SlideShare une entreprise Scribd logo

U2F/FIDO2 implementation of YubiKey

Télécharger en tant que PPTX, PDF
H
Haniyama Wataru

発表する場所が無かったので供養… 個人の調査に基づいたものであり、Yubicoの見解ではありません。

Logiciels
1  sur  77
YubiKey の U2F, FIDO2 実装のナカミ U2F/FIDO2 implementation of YubiKey
Wataru Haniyama @watahani 3 years ago… I worked at book store
マニアックな 話します https://developers.yubico.com/U2F/Protocol_details/Key_generation.html
Implementation of U2F Host Library It’s interesting looking FIDO2 overall from U2F (^^)/
TODAY I talk about U2F
TODAY I talk about U2F and FIDO2
using publicKey
CTAP1 Security Points Check App ID in Authenticator, Client, Server Make Private Key for Each Applications
Yubico’s Implementation U2F https://developers.yubico.com/U2F/Protocol_details/Key_generation.html
rpId, challengerpId, clientData CredID, Public key CredID, Public key AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId RP Hash of ClientData { type: “webauthn.create” origin: “example.com”, challenge: “xxxxxxxxx”, tokenBinding: { status: …} }
Registration Generate Random Nonce RNG Device Secret App ID Challenge HMAC 0 0 0 0 https://developers.yubico.com/U2F/Protocol_details/Key_generation.html Response Attestation Certificate Attestation Secret
Registration Generate Random Nonce RNG Nonce App ID App ID Challenge Generate Application Private Key HMAC 0 0 0 0 https://developers.yubico.com/U2F/Protocol_details/Key_generation.html Response Device Secret
Registration Generate Random Nonce RNG Nonce Application Private Key Application Public Key App ID App ID Challenge Generate Application Private Key HMAC 0 0 0 0 https://developers.yubico.com/U2F/Protocol_details/Key_generation.html ECDSA P-256 Response Device Secret
Yubico’s Implementation U2F Generate Credential ID Application Private Key Application Public Key Nonce App ID Challenge HMAC 0 0 0 0 Response Device Secret
Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Nonce App ID Challenge HMAC 0 0 0 0 Response Device Secret Application Public Key
Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Nonce App ID Challenge HMAC 0 0 0 0 Nonce Response Device Secret Application Public Key
Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Credential ID Nonce App ID Challenge HMAC 0 0 0 0 Nonce Response Device Secret Application Public Key
Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Credential ID Nonce App ID Challenge HMAC 0 0 0 0 Nonce Response Device Secret Application Public Key U2F protocol KeyHandle
Attestation Statement fido-u2f Attestation Certificate Credential ID ECDSAP256 App ID Challenge 0 0 0 0 Response Attestation Secret Application Public Key
Attestation Statement fido-u2f Attestation Certificate Credential ID ECDSAP256 App ID App ID Challenge 0 0 0 0 Challenge Client Data Response Attestation Secret Application Public Key
Attestation Statement fido-u2f Credential ID ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data 0 0 0 0 Response Application Public Key Attestation Certificate Attestation Secret
Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID Attestation Signature Application Private Key Application Public Key ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data https://www.w3.org/TR/webauthn/#fido-u2f-attestation 0 0 0 0Attestation Secret
Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID Attestation Signature Application Private Key Application Public Key ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data https://www.w3.org/TR/webauthn/#fido-u2f-attestation 0 0 0 0 Certificate: Data: Version: 3 (0x2) Serial Number: 305582463 (0x1236d17f) Signature Algorithm: sha256WithRSAEncryption Issuer: CN = Yubico U2F Root CA Serial 457200631 Validity Not Before: Aug 1 00:00:00 2014 GMT Not After : Sep 4 00:00:00 2050 GMT Subject: CN = Yubico U2F EE Serial 23925734103241087 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d3:65:a9:1e:5e:99:e0:d5:b4:39:c0:d9:af:bb: 87:f4:05:8e:47:dd:12:b1:44:ed:b1:4d:2b:33:f8: d3:5c:15:13:e4:0d:79:f0:f9:99:ab:e2:36:71:95: 93:81:c9:dc:2b:07:85:8b:82:ac:63:47:62:04:cc: f7:34:d6:ae:21 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: 1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.5 1.3.6.1.4.1.45724.2.1.1: ... Signature Algorithm: sha256WithRSAEncryption 22:1b:9b:b3:b2:72:24:f1:3e:be:a3:22:… SHA1 Fingerprint=5C:5C:14:02:D0:9B:7D:3D:FE:C3:79:3F:C9:E6:33:49:57:81:46:C0 Attestation Secret Signed by Yubico Root CA
Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID Attestation Signature ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data 0 0 0 0 Attestation Certificate Response Attestation Secret Application Public Key
Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data 0 0 0 0 Response Attestation Secret Application Public Key Attestation Signature Attestation Certificate
rpId, challenge, CredIDrpId, clientData CredID, sign CredID, clientData Authentication CredID CredID sign Kpriv RP Hash of ClientData { type: “webauthn.get” origin: “example.com”, challenge: “xxxxxxxxx”, tokenBinding: { status: …} }
Authentication re-generate private key Generate Private Key from Credential ID Credential ID Attestation Certificate App ID Challenge Credential ID HASH MACNonce App ID HMAC 0 0 0 0Device Secret Attestation Secret
Authentication re-generate private key Generate Private Key from Credential ID Credential ID Attestation Certificate App ID Challenge Credential ID HASH MACNonce Nonce App ID HMAC 0 0 0 0Device Secret Attestation Secret
