Este documento fornece uma visão geral das especificações FIDO para autenticação moderna, discutindo os problemas com senhas, como o FIDO funciona para fornecer conveniência e segurança, e os componentes do ecossistema FIDO.
1. All Rights Reserved | FIDO Alliance | Copyright 20191
ESPECIFICAÇÕES FIDO
VISÃO GERAL
Gabriel Prado
CoffeeBean Technology
2. 2 All Rights Reserved | FIDO Alliance | Copyright 2019
AUTENTICAÇÃO - ESTAMOS SEGUROS?
3. All Rights Reserved | FIDO Alliance | Copyright 20193
Ataques que requerem ações físicas → não escaláveis
Soluções nunca serão 100% seguras, então atente para o nível
adequado de segurança.
Priorize defesas contra ataques em larga escala.
Ataques em escala
AUTENTICAÇÃO - ESTAMOS SEGUROS?
4. All Rights Reserved | FIDO Alliance | Copyright 20194
ESCOPO DA FIDO
Identidade física-digital
Gerenciamento de
usuários
Autenticação
Federação
Single
Sign-On
Senhas
Baseada em
risco
Forte
Autenticação moderna
5. All Rights Reserved | FIDO Alliance | Copyright 20195
DispositivoAlguma ação Autenticação
Análise de risco
Internet
AUTENTICAÇÃO NA NUVEM
6. All Rights Reserved | FIDO Alliance | Copyright 20196
PROBLEMAS COM SENHAS
DispositivoAlguma ação Autenticação
Internet
Senhas podem ser
roubadas do servidor
1Senhas podem ser inseridas
em aplicações e sites não
confiáveis (“phishing”)
2
Muitas senhas para lembrar
(>reuso / abandono de carrinho)
3
Inconvenientes de
digitar em smartphones
4
8. All Rights Reserved | FIDO Alliance | Copyright 20198
COMO FIDO FUNCIONA?
DispositivoVerificação de usuário Autenticação FIDO
Autenticador
9. All Rights Reserved | FIDO Alliance | Copyright 20199
AutenticadorVerificação de usuário Autenticação FIDO
Requer uma ação do usuário
antes de utilizar a chave
privada
Desafio
Resposta (Assinada)
Chave privada
exclusiva para cada
conta e aplicação Chave pública
exclusiva para cada
conta e aplicação
COMO FIDO FUNCIONA?
10. All Rights Reserved | FIDO Alliance | Copyright 201910
Verificação de usuário Autenticador Autenticação FIDO
Mesmo autenticador
cadastrado anteriormente?
Mesmo usuário cadastrado
anteriormente?
Consegue reconhecer o usuário
(i.e. verificação de usuário),
mas não conhece seus
atributos de identificação.
COMO FIDO FUNCIONA?
11. All Rights Reserved | FIDO Alliance | Copyright 201911
Associação de identidade
não está no escopo da
FIDO: Este é “João Silva
com identificador X”.
Verificação de usuário Autenticador Autenticação FIDO
Mesmo autenticador
cadastrado anteriormente?
Mesmo usuário cadastrado
anteriormente?
Consegue reconhecer o usuário
(i.e. verificação de usuário),
mas não conhece seus
atributos de identificação.
COMO FIDO FUNCIONA?
12. All Rights Reserved | FIDO Alliance | Copyright 201912
ECOSSISTEMA FIDO
AutenticadorVerificação de usuário Autenticação FIDO
… …SE
13. All Rights Reserved | FIDO Alliance | Copyright 201913
Como a chave privada
está protegida?
(TPM, SE, TEE, …)?
Qual método de verificação
de usuário foi utilizado?
