 3) Call authenticator 4) User presence (UP) check, User verification (UV) check (optional) 14

  15. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 3) Call authenticator 4) User presence (UP) check, User verification (UV) check (optional) 5) Generate scoped key pair, Store private key , Return public key + attestation signature 15

  16. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 3) Call authenticator 4) User presence (UP) check, User verification (UV) check (optional) 5) Generate scoped key pair, Store private key , Return public key + attestation signature 16

  17. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 3) Call authenticator 4) User presence (UP) check, User verification (UV) check (optional) 6) Forward to RP 5) Generate scoped key pair, Store private key , Return public key + attestation signature 17

  18. Registration 2) User clicks 1) Serve registration page register button that includes JavaScript 3) Call authenticator 4) User presence (UP) check, User verification (UV) check (optional) 6) Forward to RP 7) Verify attestation, 5) Generate scoped key pair, Store public key Store private key , Return public key + attestation signature 18

  19. Authentication 19

  20. Authentication 1) Serve sign-in page that includes JavaScript 20

  21. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 21

  22. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 3) Call authenticator 22

  23. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 3) Call authenticator 4) UP + UV checks 23

  24. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 3) Call authenticator 4) UP + UV checks 5) Return assertion signature 24

  25. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 3) Call authenticator 4) UP + UV checks 5) Return assertion signature 25

  26. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 3) Call authenticator 4) UP + UV checks 6) Forward to RP 5) Return assertion signature 26

  27. Authentication 2) User clicks 1) Serve sign-in page sign-in button that includes JavaScript 3) Call authenticator 4) UP + UV checks 6) Forward to RP 7) Verify assertion , Authentication successful 5) Return assertion signature 27

  28. Actor responsibilities 28

  29. Authenticator main responsibilities ● User presence check – Tap authenticator ● User verification check (if supported) – PIN or biometrics – Yes, UV check is performed client-side (!) ● Generate and store credentials ● Produce signatures ( attestations and assertions ) 29

  30. Client main responsibilities ● Act as proxy between authenticator and relying party ● Few other things – Example: if multiple accounts ● Implement account selection logic 30

  31. Relying party main responsibilities ● Verify attestations ● Verify assertions ● Check initial options (UV, ...) ● Store public keys ● Generate and verify challenges (prevent replay attack) ● Make authentication decision: – Authenticator characteristics and compromise status – Clone detection 31

  32. Attestations 32

  33. Why do we need attestations? ● RP can trust authenticator is what it claims to be by: – Verifying attestation signature using pre-established chain of trust ● If trusted, RP can: – Verify authenticator security level – Build an authenticator acceptance policy – Trust authenticity of authenticator data (including UV flag) 33

  34. What is an attestation signature? ● Attestation is optional (!) ● Signature created during registration ● Signature is computed over: – Authenticator data (generated public key, AAGUID, UP, UV, etc.), and – Hash of client data (challenge, server origin, etc.) ● Multiple attestation types – Each attestation type provides a different trust model 34

  35. Attestation types ● Basic attestation ● Self attestation ● Attestation CA (AttCA) ● ECDAA ● None 35

  36. Basic attestation ● Attestation private key (burned in at factory) – Attestation certificate (contains public key) – Also certificate chain ● Privacy vs compromise impact : same attestation private key for ~100’000 authenticators of same model – Sweet spot for privacy and security – Ensure users cannot be tracked – Limit impact in case of attestation key compromise ● Key compromise impact – Cannot distinguish original authenticators and fake ones using leaked key – Authenticators registered before compromise are not impacted 36

  37. Self attestation ● Generate key pair ● Sign using generated private key – Similar to self-signed certificates ● Does not prove that the authenticator is what it claims to be (!) – Only proves ownership of public key 37

  38. Best attestation type? ● On paper, ECDAA for strict security policies – Banking, government ● ECDAA secure implementation is non-trivial ● Not every RP requires this security level ● In practice, may use Basic attestation , or not care about attestation at all ● Does not make a lot of sense to use complex attestation type with authenticators that do not provide strong protection against physical attacks 41

  39. Assertions (not attestations) 42

  40. What is an assertion signature? ● Signature created during sign-in ● Produced using generated private key ● Is verified by RP using corresponding public key ● Also computed over: – Authenticator data – Hash of client data ● Many possible public key algorithms 43

  41. APIs overview 44

  42. WebAuthn operations ● navigator.credentials.create () ● Parameter: PublicKeyCredentialCreationOptions – Delegates credential creation to authenticator – Receives attestation in response ● navigator.credentials.get () ● Parameter: PublicKeyCredentialRequestOptions – Asks authenticator for signature ● Extensions – appid (compatibility with U2F) – uvm (RP wants to know which UV method was used) – ... 45

  43. CTAP2 operations ● authenticatorMakeCredential Other operations ● – Get info (0x01) – Client PIN – Generate a new key pair – Reset – Return an attestation signature – CTAP 2.1 new operations ● Bio Enrollment (e.g. fingerprint) and a public key ● Credential management ● authenticatorGetAssertion – Vendor commands: 0x40 to 0xBF (0x02) Extensions ● – Return an assertion signature – hmac-secret using existing private key ● Example: password manager 46

  44. FIDO Metadata Service (MDS) 47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020 Caveat Auditor Background Passwords this talk contains opinions Diceware

447 views • 43 slides
You still use the password after all Exploring FIDO2 Security Keys in a Small Company

You still use the password after all Exploring FIDO2 Security Keys in a Small Company

