SlideShare une entreprise Scribd logo

FIDO Technical Overview at FIDO KWG Hackathon

Ki-Eun Shin
Ki-Eun Shin

Slides presented at FIDO KWG Hackathon

Technologie
1  sur  19
Télécharger pour lire hors ligne
FIDO Technical Overview Ki-Eun Shin at LINE Corporation April 2019
2 1. Backgrounds
Password problems Hard to create and remember Data breach affects other services
Feasible solutions Password managers 2factor authentication (e.g., OTP) Biometrics Federations and SSO
We would like to design a new authentication system • Easy to use • Strong against various attacks • Pluggable and interoperable design • Privacy preserving
6 2. What is FIDO? [fáidou]
FIDO Specifications FIDO 1 FIDO 2
How FIDO works
High level architecture RP ServerUser Device Native/Web App Authenticator RP Web Server FIDO Server FIDO Client (Platform or browser) Local Verifier Crypto Module Attest. Validator Assertion Validator Metadata Service FIDO Client API (JS or Native API) • RP (Relying Party) • Service leveraging FIDO authentication • Metadata Service (MDS) • Access to latest metadata statements • Authenticator types (attachment) • Platform (bound) authenticator • External (roaming) authenticator
Registration flow RP ServerUser Device Native/Web App ASM/Authenticator RP Web Server FIDO Server Local Verifier Crypto Module Attest. Validator Assertion Validator Metadata Service 5. requestOperation 1.getRegRequest 2.getRegRequest 4. returnRegRequest 6. verifyUser & getAttestation FIDO Client (Platform or browser) 7. callbackOperation 8. sendRegResponse 12. serverResponse 3. returnRegRequest 9.sendRegResponse 11. serverResponse 10. verifyAttestation & store pub key • Public key pair generation • Attestation (signature) generation • Store public key and related info
Authentication flow RP ServerUser Device Native/Web App ASM/Authenticator RP Web Server FIDO Server Local Verifier Crypto Module Attest. Validator Assertion Validator Metadata Service 5. requestOperation 1.getAuthRequest 2.getAuthRequest 4. returnAuthRequest 6. verifyUser & getAssertion FIDO Client (Platform or browser) 7. callbackOperation 8. sendAuthResponse 12. serverResponse 3. returnAuthRequest 9.sendAuthResponse 11. serverResponse 10. verifyAssertion /w pub key • Signature generation (/w priv key) • Signature verification
FIDO credentials • Scoped (isolated) to the specific domains (web sites) • No correlation between services (privacy preserving) • Public key pairs • Private keys are stored in client as much as secure way • Public keys are stored in the server and mapped to the user identifiers • Generated per service, user id and authenticator • Private keys never leave the device (client) • Private keys may be protected with user verification methods
13 3. Discover FIDO
Browsers and platforms supports Platform (OS) Browsers Apps (preview version) (any chromium based browsers) (Windows 18H2)(Android 7+) Authenticators (Safetynet)
Who is using FIDO? Examples
16 4. More Resources
Resources for Developers • W3C WebAuthn specs: https://www.w3.org/TR/webauthn/ • FIDO2 demo web sites (including open sources) • https://github.com/herrjemand/awesome-webauthn • FIDO dev forum • https://groups.google.com/a/fidoalliance.org/forum/#!forum/fido-dev • Android native FIDO API • https://developers.google.com/android/reference/com/google/android/gms/fido/Fido • Windows native WebAuthn API • https://github.com/Microsoft/webauthn • FIDO Specs: https://fidoalliance.org/specifications/download/
Resources for Planners • FIDO introduction: https://fidoalliance.org/category/intro-fido/ • FIDO videos: https://fidoalliance.org/content/video/ • FIDO case studies: https://fidoalliance.org/content/case-study/ • Microsoft’s guide for going password-less (video) • https://www.youtube.com/watch?v=mXJS615IGLM • Google: WebAuthn and Security keys (video) • https://www.youtube.com/watch?v=fsFxbC543n8
THANK YOU

Recommandé

Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
End point control
End point controlEnd point control
End point controlLan & Wan Solutions
 
Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Lan & Wan Solutions
 

Recommandé

Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
End point control
End point controlEnd point control
End point controlLan & Wan Solutions
 
Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Lan & Wan Solutions
 
Fear and Loathing of 2fa
Fear and Loathing of 2faFear and Loathing of 2fa
Fear and Loathing of 2faIgor Bulatenko
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2Leonard Moustacchis
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Gestión de identidad en aplicaciones corporativas web y móvil
Gestión de identidad en aplicaciones corporativas web y móvilGestión de identidad en aplicaciones corporativas web y móvil
Gestión de identidad en aplicaciones corporativas web y móvilIbon Landa
 
Sensibilisation about mass surveillance
Sensibilisation about mass surveillanceSensibilisation about mass surveillance
Sensibilisation about mass surveillanceatrakeur
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015ForgeRock
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and YouChris Stone
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Extreme Web Exploitation
Extreme Web ExploitationExtreme Web Exploitation
Extreme Web ExploitationViral Parmar
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"ForgeRock
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasPlain Concepts
 
Webchat using flask socket io
Webchat using flask socket ioWebchat using flask socket io
Webchat using flask socket ioLinggar Primahastoko
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 

Contenu connexe

Tendances

Fear and Loathing of 2fa
Fear and Loathing of 2faFear and Loathing of 2fa
Fear and Loathing of 2faIgor Bulatenko
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Gestión de identidad en aplicaciones corporativas web y móvil
Gestión de identidad en aplicaciones corporativas web y móvilGestión de identidad en aplicaciones corporativas web y móvil
Gestión de identidad en aplicaciones corporativas web y móvilIbon Landa
 