AutenticadorVerificação de usuário Autenticação FIDO
… …SE
ECOSSISTEMA FIDO
14. All Rights Reserved | FIDO Alliance | Copyright 201914
ATESTADO + METADADOS
Chave privada
do atestado
Objeto de Atestado Assinado
Metadados
Recupera características de
segurança do autenticador
através dos Metadados obtidos
em mds.fidoalliance.org
Registro FIDO
Verificado utilizando âncoras de
confiança incluídas nos Metadados
Podem ser armazenados
para auditoria
15. All Rights Reserved | FIDO Alliance | Copyright 201915
AUTENTICADORES FIDO
Existem Autenticadores “Integrados”
i.e. autenticadores que estão presentes
em um smartphone ou laptop
Existem Autenticadores “Externos”,
i.e. autenticadores que podem ser conectados
a diferentes dispositivos utilizando CTAP
Em ambas categorias, encontramos suporte a
diferentes modalidades
Verificação
de usuário
Verificação de
presença
16. All Rights Reserved | FIDO Alliance | Copyright 201916
COMPONENTES FIDO
Autenticador
(Externo)
DISPOSITIVO DO USUÁRIO
Cliente FIDO
Autenticador
(Integrado)
ASM
Aplicação (RP) Autenticação FIDO
Servidor de Aplicação
(RP)
Servidor FIDO
Metadados
17. All Rights Reserved | FIDO Alliance | Copyright 2019
Especificações da FIDO
FIDO UAF
FIDO U2F
(@FIDO)
CTAP
(@FIDO)
WebAuthn
(@W3C)
17
FIDO2
18. All Rights Reserved | FIDO Alliance | Copyright 201918
COMPONENTES FIDO
Autenticador
(Externo)
DISPOSITIVO DO USUÁRIO
Navegador
Autenticador
(Integrado)
Plataforma
Aplicação (RP) Autenticação FIDO
Servidor de Aplicação
(RP)
Servidor FIDO
Metadados
Web
Authentication
JS API
CTAP2
19. WEB AUTHENTICATION
Disponível em:
API JavaScript que possibilita
Autenticação FIDO diretamente em navegadores web
All Rights Reserved | FIDO Alliance | Copyright 201919
20. All Rights Reserved | FIDO Alliance | Copyright 201920
FIDO - REGISTRO
accountInfo, challenge, [cOpts]
rpId, ai, hash(clientData), cryptoP, [exts]verificação
de usuário
gera:
chave kpub
chave kpriv
credencial c
c,kpub,clientData,ac,cdh,rpId,cntr,AAGUID[,exts],
signature(tbs)
c,kpub,clientData,ac,tbs, s
armazena:
chave kpub
credencial c
s
Autenticador
seleciona Autenticador de acordo com cOpts;
determina rpId, obtém tlsData;
clientData := {challenge, origin, rpId, hAlg, tlsData}
cOpts: crypto params, credential black list,
extensions
cdh
ai
tbs
ac: attestation certificate chain
Servidor FIDOCliente FIDO
21. verificação
de usuário
busca
chave kpriv
cntr++;
processa exts
All Rights Reserved | FIDO Alliance | Copyright 201921
FIDO - AUTENTICAÇÃO
Autenticador Servidor FIDO
rpId, [c,] hash(clientData)
seleciona Autenticador de acordo com politícas;
verifica rpId, obtém tlsData (i.e. channel id, etc.);
busca key handle h;
clientData := {challenge, rpId, tlsData}
clientData,cntr,[exts],signature(cdh,cntr,exts)
clientData, cntr, exts, s
busca
chave kpub
no BD
verifica:
exts +
signature
usando
chave kpub
s
cdh
challenge, [aOpts]
Cliente FIDO
22. All Rights Reserved | FIDO Alliance | Copyright 201922
AUTENTICAÇÃO FIDO:
SEGURANÇA & CONVENIÊNCIA
23. All Rights Reserved | FIDO Alliance | Copyright 201923
CONVENIÊNCIA & SEGURANÇA
Segurança
Conveniência
Senhas
Segurança
Conveniência
81% dos vazamentos de dados
em 2016 envolveram senhas
padrões, fracas ou roubadas
-Verizon 2017 Data Breach Report
Para os usuários, elas são
complicadas, difíceis de
lembrar, e precisam ser
alteradas constantemente
SENHAS
24. All Rights Reserved | FIDO Alliance | Copyright 201924
CONVENIÊNCIA & SEGURANÇA
Segurança
Conveniência
Senhas + OTP
Senhas
SMS SÃO POUCO
CONFIÁVEIS
PORTE DE TOKENS
FÍSICOS
USUÁRIOS
CONFUSOS
VULNERÁVEIS A
“PHISHING”
OTPs
Segurança
Conveniência
25. All Rights Reserved | FIDO Alliance | Copyright 201925
FIDO
Com FIDO
• Mesmo método de verificação de
usuário para todos servidores
Com FIDO: Diversas modalidades de
verificação de usuário são suportadas
(+ elas são interoperáveis)
Segurança
Conveniência
Senhas + OTP
Senhas
CONVENIÊNCIA & SEGURANÇA
26. All Rights Reserved | FIDO Alliance | Copyright 201926
FIDO
Com FIDO: Níveis de segurança
podem ser reforçados
dependendo da implementação
de cada Autenticador
Com FIDO:
• Apenas chaves públicas nos servidores
• Resistentes a “phishing”
CONVENIÊNCIA & SEGURANÇA
Segurança
Conveniência
Senhas + OTP
Senhas
27. All Rights Reserved | FIDO Alliance | Copyright 201927
CONCLUSÕES
• Casos de uso distintos levam a requisitos distintos de
autenticação
• FIDO separa verificação do usuário e autenticação, suportando
assim todos os tipos de verificação de usuário
• FIDO oferece conveniência e segurança em escala
• Dados de verificação do usuário são conhecidos e armazenados
apenas pelos autenticadores
• FIDO complementa federação
28. All Rights Reserved | FIDO Alliance | Copyright 201928
ESPECIFICAÇÕES FIDO
VISÃO GERAL
Gabriel Prado, CoffeeBean Technology
Obrigado!