Authentication re-generate private key Generate Private Key from Credential ID Credential ID Attestation Certificate App ID Challenge Credential ID HASH MACNonce Nonce App ID Application Private Key HMAC 0 0 0 0Device Secret Attestation Secret
Authentication verify private key Credential ID Attestation Certificate App ID Challenge Credential ID Nonce Application Private Key HMAC HASH MACNonce 0 0 0 0 Application Private Key Device Secret Attestation Secret
Authentication verify private key Credential ID Attestation Certificate App ID Challenge Credential ID Nonce Application Private Key HASH MAC HMAC HASH MACNonce 0 0 0 0Device Secret Attestation Secret
Authentication verify private key Check HMAC Credential ID Attestation Certificate App ID Challenge Credential ID Nonce Application Private Key HASH MAC HMAC HASH MACNonce 0 0 0 0Device Secret Attestation Secret
Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 Attestation Secret
Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 0 0 0 1 Attestation Secret
Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 UP Attestation Secret
Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 Signature 0 0 0 1 Attestation Secret
Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 Signature 0 0 0 1 0 0 0 1 Attestation Secret
using publicKey Credential ID
What’s difference
Extensions Resident Space Space New Security Key (FIDO2 Spec) Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
Extensions Resident Space Space PIN Support Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
Extensions Resident Space Space Resident Key Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
Extensions Resident Space Space AAGUID Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
Attestation Secret Device SecretExtensions Resident Space Space Support CTAP2 Extensions (hmac-secret) Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#sctn-hmac-secret-extension
Resident Key (FIDO2 Spec) Attestation Certificate Credential IDApp ID User Info Handle AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret
rpId, challengerpId, clientData CredID, Public key CredID, Public key AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId RP Hash of ClientData { type: “webauthn.create” origin: “example.com”, challenge: “xxxxxxxxx”, tokenBinding: { status: …} }
rpId, challengerpId, clientData CredID, Public key CredID, Public key AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info RP
rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info CTAP RP
rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info CTAP RP
rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info ****** PIN CTAP RP
rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info rpId User Info CredID ****** PIN CTAP ****** PIN Store Credential of www.example.com ? RP
rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info rpId User Info CredID ****** PIN CTAP ****** PIN Store Credential of www.example.com ? RP
Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info WebAuthn spec!
Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info App ID Challenge RNG Nonce
Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID Application Public Key App ID Challenge RNG Nonce
Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID Application Public Key Credential ID App ID User Info
Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID App ID User Info 必須なのは User Handle のみ
Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID App ID User Info 必須なのは User Handle のみ
rpId, challenge, CredIDrpId, clientData CredID, sign CredID, clientData Hash { origin: “example.com”, challenge: “xxxxxxxxx” } Authentication CredID CredID sign Kpriv RP Check rpId
CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP rpId, challenge, CredID Resident Key PIN Support rpId, clientData CredID Optional
rpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP rpId, challenge, CredID [空にする]
rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP CTAP
rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP CTAP
rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP CTAP User Info
rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN User Info User Info login rpId RP ユーザ情報が複数ある場合 はリスト表示される
rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN user.id userHandleUser Info User Info login rpId RP
rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN user.id userHandleUser Info User Info login rpId RP userHandle Kpub
Authentication Attestation Certificate App ID Challenge AAGUID 0 0 0 0Extensions Device Secret Attestation Secret RP doesn’t send Credential ID when id-less authentication Credential ID Resident Space Space Credential ID App ID User Info
Authentication Attestation Certificate App ID AAGUID 0 0 0 0Extensions Device Secret Attestation Secret Authenticator list credentials for specific AppID after User Info Verification(or User Info Presence) Challenge Resident Space Space Credential ID App ID User Info ******
Origin bound Stored Credentials
Authenticate Attestation Certificate App ID Challenge AAGUID 0 0 0 0Extensions Device Secret Attestation Secret Credential ID Application Private Key Resident Space Space Credential ID App ID User Info
Authenticate Attestation Certificate App ID Challenge AAGUID 0 0 0 0Extensions Device Secret Attestation Secret Credential ID Application Private Key Resident Space Space Credential ID App ID User Info
FIDO2 • Single factor Authentication Credential Management API Support PublicKey Crypto • 2nd Factor Authentication WebAuthn Support both CTAP1 and CTAP2 • Multi-Factor: Passwordless + PIN or Biometric CTAP2 Support User Info Verification
Thank you

