Introduction to FIDO Authentication

INTRODUCTION TO FIDOAUTHENTICATION

Brett McDowell, Executive Director, FIDO Alliance

[email protected]

All Rights Reserved | FIDO Alliance | Copyright 2016

mailto:[email protected]

The Problem

The Solution

The Alliance

The MarketAll Rights Reserved | FIDO Alliance | Copyright 2016 2

781 data breaches in 2015

Data Breaches…

170 million records in 2015 (up 50%)

$3.8 million cost/breach (up 23% f/2013)

All Rights Reserved | FIDO Alliance | Copyright 2016 3

“95% of these incidents

involve harvesting

credentials stolen from

customer devices, then

logging into web

applications with them.”

2015 Data Breach Investigations ReportAll Rights Reserved | FIDO Alliance | Copyright 2016 4

“A look through the details of these

incidents shows a common sequence of

phish customer ≥

get credentials ≥

abuse web application ≥

empty bank/bitcoin account.”

2015 Data Breach Investigations ReportAll Rights Reserved | FIDO Alliance | Copyright 2016 5

The world has a PASSWORD PROBLEM

5Confidential All Rights Reserved | FIDO Alliance | Copyright 2016 6

IDM has a “Shared Secrets” PROBLEM


ONE-TIME PASSCODESImprove security but aren’t easy enough to use

Still Phishable

User Confusion

TokenNecklace

SMS Reliability


WE NEED A

NEW MODEL


The Problem

The Solution

The Alliance

The MarketAll Rights Reserved | FIDO Alliance | Copyright 2016 10

THE NEW MODELFast IDentity Online

online authentication usingpublic key cryptography


THE OLDPARADIGM

USABILITYSECURITY


THE FIDO PARADIGM

Poor Easy

Weak

Str

ong

USABILITY

SEC

UR

ITY


HOW “Shared Secrets” WORK

ONLINE

The user authenticates themselves online by presenting a human-readable “shared secret”


HOW FIDO AUTHN WORKS

AUTHENTICATOR

LOCAL ONLINE

The user authenticates “locally” to their device

(by various means)

The device authenticates the user online using

public key cryptography


OPEN STANDARDS R.O.I.FIDO-ENABLE ONCE

GAIN EVERY DEVICE YOU TRUSTNO MORE ONE-OFF INTEGRATIONS


USABILITY, SECURITY, R.O.I. and

PRIVACY


No 3rd Party in the Protocol

No Secrets on the Server Side

Biometric Data (if used) Never Leaves Device

No Link-ability Between Services

No Link-ability Between Accounts


Better security for online services

Reduced cost for the enterprise

Simpler and safer for consumersAll Rights Reserved | FIDO Alliance | Copyright 2016 19

The Problem

The Solution

The Alliance

The Market


The FIDO Alliance is an open industry

association with a focused mission:

authentication standards


Physical-to-digital identity

User Management

Authentication

Federation

Single

Sign-On

Passwords Risk-BasedStrong

MODERN

AUTHENTICATION

FIDO SCOPE


FIDO Alliance Mission

DevelopSpecifications

OperateAdoption Programs

Pursue Formal Standardization

1 2 3


Board Members

24 All Rights Reserved | FIDO Alliance | Copyright 2016 24

Government & Research

“The fact that FIDO has now welcomed government participation is a logical and exciting step towardfurther advancement of the Identity Ecosystem;

we look forward to continued progress.”-- Mike Garcia, NSTIC NPO

252525All Rights Reserved | FIDO Alliance | Copyright 2016

Liaison Program

Our mission is highly complementary to many other associations around the world. We welcome the opportunity to collaborate with this growing list of industry partner organizations.

2626All Rights Reserved | FIDO Alliance | Copyright 2016 26

The Problem

The Solution

The Alliance

The Market


EARLY FIDO ADOPTION

20152014


“NTT DOCOMO is now

offering FIDO-enabled

biometric authentication for

customers using Apple iOS

devices”

Mar 7, 2016

RECENT FIDO ADOPTION

“FIDO Universal 2nd Factor

(U2F) authentication is now

being used to allow all UK

citizens to easily and

securely access GOV.UK

Verify digital public

services.

Mar 23, 2016

“BC Card provides Token

and FIDO services to

strengthen security and

safety of Samsung Pay”

March 1, 2016

“KEB Hana’s new solution

is notably FIDO Certified.”

February 3, 2016

“Baidu Wallet is now offering FIDO-

enabled biometric authentication for

customers using Android devices”

April, 2016

Q1 2016

Q2 2016


Deployments are enabled by over 150

FIDO® Certified productswww.fidoalliance.org/certification/fido-certified/


Available to anyone

Ensures interoperability

Promotes the FIDO

ecosystem

Steps to certification:1. Conformance Self-Validation

2. Interoperability Testing

3. Certification Request

4. Trademark License (optional)

fidoalliance.org/certification


http://www.fidoalliance.org/certification

32All Rights Reserved | FIDO Alliance | Copyright 2016 32

Leading OEMs Shipping FIDO Certified Devices

Tab S, Tab S2 S5, Mini Note 4, 5 Alpha Note Edge S6/S7, S6/S7 Edge

Sharp

Aquos Zeta

Sony

Experia Z5Fujitsu

Arrows(Iris Biometrics)

Samsung

LG

V10 & G5Huawei

Mate 8Lenovo

P1

Lenovo

K52


iPhone 5s iPhone 6, 6+

iPad Air 2, Mini 3

iPhone 6s, 6s+

iPad Mini 4 iPad Pro

FIDO Applications Now Run on iOS 9Supported iOS Fingerprint Devices


JOIN THE FIDO ECOSYSTEM


JOIN THE FIDO ALLIANCE


Visit Our Member Companies at the FIDO Pavilion on the Trade Show Floor

37All Rights Reserved | FIDO Alliance | Copyright 2016

THANK YOU

slideshare.net/FIDOAlliance

[email protected]


http://slideshare.net/FIDOAlliance

mailto:[email protected]

Technology

Introduction to FIDO Authentication