Notas do Editor
FIDO/WebAuthn Exist try to solve problems related to “Web Authentication”
The key issue with passwords is that they are “symmetric”.Can be copied to impersonate users.
Server Attacks
Client Attacks (Social Engineering)
Brute force attacks
We see many examples. Clear we need a better alternative.
We have seen several attacks on existing authentication methods in the past (sometimes presented at black hat conferences):
Server side attack were used to steal 1.2bn passwords from various servers. But attackers also have stolen
Personal data, like Aadhar numbers (similar to Social Security Numbers) and other PII.
We have seen and still see phishing attacks, where attackers trick us to enter our passwords into phishing web sites.
There even sophisticated versions of those phishing attacks that break OTP security.
And lately Google and the University of California in Berkeley published a report on such attacks finding that
1.9 billion passwords have been breached.
And detecting 12.5 million potential victims of phishing attacks and
780k victims of “off-the-shelf” key loggers.
So existing authentication schemes seem to be broken at this time.
In order to understand how we can improve authentication, let’s have a closer look into it…
[62secs]
References:
http://money.cnn.com/2014/08/05/technology/security/russian-hackers-theft/index.html
http://www.fonearena.com/blog/224741/jio-customer-database-of-over-120-million-users-leaked-could-be-biggest-data-breach-in-india.html
https://www.thestreet.com/story/12859371/1/chase-bank-customers-targeted-massive-phishing-attack.html
http://www.banktech.com/phishers-beat-citiandrsquos-two-factor-authentication-/d/d-id/1290948
https://static.googleusercontent.com/media/research.google.com/de/pubs/archive/46437.pdf (Google & University of California in Berkeley)
What do we want out of a solution?
How do we solve this problem?Scalable: Attacking many users not more difficult than attacking one
Write the software once and deploy it to steal many credentials.
Imagine instead having to steal each credential physically. To get 1 million credentials, an attacker would have to physically travel to 1 million targets.
Goals for FIDO:
First goal: Defend against scalable attacksSecond goal: Harden malware and theft
How does authentication work today?
Since we are not born with WIFI interfaces in our heads, we cannot directly authenticate ourselves to a cloud server.
We need some kind of proxy device. For example, we type our password into a computer running some application. If we believe this is the right application, we are willing to enter our password into it.
The server takes some explicit authentication signal like the password as input and adds additional back-end computed signals, e.g. geolocation derived from the IP address, packet round-trip times etc. The risk engine computes a resulting risk score using all input signals.
Note that the strength of a password signal depends on the characteristics of the “proxy-device” or App. If the password is entered into a malicious application, then a Phisher or man-in-the-middle might now be able to mis-use it.
The predominant Authentication method today is username+password. But it has several issues.
Passwords are symmetric bearer tokens. This means that anyone who knows the password can send it to the cloud server and gets authenticated. It also means that the server needs to know either the password directly or something which is derived from the password (e.g. the hash). And even if you cannot directly reverse this hash function, you can hash millions of passwords until the hash is identical to the one found on the server. Rainbow tables are an efficient method to do that. Note that the most passwords are not as strong as they could be. By knowing the 1000 most popular passwords you could break 90% of the accounts. By knowing the 10000 most popular passwords you could break 98,5% of the accounts.
But passwords might also be entered into the wrong application. This phishing application could then send the password to the attacker and let the attacker misuse it or it could itself misuse it for performing malicious transactions.
For security reasons, passwords shouldn‘t be re-used on other web sites. But how could I remember different passwords for all my accounts. I counted my accounts a while ago and ended up with well above 500. There is no way for me to remember them all.