Recommandé

Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 

Recommandé

Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Haniyama Wataru
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
認証サービスへのWebAuthnの導入
認証サービスへのWebAuthnの導入認証サービスへのWebAuthnの導入
認証サービスへのWebAuthnの導入TakashiTsukamoto4
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?Thomas Konrad
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ーNaoto Miyachi
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례Lee Ji Eun
 
Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Blueboxer2014
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 

Contenu connexe

Tendances

2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Haniyama Wataru
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
認証サービスへのWebAuthnの導入
認証サービスへのWebAuthnの導入認証サービスへのWebAuthnの導入
認証サービスへのWebAuthnの導入TakashiTsukamoto4
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?Thomas Konrad
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ーNaoto Miyachi
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례Lee Ji Eun
 

Tendances (20)

2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
認証サービスへのWebAuthnの導入
認証サービスへのWebAuthnの導入認証サービスへのWebAuthnの導入
認証サービスへのWebAuthnの導入
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
 
認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례
 

Similaire à U2F/FIDO2 implementation of YubiKey

Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Blueboxer2014
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Fast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standardsFast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standards.NET Crowd
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24Nov Matake
 
Catching Pitfalls in Authentication Implementations (Yuchen Zhou)
Catching Pitfalls in Authentication Implementations (Yuchen Zhou)Catching Pitfalls in Authentication Implementations (Yuchen Zhou)
Catching Pitfalls in Authentication Implementations (Yuchen Zhou)David Evans
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedinovia
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxgilpinleeanna
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 

Similaire à U2F/FIDO2 implementation of YubiKey (20)

Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Android Vulnerability: Fake ID
Android Vulnerability: Fake ID
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
Fast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standardsFast IDentity Online New wave of open authentication standards
Fast IDentity Online New wave of open authentication standards
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24
 
Catching Pitfalls in Authentication Implementations (Yuchen Zhou)
Catching Pitfalls in Authentication Implementations (Yuchen Zhou)Catching Pitfalls in Authentication Implementations (Yuchen Zhou)
Catching Pitfalls in Authentication Implementations (Yuchen Zhou)
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explained
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign On
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 

Dernier

LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 

Dernier (20)

LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 

U2F/FIDO2 implementation of YubiKey

  • 1. YubiKey の U2F, FIDO2 実装のナカミ U2F/FIDO2 implementation of YubiKey
  • 2. Wataru Haniyama @watahani 3 years ago… I worked at book store
  • 4. Implementation of U2F Host Library It’s interesting looking FIDO2 overall from U2F (^^)/
  • 5. TODAY I talk about U2F
  • 6. TODAY I talk about U2F and FIDO2
  • 8. CTAP1 Security Points Check App ID in Authenticator, Client, Server Make Private Key for Each Applications
  • 10. rpId, challengerpId, clientData CredID, Public key CredID, Public key AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId RP Hash of ClientData { type: “webauthn.create” origin: “example.com”, challenge: “xxxxxxxxx”, tokenBinding: { status: …} }
  • 11. Registration Generate Random Nonce RNG Device Secret App ID Challenge HMAC 0 0 0 0 https://developers.yubico.com/U2F/Protocol_details/Key_generation.html Response Attestation Certificate Attestation Secret
  • 12. Registration Generate Random Nonce RNG Nonce App ID App ID Challenge Generate Application Private Key HMAC 0 0 0 0 https://developers.yubico.com/U2F/Protocol_details/Key_generation.html Response Device Secret
  • 13. Registration Generate Random Nonce RNG Nonce Application Private Key Application Public Key App ID App ID Challenge Generate Application Private Key HMAC 0 0 0 0 https://developers.yubico.com/U2F/Protocol_details/Key_generation.html ECDSA P-256 Response Device Secret
  • 14. Yubico’s Implementation U2F Generate Credential ID Application Private Key Application Public Key Nonce App ID Challenge HMAC 0 0 0 0 Response Device Secret
  • 15. Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Nonce App ID Challenge HMAC 0 0 0 0 Response Device Secret Application Public Key
  • 16. Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Nonce App ID Challenge HMAC 0 0 0 0 Nonce Response Device Secret Application Public Key
  • 17. Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Credential ID Nonce App ID Challenge HMAC 0 0 0 0 Nonce Response Device Secret Application Public Key
  • 18. Yubico’s Implementation U2F Generate Credential ID HASH MAC Application Private Key Credential ID Nonce App ID Challenge HMAC 0 0 0 0 Nonce Response Device Secret Application Public Key U2F protocol KeyHandle
  • 19. Attestation Statement fido-u2f Attestation Certificate Credential ID ECDSAP256 App ID Challenge 0 0 0 0 Response Attestation Secret Application Public Key
  • 20. Attestation Statement fido-u2f Attestation Certificate Credential ID ECDSAP256 App ID App ID Challenge 0 0 0 0 Challenge Client Data Response Attestation Secret Application Public Key
  • 21. Attestation Statement fido-u2f Credential ID ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data 0 0 0 0 Response Application Public Key Attestation Certificate Attestation Secret
  • 22. Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID Attestation Signature Application Private Key Application Public Key ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data https://www.w3.org/TR/webauthn/#fido-u2f-attestation 0 0 0 0Attestation Secret
  • 23. Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID Attestation Signature Application Private Key Application Public Key ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data https://www.w3.org/TR/webauthn/#fido-u2f-attestation 0 0 0 0 Certificate: Data: Version: 3 (0x2) Serial Number: 305582463 (0x1236d17f) Signature Algorithm: sha256WithRSAEncryption Issuer: CN = Yubico U2F Root CA Serial 457200631 Validity Not Before: Aug 1 00:00:00 2014 GMT Not After : Sep 4 00:00:00 2050 GMT Subject: CN = Yubico U2F EE Serial 23925734103241087 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d3:65:a9:1e:5e:99:e0:d5:b4:39:c0:d9:af:bb: 87:f4:05:8e:47:dd:12:b1:44:ed:b1:4d:2b:33:f8: d3:5c:15:13:e4:0d:79:f0:f9:99:ab:e2:36:71:95: 93:81:c9:dc:2b:07:85:8b:82:ac:63:47:62:04:cc: f7:34:d6:ae:21 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: 1.3.6.1.4.1.41482.2: 1.3.6.1.4.1.41482.1.5 1.3.6.1.4.1.45724.2.1.1: ... Signature Algorithm: sha256WithRSAEncryption 22:1b:9b:b3:b2:72:24:f1:3e:be:a3:22:… SHA1 Fingerprint=5C:5C:14:02:D0:9B:7D:3D:FE:C3:79:3F:C9:E6:33:49:57:81:46:C0 Attestation Secret Signed by Yubico Root CA
