Upload
fido-alliance
View
2.386
Download
0
Embed Size (px)
Citation preview
All Rights Reserved | FIDO Alliance | Copyright 20171
NEOWAVE + TRUSTELEM
PROTECTING IDAAS* (WEB/CLOUD SSO*)
WITH FIDO U2F
* IDAAS: IDENTITY AS A SERVICE SSO: SINGLE SIGN ON
All Rights Reserved | FIDO Alliance | Copyright 20172
Deployment Case Study: Trustelem & NeowaveProtecting IDAAS with FIDO U2F
Gregory Haïk, CEO, Trustelem
Frederic Martin, Security Architect, NEOWAVE
All Rights Reserved | FIDO Alliance | Copyright 20173
FIDO U2F TO PROTECT IDENTITY AS A SERVICE
All Rights Reserved | FIDO Alliance | Copyright 20174
NEOWAVE: SMART CARD BASED SECURITY PRODUCTS
NEOWAVE mission is to address these issues through strong authentication, encryption and digital
signatures based on secure smart card based products.
Identity theft (phishing), fraud, data theft and cyber attacks are on the rise
All Rights Reserved | FIDO Alliance | Copyright 20175
EASY PHISHING ATTACKS AGAINST SMS CODES
User Real website
usernamepassword
SMS
usernamepassword
SMS
Send SMS3
1
4 5
2
Fake website or MITM attack
All Rights Reserved | FIDO Alliance | Copyright 20176
EASY PHISHING ATTACKS AGAINST OTP / TOTP
usernamepassword
OTP
usernamepassword
OTP
OTP generator2
1
3 5
4
User Real websiteFake website or MITM attack
All Rights Reserved | FIDO Alliance | Copyright 20177
EASY PHISHING ATTACKS AGAINST SCANNED QR CODE VALIDATION
User Real websiteFake website or MITM attack
Give access
Read QR Code
2
3
1
Validate (wrong) access4
5
All Rights Reserved | FIDO Alliance | Copyright 20178
FIDO U2F: SIMPLE / SECURE SOLUTION AGAINST PHISHING ATTACKS
2 – Data to be signed(challenge, hashed url, etc.)
4 – Signed Data
3 – Digital Signature
(built-in smart card)
6 – Signature
Verification
1 – Data to be signed(challenge, hashed url, etc.)
5 – Signed Data
SSL Token Binding
MITM protection
All Rights Reserved | FIDO Alliance | Copyright 20179
FIDO U2F USB SECURITY KEY
PLUG KEYDO
SECURITY KEY IN
ENTER USERNAME
& PASSWORDTHAT’S IT
All Rights Reserved | FIDO Alliance | Copyright 201710
FIDO U2F NFC CARD
APPROACH
BADGEO NFC CARD
THAT’S IT
ENTER USERNAME
& PASSWORD
All Rights Reserved | FIDO Alliance | Copyright 201711
TRUSTELEM: IDENTITY AS A SERVICE
Company
Corporate applications
Trustelem enables your IT users to go from
one application to another, without the need to
re-authenticate.
Trustelem manages digital identities of your
IT users (IDaaS - Identity-as-a-Service Cloud
Single Sign-On, SSO).
All Rights Reserved | FIDO Alliance | Copyright 201712
FIDO U2F ADVANTAGES FOR WEB SSO LOGON
• No driver installation requirement
• Web browser built-in support
• Multi-platform / multi-channel protocol
• High security level (built-in smart card)
• Ultimate solution against identity theft
All Rights Reserved | FIDO Alliance | Copyright 201713
SIMPLE /SECURE WEB SSO LOGON
Password then
FIDO U2F
All Rights Reserved | FIDO Alliance | Copyright 201714
ALL-IN-ONE USER DASHBOARDS ACCESSPROTECTION
Now you don’t have to
wait for Microsoft to
integrate FIDO U2F
authentication :)
All Rights Reserved | FIDO Alliance | Copyright 201715
APPLICATIONS ACCESS
e.g. facebook workplace
All Rights Reserved | FIDO Alliance | Copyright 201716
ADMIN CONSOLE
Setup directories, users,
apps, permissions…
Logs, deployment audit
All Rights Reserved | FIDO Alliance | Copyright 201717
MORE FIDO U2F ADVANTAGES
• FIDO U2F devices are anonymous (no user
information, just anonymous keys, association
is done on the server side)
• FIDO U2F devices can be filtered, web
services can be locked only for our own
customized devices (attestation certificate)
All Rights Reserved | FIDO Alliance | Copyright 201718
CONCLUSION
• FIDO U2F strongly recommended
for Web SSO users and/or administrators
• Secure but easy to use and deploy