SlideShare a Scribd company logo

Webinar: Securing IoT with FIDO Authentication

Download as PPTX, PDF
FIDO Alliance
FIDO Alliance

IDC estimates that there will be 41.6 billion connected IoT devices by 2025, opening up opportunities for increased efficiencies and innovation across industries. Yet, lack of IoT security standards and typical processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attack. Last summer, the FIDO Alliance announced a new standards initiative to tackle these security issues in IoT. The Alliance’s IoT Technical Working Group aims to provide a comprehensive authentication framework for IoT devices in keeping with the fundamental mission of the Alliance – passwordless authentication. These webinar slides provide an update on this new work area, including: --How FIDO Authentication and existing specifications fit into the IoT ecosystem today --The charter and goals of the IoT TWG, including development of specifications for IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices; automated onboarding, and binding of applications and/or users to IoT devices; and IoT device authentication and provisioning via smart routers and IoT hubs --The progress of the working group to date, including the use case and target architectures the IoT TWG is looking at as a foundation for its specifications and certification program

Technology
1 of 31
© FIDO Alliance 2020 Securing IoT with FIDO Authentication March 17, 2020
© FIDO Alliance 202022
© FIDO Alliance 2020 Today’s Speakers 3 Andrew Shikiar Executive Director & CMO FIDO Alliance Giri Mandyam Senior Director for Technology Qualcomm Co-Chair, IoT TWG Dr. Rolf Lindemann Vice President, Products Nok Nok Labs
© FIDO Alliance 2020 • Introduction • FIDO & IoT • IoT TWG Update • Q&A 4
© FIDO Alliance 2020 FIDO & IoT: Introduction 5 Dr. Rolf Lindemann Vice President, Products Nok Nok Labs
© FIDO Alliance 20206 Source: HP Enterprise IoT Home Security Systems
© FIDO Alliance 2020 USA President’s Commission on Enhancing National Cyber Security UK National Cyber Security Strategy avoiding default passwords and moving to other authentication methods 7
© FIDO Alliance 202088 IoT Gateway Router 4 1 4 2 3 Cloud Services 1. User to Cloud 2. User to Device 3. Device to Cloud 4. Device to Device 2 3 2
© FIDO Alliance 202099 IoT Gateway Router 4 1 4 3 Cloud Services 2 3 2 1. User to Cloud 2. User to Device 3. Device to Cloud 4. Device to Device Already addressed 2
© FIDO Alliance 20201010 Authenticator FIDO REGISTRATIONUSER APPROVAL Public/private keypair is created Public key registered with account Signed AttestationObject Public Key Invitation to Register Require user gesture before private keys can be created Cloud Server or IoT Device FIDO RegistrationUser Gesture
© FIDO Alliance 20201111 Authenticator Require user gesture before private key can be used User Gesture FIDO Authentication Challenge (Signed) Response Private key dedicated to one app Public key Cloud Server or IoT Device
© FIDO Alliance 20201212 AuthenticatorUser Gesture FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key dedicated to one app Public key Nothing to remember, no friction added to transaction process 3 No secrets stored on the server / IoT device 1 Authenticator cannot be “tricked” by phishing 2 Single gesture convenience for User 4
© FIDO Alliance 20201313 IoT Gateway Router 4 1 4 3 Cloud Services 2 3 2 1. User to Cloud 2. User to Device 3. Device to Cloud 4. Device to Device Includes today’s topic: Passwordless Device Onboarding 2
© FIDO Alliance 2020 Senior Director for Technology Qualcomm Co-Chair, IoT TWG 14
© FIDO Alliance 202015
© FIDO Alliance 202016 IoT - Security breaches are a real issue Mirai Botnet attack Owlet Baby Monitor St Jude’s pacemaker
© FIDO Alliance 2020 Key challenge = secure and easy binding of the device to cloud application Cloud Applications Cloud Data Analytics Internet IoT Devices Network Gateway Gateway Node IoT Device IoT Device IoT Device IoT Device
© FIDO Alliance 2020 Why FIDO Alliance in the IoT Market ?
© FIDO Alliance 202019
© FIDO Alliance 202020
© FIDO Alliance 202021 The IoT TWG has been established to develop use cases, target architectures, and specifications covering the following topics: IoT Device Attestation/Authentication profiles to enable interoperability between relying parties and IoT devices, automated onboarding, and binding of applications and/or users to IoT devices, IoT device authentication and provisioning via smart routers and IoT hubs, and gap analysis and extensions/modifications (where necessary) of existing FIDO specifications related to IoT authentication, platforms and protocols.
© FIDO Alliance 20202222
© FIDO Alliance 20202323 Category 1 “Deployment” Category 2 “Binding” Category 3 “Enablement”
© FIDO Alliance 202024 R1 Open Solution R2 Automatic Onboarding R3 Authorization (to onboard) is end-to-end R4 Communications Independence R5 Late Binding R6 Permits Supply Chain Flexibility R7 Repurpose / Resale R8 Limit Correlation Attacks (Breadcrumbs) R9 Deferred Acceptance R10 Trusted and Untrusted Installer R11 Localized authentication R12 Internet, Home, Enterprise & Closed networks R13 IOT Owner need not be Network Owner R14 Target device range (CPU/RAM/UI/OS etc.)*
© FIDO Alliance 202025 Trusted Installer e.g. Consumer Untrusted installer e.g. Industrial Common late binding solution Temporary assignment of authority Enabling/disabling HW and/or SW features (outside of onboarding process) Enabling/disabling HW and/or SW features (at onboarding) Open, Closed network, network ownership etc 1 2 3 Disabling/re-sell
© FIDO Alliance 202026
© FIDO Alliance 2020 Wrap Up and Q&A
© FIDO Alliance 2020 1. If you have a user to cloud authentication use case 2. If you are an IoT device vendor wanting to get rid of shared default passwords 28 3. If you’re interested in the IoT work
© FIDO Alliance 202029 Q&A Andrew Shikiar Executive Director & CMO FIDO Alliance Giridhar Mandyam Senior Director for Technology Qualcomm Dr. Rolf Lindemann Vice President, Products Nok Nok Labs
© FIDO Alliance 2020 If we didn’t have time to answer your question, please reach out to us at help@fidoalliance.org The webinar recording and slides will be emailed to you and posted on fidoalliance.org Please stay on to take the survey at the conclusion of the webinar 30
© FIDO Alliance 2020 fidoalliance.org 31