  • 24. Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID Attestation Signature ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data 0 0 0 0 Attestation Certificate Response Attestation Secret Application Public Key
  • 25. Attestation Statement fido-u2f Signing by Device Secret Attestation Certificate Credential ID ECDSAP256 Application Public Key Credential ID App ID Challenge App ID Challenge Client Data 0 0 0 0 Response Attestation Secret Application Public Key Attestation Signature Attestation Certificate
  • 26. rpId, challenge, CredIDrpId, clientData CredID, sign CredID, clientData Authentication CredID CredID sign Kpriv RP Hash of ClientData { type: “webauthn.get” origin: “example.com”, challenge: “xxxxxxxxx”, tokenBinding: { status: …} }
  • 27. Authentication re-generate private key Generate Private Key from Credential ID Credential ID Attestation Certificate App ID Challenge Credential ID HASH MACNonce App ID HMAC 0 0 0 0Device Secret Attestation Secret
  • 28. Authentication re-generate private key Generate Private Key from Credential ID Credential ID Attestation Certificate App ID Challenge Credential ID HASH MACNonce Nonce App ID HMAC 0 0 0 0Device Secret Attestation Secret
  • 29. Authentication re-generate private key Generate Private Key from Credential ID Credential ID Attestation Certificate App ID Challenge Credential ID HASH MACNonce Nonce App ID Application Private Key HMAC 0 0 0 0Device Secret Attestation Secret
  • 30. Authentication verify private key Credential ID Attestation Certificate App ID Challenge Credential ID Nonce Application Private Key HMAC HASH MACNonce 0 0 0 0 Application Private Key Device Secret Attestation Secret
  • 31. Authentication verify private key Credential ID Attestation Certificate App ID Challenge Credential ID Nonce Application Private Key HASH MAC HMAC HASH MACNonce 0 0 0 0Device Secret Attestation Secret
  • 32. Authentication verify private key Check HMAC Credential ID Attestation Certificate App ID Challenge Credential ID Nonce Application Private Key HASH MAC HMAC HASH MACNonce 0 0 0 0Device Secret Attestation Secret
  • 33. Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 Attestation Secret
  • 34. Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 0 0 0 1 Attestation Secret
  • 35. Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 1 UP Attestation Secret
  • 36. Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 Signature 0 0 0 1 Attestation Secret
  • 37. Authentication signature Attestation Certificate App ID Challenge Credential ID Application Private Key ECDSA App ID Challenge 0 0 0 1 Signature 0 0 0 1 0 0 0 1 Attestation Secret
  • 40.
  • 41. Extensions Resident Space Space New Security Key (FIDO2 Spec) Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
  • 42. Extensions Resident Space Space PIN Support Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
  • 43. Extensions Resident Space Space Resident Key Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
  • 44. Extensions Resident Space Space AAGUID Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support Device Secret Attestation Secret
  • 45. Attestation Secret Device SecretExtensions Resident Space Space Support CTAP2 Extensions (hmac-secret) Attestation CertificateAAGUID 0 0 0 0 ****** PIN Support https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#sctn-hmac-secret-extension
  • 46. Resident Key (FIDO2 Spec) Attestation Certificate Credential IDApp ID User Info Handle AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret
  • 47. rpId, challengerpId, clientData CredID, Public key CredID, Public key AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId RP Hash of ClientData { type: “webauthn.create” origin: “example.com”, challenge: “xxxxxxxxx”, tokenBinding: { status: …} }
