All Rights Reserved | FIDO Alliance | Copyright 20171

NEOWAVE + TRUSTELEM

PROTECTING IDAAS* (WEB/CLOUD SSO*)

WITH FIDO U2F

* IDAAS: IDENTITY AS A SERVICE SSO: SINGLE SIGN ON

All Rights Reserved | FIDO Alliance | Copyright 20172

Deployment Case Study: Trustelem & NeowaveProtecting IDAAS with FIDO U2F

Gregory Haïk, CEO, Trustelem

Frederic Martin, Security Architect, NEOWAVE

All Rights Reserved | FIDO Alliance | Copyright 20173

FIDO U2F TO PROTECT IDENTITY AS A SERVICE

All Rights Reserved | FIDO Alliance | Copyright 20174

NEOWAVE: SMART CARD BASED SECURITY PRODUCTS

NEOWAVE mission is to address these issues through strong authentication, encryption and digital

signatures based on secure smart card based products.

Identity theft (phishing), fraud, data theft and cyber attacks are on the rise

All Rights Reserved | FIDO Alliance | Copyright 20175

EASY PHISHING ATTACKS AGAINST SMS CODES

User Real website

usernamepassword

SMS

usernamepassword

SMS

Send SMS3

1

4 5

2

Fake website or MITM attack

All Rights Reserved | FIDO Alliance | Copyright 20176

EASY PHISHING ATTACKS AGAINST OTP / TOTP

usernamepassword

OTP

usernamepassword

OTP

OTP generator2

1

3 5

4

User Real websiteFake website or MITM attack

All Rights Reserved | FIDO Alliance | Copyright 20177

EASY PHISHING ATTACKS AGAINST SCANNED QR CODE VALIDATION

User Real websiteFake website or MITM attack

Give access

Read QR Code

2

3

1

Validate (wrong) access4

5

All Rights Reserved | FIDO Alliance | Copyright 20178

FIDO U2F: SIMPLE / SECURE SOLUTION AGAINST PHISHING ATTACKS

2 – Data to be signed(challenge, hashed url, etc.)

4 – Signed Data

3 – Digital Signature

(built-in smart card)

6 – Signature

Verification

1 – Data to be signed(challenge, hashed url, etc.)

5 – Signed Data

SSL Token Binding

MITM protection

All Rights Reserved | FIDO Alliance | Copyright 20179

FIDO U2F USB SECURITY KEY

PLUG KEYDO

SECURITY KEY IN

ENTER USERNAME

& PASSWORDTHAT’S IT

All Rights Reserved | FIDO Alliance | Copyright 201710

FIDO U2F NFC CARD

APPROACH

BADGEO NFC CARD

THAT’S IT

ENTER USERNAME

& PASSWORD

All Rights Reserved | FIDO Alliance | Copyright 201711

TRUSTELEM: IDENTITY AS A SERVICE

Company

Corporate applications

Trustelem enables your IT users to go from

one application to another, without the need to

re-authenticate.

Trustelem manages digital identities of your

IT users (IDaaS - Identity-as-a-Service Cloud

Single Sign-On, SSO).

All Rights Reserved | FIDO Alliance | Copyright 201712

FIDO U2F ADVANTAGES FOR WEB SSO LOGON

• No driver installation requirement

• Web browser built-in support

• Multi-platform / multi-channel protocol

• High security level (built-in smart card)

• Ultimate solution against identity theft

All Rights Reserved | FIDO Alliance | Copyright 201713

SIMPLE /SECURE WEB SSO LOGON

Password then

FIDO U2F

All Rights Reserved | FIDO Alliance | Copyright 201714

ALL-IN-ONE USER DASHBOARDS ACCESSPROTECTION

Now you don’t have to

wait for Microsoft to

integrate FIDO U2F

authentication :)

All Rights Reserved | FIDO Alliance | Copyright 201715

APPLICATIONS ACCESS

e.g. facebook workplace

All Rights Reserved | FIDO Alliance | Copyright 201716

ADMIN CONSOLE

Setup directories, users,

apps, permissions…

Logs, deployment audit

All Rights Reserved | FIDO Alliance | Copyright 201717

MORE FIDO U2F ADVANTAGES

• FIDO U2F devices are anonymous (no user

information, just anonymous keys, association

is done on the server side)

• FIDO U2F devices can be filtered, web

services can be locked only for our own

customized devices (attestation certificate)

All Rights Reserved | FIDO Alliance | Copyright 201718

CONCLUSION

• FIDO U2F strongly recommended

for Web SSO users and/or administrators

• Secure but easy to use and deploy