Sensibilisation about mass surveillance
Sensibilisation about mass surveillanceSensibilisation about mass surveillance
Sensibilisation about mass surveillanceatrakeur
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015ForgeRock
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and YouChris Stone
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Extreme Web Exploitation
Extreme Web ExploitationExtreme Web Exploitation
Extreme Web ExploitationViral Parmar
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"ForgeRock
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasPlain Concepts
 

Tendances (18)

Fear and Loathing of 2fa
Fear and Loathing of 2faFear and Loathing of 2fa
Fear and Loathing of 2fa
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Gestión de identidad en aplicaciones corporativas web y móvil
Gestión de identidad en aplicaciones corporativas web y móvilGestión de identidad en aplicaciones corporativas web y móvil
Gestión de identidad en aplicaciones corporativas web y móvil
 
Sensibilisation about mass surveillance
Sensibilisation about mass surveillanceSensibilisation about mass surveillance
Sensibilisation about mass surveillance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and You
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
Extreme Web Exploitation
Extreme Web ExploitationExtreme Web Exploitation
Extreme Web Exploitation
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
 
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativasDotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
DotNet 2019 | Hugo Biarge - Autenticación en aplicaciones web y nativas
 
Webchat using flask socket io
Webchat using flask socket ioWebchat using flask socket io
Webchat using flask socket io
 

Similaire à FIDO Technical Overview at FIDO KWG Hackathon

New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsNETUserGroupBern
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletFIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletIdentity Days
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Jaime Ruiz
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 

Similaire à FIDO Technical Overview at FIDO KWG Hackathon (20)

New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
 
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletFIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure Solution
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 

Dernier

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

FIDO Technical Overview at FIDO KWG Hackathon

  • 1. FIDO Technical Overview Ki-Eun Shin at LINE Corporation April 2019
  • 3. Password problems Hard to create and remember Data breach affects other services
  • 4. Feasible solutions Password managers 2factor authentication (e.g., OTP) Biometrics Federations and SSO
  • 5. We would like to design a new authentication system • Easy to use • Strong against various attacks • Pluggable and interoperable design • Privacy preserving
  • 6. 6 2. What is FIDO? [fáidou]
  • 9. High level architecture RP ServerUser Device Native/Web App Authenticator RP Web Server FIDO Server FIDO Client (Platform or browser) Local Verifier Crypto Module Attest. Validator Assertion Validator Metadata Service FIDO Client API (JS or Native API) • RP (Relying Party) • Service leveraging FIDO authentication • Metadata Service (MDS) • Access to latest metadata statements • Authenticator types (attachment) • Platform (bound) authenticator • External (roaming) authenticator
  • 10. Registration flow RP ServerUser Device Native/Web App ASM/Authenticator RP Web Server FIDO Server Local Verifier Crypto Module Attest. Validator Assertion Validator Metadata Service 5. requestOperation 1.getRegRequest 2.getRegRequest 4. returnRegRequest 6. verifyUser & getAttestation FIDO Client (Platform or browser) 7. callbackOperation 8. sendRegResponse 12. serverResponse 3. returnRegRequest 9.sendRegResponse 11. serverResponse 10. verifyAttestation & store pub key • Public key pair generation • Attestation (signature) generation • Store public key and related info
  • 11. Authentication flow RP ServerUser Device Native/Web App ASM/Authenticator RP Web Server FIDO Server Local Verifier Crypto Module Attest. Validator Assertion Validator Metadata Service 5. requestOperation 1.getAuthRequest 2.getAuthRequest 4. returnAuthRequest 6. verifyUser & getAssertion FIDO Client (Platform or browser) 7. callbackOperation 8. sendAuthResponse 12. serverResponse 3. returnAuthRequest 9.sendAuthResponse 11. serverResponse 10. verifyAssertion /w pub key • Signature generation (/w priv key) • Signature verification
  • 12. FIDO credentials • Scoped (isolated) to the specific domains (web sites) • No correlation between services (privacy preserving) • Public key pairs • Private keys are stored in client as much as secure way • Public keys are stored in the server and mapped to the user identifiers • Generated per service, user id and authenticator • Private keys never leave the device (client) • Private keys may be protected with user verification methods
  • 14. Browsers and platforms supports Platform (OS) Browsers Apps (preview version) (any chromium based browsers) (Windows 18H2)(Android 7+) Authenticators (Safetynet)
  • 15. Who is using FIDO? Examples
  • 17. Resources for Developers • W3C WebAuthn specs: https://www.w3.org/TR/webauthn/ • FIDO2 demo web sites (including open sources) • https://github.com/herrjemand/awesome-webauthn • FIDO dev forum • https://groups.google.com/a/fidoalliance.org/forum/#!forum/fido-dev • Android native FIDO API • https://developers.google.com/android/reference/com/google/android/gms/fido/Fido • Windows native WebAuthn API • https://github.com/Microsoft/webauthn • FIDO Specs: https://fidoalliance.org/specifications/download/
  • 18. Resources for Planners • FIDO introduction: https://fidoalliance.org/category/intro-fido/ • FIDO videos: https://fidoalliance.org/content/video/ • FIDO case studies: https://fidoalliance.org/content/case-study/ • Microsoft’s guide for going password-less (video) • https://www.youtube.com/watch?v=mXJS615IGLM • Google: WebAuthn and Security keys (video) • https://www.youtube.com/watch?v=fsFxbC543n8