  • 48. rpId, challengerpId, clientData CredID, Public key CredID, Public key AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info RP
  • 49. rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info CTAP RP
  • 50. rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info CTAP RP
  • 51. rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info ****** PIN CTAP RP
  • 52. rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info rpId User Info CredID ****** PIN CTAP ****** PIN Store Credential of www.example.com ? RP
  • 53. rpId, challengerpId, clientData CredID, Public key CredID, Public key authenticatorSelection: { userVerification: “required“, requireResidentKey: true, authenticatorAttachment: “cross-platform” } AttestationAttestation Registration clientData Check rpId Generate Key-pair for rpId User Info,User Info rpId User Info CredID ****** PIN CTAP ****** PIN Store Credential of www.example.com ? RP
  • 54. Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info WebAuthn spec!
  • 55. Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info App ID Challenge RNG Nonce
  • 56. Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID Application Public Key App ID Challenge RNG Nonce
  • 57. Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID Application Public Key Credential ID App ID User Info
  • 58. Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID App ID User Info 必須なのは User Handle のみ
  • 59. Registration with Resident Key Attestation Certificate App ID Challenge AAGUID 0 0 0 0 Resident Space Space Extensions Device Secret Attestation Secret User Info Credential ID App ID User Info 必須なのは User Handle のみ
  • 60. rpId, challenge, CredIDrpId, clientData CredID, sign CredID, clientData Hash { origin: “example.com”, challenge: “xxxxxxxxx” } Authentication CredID CredID sign Kpriv RP Check rpId
  • 61. CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP rpId, challenge, CredID Resident Key PIN Support rpId, clientData CredID Optional
  • 62. rpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP rpId, challenge, CredID [空にする]
  • 63. rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP CTAP
  • 64. rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP CTAP
  • 65. rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN rpId RP CTAP User Info
  • 66. rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN User Info User Info login rpId RP ユーザ情報が複数ある場合 はリスト表示される
  • 67. rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN user.id userHandleUser Info User Info login rpId RP
  • 68. rpId, challengerpId, clientData CredID, sign CredID, clientData Authentication CredID sign Kpriv User Info CredID ****** PIN user.id userHandleUser Info User Info login rpId RP userHandle Kpub
  • 69. Authentication Attestation Certificate App ID Challenge AAGUID 0 0 0 0Extensions Device Secret Attestation Secret RP doesn’t send Credential ID when id-less authentication Credential ID Resident Space Space Credential ID App ID User Info
  • 70. Authentication Attestation Certificate App ID AAGUID 0 0 0 0Extensions Device Secret Attestation Secret Authenticator list credentials for specific AppID after User Info Verification(or User Info Presence) Challenge Resident Space Space Credential ID App ID User Info ******
  • 71.
  • 72.
  • 74. Authenticate Attestation Certificate App ID Challenge AAGUID 0 0 0 0Extensions Device Secret Attestation Secret Credential ID Application Private Key Resident Space Space Credential ID App ID User Info
  • 75. Authenticate Attestation Certificate App ID Challenge AAGUID 0 0 0 0Extensions Device Secret Attestation Secret Credential ID Application Private Key Resident Space Space Credential ID App ID User Info
  • 76. FIDO2 • Single factor Authentication Credential Management API Support PublicKey Crypto • 2nd Factor Authentication WebAuthn Support both CTAP1 and CTAP2 • Multi-Factor: Passwordless + PIN or Biometric CTAP2 Support User Info Verification