Recommended

FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
FIDO Alliance
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
FIDO Alliance
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
FIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
FIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
OWASP Delhi
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO Authentication
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 

Recommended

FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
FIDO Alliance
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
FIDO Alliance
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
FIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
FIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
OWASP Delhi
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO Authentication
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
FIDO Alliance
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
FIDO Alliance
 
The FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsThe FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and News
FIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
FIDO Alliance
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
FIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
FIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
FIDO Alliance
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
FIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
FIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
FIDO Alliance
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO Authentication
FIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 
FIDO Overview: Status and Future
FIDO Overview: Status and FutureFIDO Overview: Status and Future
FIDO Overview: Status and Future
FIDO Alliance
 
Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in Education
FIDO Alliance
 
2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords
FIDO Alliance
 
FIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social Login
FIDO Alliance
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
Rob Dudley
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
FIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
FIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
FIDO Alliance
 

More Related Content

What's hot

FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 

What's hot (20)

FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
The FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsThe FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and News
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO Authentication
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
FIDO Overview: Status and Future
FIDO Overview: Status and FutureFIDO Overview: Status and Future
FIDO Overview: Status and Future
 
Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in Education
 
2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords2019 FIDO Seoul Seminar - Moving Beyond Passwords
2019 FIDO Seoul Seminar - Moving Beyond Passwords
 
FIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social Login
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
 

Similar to Webinar: Securing IoT with FIDO Authentication

The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
FIDO Alliance
 
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
Kim Holm
 
OPC UA Inside Out Part 3 - Edge Devices
OPC UA Inside Out Part 3 - Edge DevicesOPC UA Inside Out Part 3 - Edge Devices
OPC UA Inside Out Part 3 - Edge Devices
Sadatulla Zishan
 
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
gogo6
 

Similar to Webinar: Securing IoT with FIDO Authentication (20)

Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
 
Solving the IoT Challenge
Solving the IoT ChallengeSolving the IoT Challenge
Solving the IoT Challenge
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
FTNT_Icon-Library-External-February-2023.pptx
FTNT_Icon-Library-External-February-2023.pptxFTNT_Icon-Library-External-February-2023.pptx
FTNT_Icon-Library-External-February-2023.pptx
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
FTNT_Icon-Library-External-June-2022.pptx
FTNT_Icon-Library-External-June-2022.pptxFTNT_Icon-Library-External-June-2022.pptx
FTNT_Icon-Library-External-June-2022.pptx
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
 
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
20090620 CWID EDI-gateway (EDI) Identity Management (IDM) US
 
OPC UA Inside Out Part 3 - Edge Devices
OPC UA Inside Out Part 3 - Edge DevicesOPC UA Inside Out Part 3 - Edge Devices
OPC UA Inside Out Part 3 - Edge Devices
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
 
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
 
Factors You Should Consider if Building an IIoT Solution
Factors You Should Consider if Building an IIoT SolutionFactors You Should Consider if Building an IIoT Solution
Factors You Should Consider if Building an IIoT Solution
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS )
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
 
Report the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxReport the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptx
 

More from FIDO Alliance

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
FIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 
20200303 ISR プライベートセミナー:パスワードのいらない世界へ
20200303 ISR プライベートセミナー:パスワードのいらない世界へ20200303 ISR プライベートセミナー:パスワードのいらない世界へ
20200303 ISR プライベートセミナー:パスワードのいらない世界へ
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Webinar: Securing IoT with FIDO Authentication

