Embed Size (px)
Citation preview
The FIDO Approach
to PrivacyHannes Tschofenig, ARM Limited
1
Privacy by Design History
2
• Ann Cavoukian, the former Information and Privacy Commissioner of Ontario/Canada, coined the term “Privacy by Design” back in the late 90’s.
• Idea was to take privacy into account already early in the design process.
• Cavoukian went a step further and developed 7 principles.
• It took years to investigate the idea further and to become familiar with privacy as an engineering concept.
Privacy Principles
3https://fidoalliance.org/wp-content/uploads/2014/12/FIDO_Alliance_Whitepaper_Privacy_Principles.pdf
4
No 3rd Party in the Protocol
No Secrets generated on the Server side
Biometric Data (if used) Never Leaves Device
No Link-ability Between Services and Accounts
De-register at any time
No release of information without consent
FIDO & Privacy
AUTHENTICATOR
5
USER VERIFICATION FIDO AUTHENTICATION
Prepare0
STEP 1
FIDO Authenticator
FIDO Server
App WebApp
6
FIDO REGISTRATION
FIDO REGISTRATION
Prepare0
STEP 2
FIDO Authenticator
FIDO Server
App WebApp
7
TLS Channel Establishment
1
No 3rd Party in the Protocol
FIDO REGISTRATION
Prepare0
STEP 2FIDO Authenticator
FIDO Server
App WebApp
8
Verify User & Generate New Key Pair(Specific to Online Service Providers)
Legacy Auth.+ Initiate Reg.
Reg. Request+ Policy
1
2
3
No release of information without consent
FIDO REGISTRATION
Prepare0
STEP 3
FIDO Authenticator
FIDO Server
App WebApp
9
3
Legacy Auth.+ Initiate Reg.
Reg. Request[Policy]
1
2
Reg. Response4
Verify User & Generate New Key Pair(Specific to Online Service Providers)
No Secrets generated on the Server side
10No Link-ability Between Accounts and Services
Website A
Website B
FIDO REGISTRATION(On Multiple Sites)
FIDO REGISTRATION
Prepare0
STEP 4
FIDO Authenticator
FIDO Server
App WebApp
11
3
Verify User & Generate New Key Pair(Specific to Online Service Providers)
Success 5
Legacy Auth.+ Initiate Reg.
Reg. Request+ Policy
1
2
Reg. Response4
Biometric Data (if used) Never Leaves Device
PERSONAL DATA
12
Application-specific Data
Depending on the service(e.g., shipping address, credit card details)
User Verification Data
Biometric data (e.g., fingerprint or voice template,
heart-rate variation data)
FIDO-related Data
Identifiers used by the FIDO and protocols
(e.g., public key, key handle)
Data Minimization
, Purpose
Limitationand
protectionagainst
unauthorized
access
Outside the scope of FIDO
THE BUILDING BLOCKS
BROWSER/APP
FIDO USER DEVICE
RELYING PARTY
WEB SERVER
FIDO AUTHENTICATOR
FIDO SERVERFIDO CLIENT
ASM
TLS Server Key
CryptographicAuthentication
Public Keys DB
AuthenticationPrivate Keys
Attestation Private Keys
Authenticator Metadata
& Attestation Trust Store
FIDO UPDATE
13
ATTESTATION
14
… …SE
How is the key protected (TPM, SE, TEE, …)?
What user gesture is used?
14
Can I be tracked using the
attestation method?
AUTHENTICATOR
USER VERIFICATION FIDO AUTHENTICATION
ATTESTATION & METADATA
FIDO ServerFIDO Authenticator
Metadata
Signed Attestation
Object
Obtain meta-data from
Metadata Service or Other
Sources
Understand Authenticator Characteristic
15
ATTESTATION & METADATA
16
• Basic AttestationA set of authenticators (of the same model) share one attestation certificate. Injected at manufacturing time
• Privacy CAEach authenticator has a unique “endorsement” key.Authenticator generates an attestation key and requests an attestation certificate from a Privacy CA (using the endorsement key) at run-time.
• Direct Anonymous Attestation (DAA)Each authenticator receives one set of DAA attestation credentials. Private key is unique to authenticator but unlinkable.
Mapping to Regulatory Requirements
17
• FIDO privacy principles guided the work inside the FIDO Alliance on technical specifications.
• Interoperability tests and certification programs verify implementations.
• Regulation impacts those who deploy services. • Intentionally, the FIDO principles are more detailed
versions of already existing regulatory requirements. • Upcoming whitepaper explains the regulatory requirements
to FIDO-offered functionality.• Offers mapping based on the European Data Protection
Directive (95/46/EC) and the Identity Ecosystem Steering Group (IDESG) privacy principles.
Summary
18
• With the work in FIDO we have been trying to exercise the privacy by design philosophy.
• Whitepaper explains the privacy principles. Those principles have been taken into account during the work on the technical specifications.
• Unique privacy characteristics:• User verification happens locally at the Authenticator• No centrally created or managed credentials. • Reduced tracking capability.
