Upload
fido-alliance
View
679
Download
1
Embed Size (px)
Citation preview
INTRODUCTION TO FIDOAUTHENTICATION
Brett McDowell, Executive Director, FIDO Alliance
All Rights Reserved | FIDO Alliance | Copyright 2016
The Problem
The Solution
The Alliance
The MarketAll Rights Reserved | FIDO Alliance | Copyright 2016 2
781 data breaches in 2015
Data Breaches…
170 million records in 2015 (up 50%)
$3.8 million cost/breach (up 23% f/2013)
All Rights Reserved | FIDO Alliance | Copyright 2016 3
“95% of these incidents
involve harvesting
credentials stolen from
customer devices, then
logging into web
applications with them.”
2015 Data Breach Investigations ReportAll Rights Reserved | FIDO Alliance | Copyright 2016 4
“A look through the details of these
incidents shows a common sequence of
phish customer ≥
get credentials ≥
abuse web application ≥
empty bank/bitcoin account.”
2015 Data Breach Investigations ReportAll Rights Reserved | FIDO Alliance | Copyright 2016 5
The world has a PASSWORD PROBLEM
5Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 6
IDM has a “Shared Secrets” PROBLEM
5Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 7
ONE-TIME PASSCODESImprove security but aren’t easy enough to use
Still Phishable
User Confusion
TokenNecklace
SMS Reliability
6Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 8
WE NEED A
NEW MODEL
All Rights Reserved | FIDO Alliance | Copyright 2016 9
The Problem
The Solution
The Alliance
The MarketAll Rights Reserved | FIDO Alliance | Copyright 2016 10
THE NEW MODELFast IDentity Online
online authentication usingpublic key cryptography
All Rights Reserved | FIDO Alliance | Copyright 2016 11
THE OLDPARADIGM
USABILITYSECURITY
All Rights Reserved | FIDO Alliance | Copyright 2016 12
THE FIDO PARADIGM
Poor Easy
Weak
Str
ong
USABILITY
SEC
UR
ITY
All Rights Reserved | FIDO Alliance | Copyright 2016 13
HOW “Shared Secrets” WORK
ONLINE
The user authenticates themselves online by presenting a human-readable “shared secret”
All Rights Reserved | FIDO Alliance | Copyright 2016 14
HOW FIDO AUTHN WORKS
AUTHENTICATOR
LOCAL ONLINE
The user authenticates “locally” to their device
(by various means)
The device authenticates the user online using
public key cryptography
All Rights Reserved | FIDO Alliance | Copyright 2016 15
OPEN STANDARDS R.O.I.FIDO-ENABLE ONCE
GAIN EVERY DEVICE YOU TRUSTNO MORE ONE-OFF INTEGRATIONS
All Rights Reserved | FIDO Alliance | Copyright 2016 16
USABILITY, SECURITY, R.O.I. and
PRIVACY
All Rights Reserved | FIDO Alliance | Copyright 2016 17
No 3rd Party in the Protocol
No Secrets on the Server Side
Biometric Data (if used) Never Leaves Device
No Link-ability Between Services
No Link-ability Between Accounts
All Rights Reserved | FIDO Alliance | Copyright 2016 18
Better security for online services
Reduced cost for the enterprise
Simpler and safer for consumersAll Rights Reserved | FIDO Alliance | Copyright 2016 19
The Problem
The Solution
The Alliance
The Market
All Rights Reserved | FIDO Alliance | Copyright 2016
The FIDO Alliance is an open industry
association with a focused mission:
authentication standards
All Rights Reserved | FIDO Alliance | Copyright 2016 21
Physical-to-digital identity
User Management
Authentication
Federation
Single
Sign-On
Passwords Risk-BasedStrong
MODERN
AUTHENTICATION
FIDO SCOPE
All Rights Reserved | FIDO Alliance | Copyright 2016 22
FIDO Alliance Mission
DevelopSpecifications
OperateAdoption Programs
Pursue Formal Standardization
1 2 3
All Rights Reserved | FIDO Alliance | Copyright 2016 23
Board Members
24 All Rights Reserved | FIDO Alliance | Copyright 2016 24
Government & Research
“The fact that FIDO has now welcomed government participation is a logical and exciting step towardfurther advancement of the Identity Ecosystem;
we look forward to continued progress.”-- Mike Garcia, NSTIC NPO
252525All Rights Reserved | FIDO Alliance | Copyright 2016
Liaison Program
Our mission is highly complementary to many other associations around the world. We welcome the opportunity to collaborate with this growing list of industry partner organizations.
2626All Rights Reserved | FIDO Alliance | Copyright 2016 26
The Problem
The Solution
The Alliance
The Market
All Rights Reserved | FIDO Alliance | Copyright 2016
EARLY FIDO ADOPTION
20152014
All Rights Reserved | FIDO Alliance | Copyright 2016 28
“NTT DOCOMO is now
offering FIDO-enabled
biometric authentication for
customers using Apple iOS
devices”
Mar 7, 2016
RECENT FIDO ADOPTION
“FIDO Universal 2nd Factor
(U2F) authentication is now
being used to allow all UK
citizens to easily and
securely access GOV.UK
Verify digital public
services.
Mar 23, 2016
“BC Card provides Token
and FIDO services to
strengthen security and
safety of Samsung Pay”
March 1, 2016
“KEB Hana’s new solution
is notably FIDO Certified.”
February 3, 2016
“Baidu Wallet is now offering FIDO-
enabled biometric authentication for
customers using Android devices”
April, 2016
Q1 2016
Q2 2016
All Rights Reserved | FIDO Alliance | Copyright 2016 29
Deployments are enabled by over 150
FIDO® Certified productswww.fidoalliance.org/certification/fido-certified/
All Rights Reserved | FIDO Alliance | Copyright 2016 30
Available to anyone
Ensures interoperability
Promotes the FIDO
ecosystem
Steps to certification:1. Conformance Self-Validation
2. Interoperability Testing
3. Certification Request
4. Trademark License (optional)
fidoalliance.org/certification
All Rights Reserved | FIDO Alliance | Copyright 2016 31
32All Rights Reserved | FIDO Alliance | Copyright 2016 32
Leading OEMs Shipping FIDO Certified Devices
Tab S, Tab S2 S5, Mini Note 4, 5 Alpha Note Edge S6/S7, S6/S7 Edge
Sharp
Aquos Zeta
Sony
Experia Z5Fujitsu
Arrows(Iris Biometrics)
Samsung
LG
V10 & G5Huawei
Mate 8Lenovo
P1
Lenovo
K52
All Rights Reserved | FIDO Alliance | Copyright 2016 33
iPhone 5s iPhone 6, 6+
iPad Air 2, Mini 3
iPhone 6s, 6s+
iPad Mini 4 iPad Pro
FIDO Applications Now Run on iOS 9Supported iOS Fingerprint Devices
All Rights Reserved | FIDO Alliance | Copyright 2016 34
JOIN THE FIDO ECOSYSTEM
All Rights Reserved | FIDO Alliance | Copyright 2016 35
JOIN THE FIDO ALLIANCE
All Rights Reserved | FIDO Alliance | Copyright 2016 36
Visit Our Member Companies at the FIDO Pavilion on the Trade Show Floor
37All Rights Reserved | FIDO Alliance | Copyright 2016
THANK YOU
slideshare.net/FIDOAlliance
All Rights Reserved | FIDO Alliance | Copyright 2016