You still use the password after all Exploring FIDO2 Security Keys in a Small Company Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Drmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

571 views • 11 slides
PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords Passwords is a user authentication mechanism that is widely adopted for many years Methods for user authentication: Something you know

901 views • 52 slides
Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

CSCE Intro to Computer Systems Security - Passwords Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not too long ago Hi, I forgot my password! Let me help you. What is your name? My Name is John

369 views • 5 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A S S W O R D F R O M H O M E ! Students: Update your password this summer from home! Student passwords were reset on 7/3/2019. Please follow the

525 views • 14 slides
Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random research, rants, etc. Nmap dev news Password database I post updates to Twitter https://twitter.com/iagox86 My job... Tenable Network Security

990 views • 88 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret Typical goal: client authenticating to server, without being tied to a device holding a cryptographic key. On authentication, a session key should be

344 views • 11 slides
The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of Passwords Motivation for Studying Passwords Outline Motivation for Studying Passwords 1 2 Overview of Password Failure

373 views • 36 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) October 26, 2000 people 2 Passwords initial password distribution (students)

559 views • 13 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) Slide 1 Passwords initial password distribution (students) limit password guessing

305 views • 7 slides
Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol,

Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol,

Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol, and Ashutosh Sharma California State University, Long Beach MobiSecServ Feb. 2015 Passwords CSU Long Beach 2 Most Popular Passwords of 2014*

683 views • 20 slides
OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE.

OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE.

The purpose of todays presentation is to provide tools in ARTS to help monitor activity within your office. OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE. Do not publicly post passwords.

332 views • 29 slides
Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb smb 1 Problem Area Clients and servers frequently store plaintext passwords Used for

289 views • 9 slides
G 2 Tensor Product Splines over Extraordinary Vertices Charles Loop Scott Schaefer Microsoft

G 2 Tensor Product Splines over Extraordinary Vertices Charles Loop Scott Schaefer Microsoft

G 2 Tensor Product Splines over Extraordinary Vertices Charles Loop Scott Schaefer Microsoft Research Texas A&M University Spline Rings Spline Rings Spline Rings Problems with Catmull-Clark Subdivision Composed of an infinite

438 views • 42 slides
Components and Projections

Components and Projections

7.7 Projections P. Danziger Components and Projections u v

457 views • 7 slides
Searches for new vacua II: A new higgstory at the cosmological collider Junwu Huang Perimeter

Searches for new vacua II: A new higgstory at the cosmological collider Junwu Huang Perimeter

Searches for new vacua II: A new higgstory at the cosmological collider Junwu Huang Perimeter Institute Aug, 2019 1904.00020 , 1907.10624 , 1908.00019 Anson Hook, Junwu Huang, Davide Racco Leaving no stones unturned! EW hierarchy problem

488 views • 26 slides
Depth First Search (DFS) Lecture 16 Thursday, October 26, 2017 Sariel Har-Peled (UIUC) CS374 1

Depth First Search (DFS) Lecture 16 Thursday, October 26, 2017 Sariel Har-Peled (UIUC) CS374 1

Algorithms & Models of Computation CS/ECE 374, Fall 2017 Depth First Search (DFS) Lecture 16 Thursday, October 26, 2017 Sariel Har-Peled (UIUC) CS374 1 Fall 2017 1 / 60 Today Two topics: Structure of directed graphs DFS and its

1.38k views • 103 slides
Higher derivative corrections from mixing color and kinematics Laurentiu Rodina IPhT, CEA

Higher derivative corrections from mixing color and kinematics Laurentiu Rodina IPhT, CEA

Higher derivative corrections from mixing color and kinematics Laurentiu Rodina IPhT, CEA Saclay with J.J. Carrasco, Z. Yin, S. Zekioglu December 12, 2019 QCD meets Gravity V Amplitude bootstrap without unitarity gauge Adler soft

181 views • 16 slides
STRUCTURED LOW-RANK MATRIX FACTORIZATION: GLOBAL OPTIMALITY, ALGORITHMS, AND APPLICATIONS ARTICLE

STRUCTURED LOW-RANK MATRIX FACTORIZATION: GLOBAL OPTIMALITY, ALGORITHMS, AND APPLICATIONS ARTICLE

1/20 STRUCTURED LOW-RANK MATRIX FACTORIZATION: GLOBAL OPTIMALITY, ALGORITHMS, AND APPLICATIONS ARTICLE BY BENJAMIN D. HAEFFELE AND REN VIDAL (2017) CMAP Machine Learning Journal Club Speaker: Imke Mayer , December 13 th 2018 CMAP 2/20

670 views • 27 slides
CS 4495 Computer Vision Features 1 Harris and other corners Aaron Bobick School of

CS 4495 Computer Vision Features 1 Harris and other corners Aaron Bobick School of

Features 1: Harris CS 4495 Computer Vision A. Bobick and other corners CS 4495 Computer Vision Features 1 Harris and other corners Aaron Bobick School of Interactive Computing Features 1: Harris CS 4495 Computer Vision A. Bobick

890 views • 75 slides
Maximum Flow The Maximum Flow Problem Given Directed graph G = ( V , E ) A capacity

Maximum Flow The Maximum Flow Problem Given Directed graph G = ( V , E ) A capacity

Maximum Flow The Maximum Flow Problem Given Directed graph G = ( V , E ) A capacity function c : E R + Two vertices s and t . s , t -Flow Function f : E R + such that f ( e ) c ( e ) , for all v V

169 views • 12 slides

More recommend