  • 1. © FIDO Alliance 2020 Securing IoT with FIDO Authentication March 17, 2020
  • 3. © FIDO Alliance 2020 Today’s Speakers 3 Andrew Shikiar Executive Director & CMO FIDO Alliance Giri Mandyam Senior Director for Technology Qualcomm Co-Chair, IoT TWG Dr. Rolf Lindemann Vice President, Products Nok Nok Labs
  • 4. © FIDO Alliance 2020 • Introduction • FIDO & IoT • IoT TWG Update • Q&A 4
  • 5. © FIDO Alliance 2020 FIDO & IoT: Introduction 5 Dr. Rolf Lindemann Vice President, Products Nok Nok Labs
  • 6. © FIDO Alliance 20206 Source: HP Enterprise IoT Home Security Systems
  • 7. © FIDO Alliance 2020 USA President’s Commission on Enhancing National Cyber Security UK National Cyber Security Strategy avoiding default passwords and moving to other authentication methods 7
  • 8. © FIDO Alliance 202088 IoT Gateway Router 4 1 4 2 3 Cloud Services 1. User to Cloud 2. User to Device 3. Device to Cloud 4. Device to Device 2 3 2
  • 9. © FIDO Alliance 202099 IoT Gateway Router 4 1 4 3 Cloud Services 2 3 2 1. User to Cloud 2. User to Device 3. Device to Cloud 4. Device to Device Already addressed 2
  • 10. © FIDO Alliance 20201010 Authenticator FIDO REGISTRATIONUSER APPROVAL Public/private keypair is created Public key registered with account Signed AttestationObject Public Key Invitation to Register Require user gesture before private keys can be created Cloud Server or IoT Device FIDO RegistrationUser Gesture
  • 11. © FIDO Alliance 20201111 Authenticator Require user gesture before private key can be used User Gesture FIDO Authentication Challenge (Signed) Response Private key dedicated to one app Public key Cloud Server or IoT Device
  • 12. © FIDO Alliance 20201212 AuthenticatorUser Gesture FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key dedicated to one app Public key Nothing to remember, no friction added to transaction process 3 No secrets stored on the server / IoT device 1 Authenticator cannot be “tricked” by phishing 2 Single gesture convenience for User 4
  • 13. © FIDO Alliance 20201313 IoT Gateway Router 4 1 4 3 Cloud Services 2 3 2 1. User to Cloud 2. User to Device 3. Device to Cloud 4. Device to Device Includes today’s topic: Passwordless Device Onboarding 2
  • 14. © FIDO Alliance 2020 Senior Director for Technology Qualcomm Co-Chair, IoT TWG 14
  • 16. © FIDO Alliance 202016 IoT - Security breaches are a real issue Mirai Botnet attack Owlet Baby Monitor St Jude’s pacemaker
  • 17. © FIDO Alliance 2020 Key challenge = secure and easy binding of the device to cloud application Cloud Applications Cloud Data Analytics Internet IoT Devices Network Gateway Gateway Node IoT Device IoT Device IoT Device IoT Device
  • 18. © FIDO Alliance 2020 Why FIDO Alliance in the IoT Market ?
  • 21. © FIDO Alliance 202021 The IoT TWG has been established to develop use cases, target architectures, and specifications covering the following topics: IoT Device Attestation/Authentication profiles to enable interoperability between relying parties and IoT devices, automated onboarding, and binding of applications and/or users to IoT devices, IoT device authentication and provisioning via smart routers and IoT hubs, and gap analysis and extensions/modifications (where necessary) of existing FIDO specifications related to IoT authentication, platforms and protocols.
  • 22. © FIDO Alliance 20202222
  • 23. © FIDO Alliance 20202323 Category 1 “Deployment” Category 2 “Binding” Category 3 “Enablement”
  • 24. © FIDO Alliance 202024 R1 Open Solution R2 Automatic Onboarding R3 Authorization (to onboard) is end-to-end R4 Communications Independence R5 Late Binding R6 Permits Supply Chain Flexibility R7 Repurpose / Resale R8 Limit Correlation Attacks (Breadcrumbs) R9 Deferred Acceptance R10 Trusted and Untrusted Installer R11 Localized authentication R12 Internet, Home, Enterprise & Closed networks R13 IOT Owner need not be Network Owner R14 Target device range (CPU/RAM/UI/OS etc.)*
  • 25. © FIDO Alliance 202025 Trusted Installer e.g. Consumer Untrusted installer e.g. Industrial Common late binding solution Temporary assignment of authority Enabling/disabling HW and/or SW features (outside of onboarding process) Enabling/disabling HW and/or SW features (at onboarding) Open, Closed network, network ownership etc 1 2 3 Disabling/re-sell
  • 27. © FIDO Alliance 2020 Wrap Up and Q&A
  • 28. © FIDO Alliance 2020 1. If you have a user to cloud authentication use case 2. If you are an IoT device vendor wanting to get rid of shared default passwords 28 3. If you’re interested in the IoT work
  • 29. © FIDO Alliance 202029 Q&A Andrew Shikiar Executive Director & CMO FIDO Alliance Giridhar Mandyam Senior Director for Technology Qualcomm Dr. Rolf Lindemann Vice President, Products Nok Nok Labs
  • 30. © FIDO Alliance 2020 If we didn’t have time to answer your question, please reach out to us at help@fidoalliance.org The webinar recording and slides will be emailed to you and posted on fidoalliance.org Please stay on to take the survey at the conclusion of the webinar 30
  • 31. © FIDO Alliance 2020 fidoalliance.org 31

Editor's Notes

  1. You might remember the distributed denial of service attack in 2016. It was powered by lots of small IoT devices – cameras and DVRs. They could be hacked because of weak authentication. These devices had hardcoded usernames and passwords allowing attackers to get misuse those device for running an attack were the issue. More than a hundred thousand devices have been used in the botnet (see https://twitter.com/olesovhcom/status/778830571677978624). Left: https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/ [click] But cameras and DVRs are not the only vulnerable device type. HP analyzed home security systems and found that none of them required a strong password and that traditional two-factor authentication was supported by only one. Right: HP Enterprise IoT Home Security Systems, 2015 https://s3.amazonaws.com/storage.pardot.com/28912/69170/IoT_Home_Security_Systems.pdf [click] And this issue is so general that OWASP included „insufficient authentication and authorization“ in their top 10 IoT vulnerabilities list in 2014. Middle: OWASP Top 10 IoT Vulnerabilities 2014
  2. several different orgs banding together on standards but nothing for everyone Each sector’s needs are different, and each company may have different systems and needs around protecting their systems and data.
  3. ANDREW