And passwords are inconvenient to type on mobile phones using the touch keyboards.
In FIDO we acknowledge the fact that we need a local or “proxy”-device in order to authenticate to a cloud server.
We call this proxy device “Authenticator”.
We call the “something” (see before) user verification and we have a standardize authentication protocol between the client side and the server.
So we split the authentication into user verification and a standardized authenticator to server protocol.
We use private keys generated and maintained by the authenticator to sign server generated challenges.
The server uses the public key from the registered authenticator to verify the signature.
Each private key is dedicated to a single relying party.
So we only store public keys on the server-no user private keys. So hacking the server is less attractive to hackers.
Since the RP wants to know WHO the user is that uses the Authenticator, we need an identity binding step.
This step is not standardized in FIDO. Each RP can continue following its established know your customer (KYC) procedure.
So in FIDO we separated the Authentication aspect from the Identity aspect.
Authentication is a global problem which needs a global solution.
Identity is inherently regional as different countries have different regulations on privacy and identity verification procedures for different verticals.
For example, the know-you-customer-rules for European banks are different than the ones for Nigerian banks.
And people Europe have different privacy expectations than Nigerian people.
FIDO provides a global solution for Authentication that can be combined with any method of Identity binding that is acceptable in each region.
Since the RP wants to know WHO the user is that uses the Authenticator, we need an identity binding step.
This step is not standardized in FIDO. Each RP can continue following its established know your customer (KYC) procedure.
So in FIDO we separated the Authentication aspect from the Identity aspect.
Authentication is a global problem which needs a global solution.
Identity is inherently regional as different countries have different regulations on privacy and identity verification procedures for different verticals.
For example, the know-you-customer-rules for European banks are different than the ones for Nigerian banks.
And people Europe have different privacy expectations than Nigerian people.
FIDO provides a global solution for Authentication that can be combined with any method of Identity binding that is acceptable in each region.
FIDO provides great flexibility for Authenticator implementation. The specific implementation determines the resulting security level of the Authentication.
So the FIDO Server needs to know such implementation details: The FIDO Server needs to know whether the Authenticator is implemented in a trusted execution environment or in normal software running in the rich operating system. It typically wants to know whether the user was verified using a 4 character passcode or using fingerprint verification.
In FIDO we call this method Attestation.
FIDO provides great flexibility for Authenticator implementation. The specific implementation determines the resulting security level of the Authentication.
So the FIDO Server needs to know such implementation details: The FIDO Server needs to know whether the Authenticator is implemented in a trusted execution environment or in normal software running in the rich operating system. It typically wants to know whether the user was verified using a 4 character passcode or using fingerprint verification.
In FIDO we call this method Attestation.
There are various ways to implement an authenticator. Ex:
(a) embedded into a smartphone
(b) separate hardware tokens
Traditionally there always was a tradeoff between convenience and security.
If you could get it either more secure or more convenient – but not both at the same time.
Passwords are not very secure and their convenience is – let‘s say – improvable.
Requiring one-time-passwords in addition to the password doesn‘t make it more convenient.
So we can increase the security slightly if we give-up even more convenience.
Traditionally there always was a tradeoff between convenience and security.
If you could get it either more secure or more convenient – but not both at the same time.
Passwords are not very secure and their convenience is – let‘s say – improvable.
Requiring one-time-passwords in addition to the password doesn‘t make it more convenient.
So we can increase the security slightly if we give-up even more convenience.
FIDO fundamentally changes this model.
Since the user verification method (e.g. the finger swipe, or the PIN in case of PIN based authenticators) is the SAME for all relying parties it is more convenient just by using FIDO (worst case: only a single PIN to remember instead of hundred passwords).
Additionally FIDO supports scalability in terms of convenience depending on the user verification method implemented by the authenticator.
Just touching a fingerprint sensor is much more convenient than typing anything on touch keyboards.
Similarly for the security.
Just by using FIDO, you get protection against the server-side password stealing attacks (remember only public keys are stored on the server).
Additionally phishing attacks don‘t work as there are no bearer tokens known by the user anymore.
So the user cannot enter something into a phishing site which would allow impersonation (remember: only the legitimate authenticator knows the private key related to the public key which was registered at the server. So knowing a PIN wouldn‘t be sufficient for the attacker. Access to the authenticator would be required in addition).
FIDO/WebAuthn Exist try to solve problems related to “Web Authentication”