Notes de l'éditeur

  1. RP provide AppID and challenge (appID has been verified by client) YubiKey Generate Random Nonce and calculate HMAC from AppID and Nonce using Device Secret. Generated HMAC is Application Private Key Generate public key from private key (ECDSA P-256)
  2. RP provide AppID and challenge (appID has been verified by client) YubiKey Generate Random Nonce and calculate HMAC from AppID and Nonce using Device Secret. Generated HMAC is Application Private Key Generate public key from private key (ECDSA P-256)
  3. RP provide AppID and challenge (appID has been verified by client) YubiKey Generate Random Nonce and calculate HMAC from AppID and Nonce using Device Secret. Generated HMAC is Application Private Key Generate public key from private key (ECDSA P-256)
  4. Calculate HMAC from Application Private Key and Nonce Concat HMAC and Nonce. It is Credential ID
  5. Calculate HMAC from Application Private Key and Nonce Concat HMAC and Nonce. It is Credential ID
  6. Calculate HMAC from Application Private Key and Nonce Concat HMAC and Nonce. It is Credential ID
  7. Calculate HMAC from Application Private Key and Nonce Concat HMAC and Nonce. It is Credential ID
  8. Credential ID is called “KeyHandle” in U2F protocol
  9. Attestation Statement FIDO U2F statement is defined in W3C WebAuthentication API FIDO U2F statement include signature and certificate YubiKey sign to App ID, Challenge(ClientData), Credential ID, Application public Key with Device Secret Attestation Certificate (Attestation Certificate) is pair of Device secret. Attestation Certificate is signed by Yubico Root CA.
  10. Attestation Statement FIDO U2F statement is defined in W3C WebAuthentication API FIDO U2F statement include signature and certificate YubiKey sign to App ID, Challenge(ClientData), Credential ID, Application public Key with Device Secret Attestation Certificate (Attestation Certificate) is pair of Device secret. Attestation Certificate is signed by Yubico Root CA.
  11. Attestation Statement FIDO U2F statement is defined in W3C WebAuthentication API FIDO U2F statement include signature and certificate YubiKey sign to App ID, Challenge(ClientData), Credential ID, Application public Key with Device Secret Attestation Certificate (Attestation Certificate) is pair of Device secret. Attestation Certificate is signed by Yubico Root CA.
  12. Attestation Statement FIDO U2F statement is defined in W3C WebAuthentication API FIDO U2F statement include signature and certificate YubiKey sign to App ID, Challenge(ClientData), Credential ID, Application public Key with Device Secret Attestation Certificate (Attestation Certificate) is pair of Device secret. Attestation Certificate is signed by Yubico Root CA.
  13. Attestation Statement FIDO U2F statement is defined in W3C WebAuthentication API FIDO U2F statement include signature and certificate YubiKey sign to App ID, Challenge(ClientData), Credential ID, Application public Key with Device Secret Attestation Certificate (Attestation Certificate) is pair of Device secret. Attestation Certificate is signed by Yubico Root CA.
  14. Attestation Statement FIDO U2F statement is defined in W3C WebAuthentication API FIDO U2F statement include signature and certificate YubiKey sign to App ID, Challenge(ClientData), Credential ID, Application public Key with Device Secret Attestation Certificate (Attestation Certificate) is pair of Device secret. Attestation Certificate is signed by Yubico Root CA.
  15. Authentication Credential ID include Nonce and HMAC Calculate HMAC from AppID and Nonce using Device Secret. It is Application Private Key
  16. Authentication Credential ID include Nonce and HMAC Calculate HMAC from AppID and Nonce using Device Secret. It is Application Private Key
  17. Authentication Credential ID include Nonce and HMAC Calculate HMAC from AppID and Nonce using Device Secret. It is Application Private Key
  18. Verify Private Key is generated on this device Calculate HMAC form Application Private Key and Nonce. If generated HMAC equals to HMAC from RP, It has been verified the private key was generated on this device.
  19. Verify Private Key is generated on this device Calculate HMAC form Application Private Key and Nonce. If generated HMAC equals to HMAC from RP, It has been verified the private key was generated on this device.
  20. Verify Private Key is generated on this device Calculate HMAC form Application Private Key and Nonce. If generated HMAC equals to HMAC from RP, It has been verified the private key was generated on this device. And AppID is correct!
  21. Calculate a
  22. U2F support only UP flag. UP: User Info Presence
  23. I don’t know about it...
  24. - Resident Key store AppID
  25. - Resident Key store AppID
  26. - Resident Key store AppID
  27. - Resident Key store AppID
  28. - Resident Key store AppID
  29. - Resident Key store AppID
  30. - Resident Key store AppID
  31. - Authenticate
  32. - Authenticate
  33. DEMO https://youtu.be/XjfR9cVmqJE
  34. Application Private Key can be re-generate from credential ID. Authenticator return signature and “User Info Handle” which identifier the RP’s User Info.
  35. Application Private Key can be re-generate from credential ID. Authenticator return signature and “User Info Handle” which identifier the RP’s User Info.