FIDO beyond the browser
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Title of Series | ||
Number of Parts | 542 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/61959 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
00:00
Electronic data interchangeSlide rulePresentation of a groupCartesian coordinate systemDiagramComputer animation
00:37
Extension (kinesiology)Personal digital assistantPublic key certificateData storage deviceAuthenticationInformation securityMiniDiscEncryptionLevel (video gaming)Standard deviationCommunications protocolClient (computing)Web browserSpherical capUniform resource nameHost Identity ProtocolFormal verificationDependent and independent variablesSign (mathematics)Formal grammarElectronic signatureTexture mappingComputer hardwareService (economics)Digital filterElectronic signatureWeb 2.0Open setPublic-key cryptographyMechanism designIdentifiabilityInformation securitySoftwareMereologyCommunications protocolMedical imagingSelf-organizationWeb browserCartesian coordinate systemProcess (computing)Server (computing)Open sourceDifferent (Kate Ryan album)Image registrationLatent heatSet (mathematics)AuthenticationDependent and independent variablesFirmwareSign (mathematics)Uniqueness quantificationComputer hardwareService (economics)Matching (graph theory)Endliche ModelltheorieVector spacePhishingFuzzy logicMessage passingToken ringFormal verificationWebsite
08:24
Uniqueness quantificationMiniDiscMUDService (economics)Function (mathematics)EmailChainPublic key certificateFormal verificationCommon Language InfrastructureSeries (mathematics)CryptographyComputer wormLibrary (computing)Communications protocolKeyboard shortcutFreewareOpen setConvex hullModule (mathematics)AuthenticationDefault (computer science)Distribution (mathematics)Information securityInstallation artSoftware testingConfiguration spacePasswordMaizeDependent and independent variablesSpherical capFlagFingerprintRandom numberComputer-generated imagerySystem identificationPersonal identification numberComputer hardwareSoftware repositoryImage resolutionCloningNamespaceSign (mathematics)Electronic signatureFile formatAsynchronous Transfer ModeTerm (mathematics)Information privacyMereologyClient (computing)System programmingOpen sourceInformation securityMetadataModule (mathematics)Library (computing)SoftwareWeb 2.0Demo (music)Slide ruleProjective planeView (database)Computer animation
16:10
EncryptionCiphertextPhysical systemVolumeInformation securityMiniDiscExtension (kinesiology)Spherical capPublic key certificateData modelStatement (computer science)Electronic signatureFormal verificationStandard deviationInformation privacyAuthenticationOpen sourceComputer hardwarePlastikkarteHard disk drivePlastikkartePublic-key cryptographyInformation securityServer (computing)Confidence intervalExtension (kinesiology)Exterior algebraElectronic signatureoutputMetadataPasswordMiddlewareKey (cryptography)Public key certificateComputer hardwareSoftware protection dongleMoment (mathematics)Parameter (computer programming)Physical systemElectronic mailing listComputer animation
20:15
Computer programSoftware developerSpherical capInternet forumMetadataClient (computing)Communications protocolInformation securityPhysical systemSoftwareSorting algorithmPublic key certificateComputer hardwareOpen setProcess (computing)Bit rateBiostatisticsInformation securitySoftwareToken ringBinary codeStandard deviationTouch typingSubset1 (number)ImplementationOrder (biology)Software testingComputer animation
22:26
UsabilityMereologyInformation securitySubsetComputer animation
23:01
Public-key cryptographyAdditionPlanningPoint (geometry)Revision controloutputMultiplication signImplementationWindowQR codeSingle-precision floating-point formatLibrary (computing)Food energyStandard deviationComputer animation
26:15
Program flowchart
Transcript: English(auto-generated)
00:10
Thank you. So my name is Joost van Dijk. Disclaimer, I work for a commercial company called Yubico. So maybe you've heard of Yubikeys. Yubico produces those Yubikeys.
00:22
But I'm not going to talk about Yubikeys, I'm going to talk about a technology called Fido. And many of you will have seen the previous presentation that was about an application of Fido. So the goal of this presentation is to move on to the next slide somehow, to explain
00:40
what Fido is. So I'll give a quick introduction to Fido, and then what you can use it for, and many people will already have seen it, for example, for authentication. But I'm going to talk about things that are, so for authentication with web primarily, I'm going to talk about things that Fido can be used for that is not involving
01:01
a web browser. And these things are less or well known, so I think it's interesting to have a look at the applications. And I'll give examples of open source software that you can use today that are actually using Fido to do things that don't involve a browser. So let me first explain about Fido.
01:22
So Fido is actually a set of specifications. One is by the World Wide Web Consortium, that's about using it in a web browser primarily. And the other one is using security keys. So the tokens like this that are typically in your key ring, this is called a roaming
01:42
authenticator in Fido, and the idea is that you protect your private keys on a piece of hardware that has protection against extracting key material. So this protocol is called CTAP, and that's by different organizations called the Fido
02:01
Alliance, and so this is specifically talking to authenticators like this one. So how does that work? So I'm simplifying things because there's a lot of details that I don't want to get into because that takes too much time. So if we have some relying party, so let's first look at the web authentication part,
02:24
so using a web browser typically. So a relying party, that would be typically a web server, and authentication works by, like many authentication protocols, you use a challenge response mechanism where you use asymmetric cryptography to sign a challenge, and then you use the verifier so the relying
02:44
party can check the signature, and if it works out, then you're authenticated. So the idea is that these two protocols, the WebAuthn is basically used in a web setting, so for example, the web server can send a challenge to a browser, and then the browser
03:03
uses the WebAuthn API, which is simply a JavaScript API to initiate the registration of a public key or authentication using that public key. So that's WebAuthn, that's in the web part, and then on the back end, your web browser
03:21
will communicate with a security key, so this roaming authenticator, just relaying that challenge, asking the key to sign it, and then the response is passed on to the relying party and will verify it. So what's all the fuzz with the pass keys and FIDO and anti-phishing?
03:41
Well, that's the merit of FIDO2, it has phishing protection, and that is because in this challenge, the web browser can help you secure things by injecting the origin of the site that you are authenticating with, so this is included in the signature, so if you end up at the phishing site, the signature won't match because it will have a different identifier for the vector.
04:03
So this is why FIDO is phishing, protecting you against phishing. But actually, I'm not going to talk about this use case, I'm going to talk about the right part of this image where we use CTAP to communicate with an authenticator. So these are all kinds of authenticators, so yeah, I work for a company that produces
04:24
these authenticators, but it's an open standard, so anyone can build a security key. So I'm using security key and roaming authenticator interchangeably, but these are all security keys by different vendors, so of course, my employer is there, but there's
04:42
also Feisham, for example, at Google, NitroKey, SoloKeys, and that's interesting because that's actually also open source hardware, so anyone can build a SoloKey, the firmware is open source, everything, and NitroKey actually uses the same software base, firmware base, so these are all, so anything I talk about in this talk will
05:05
work with any of these security keys. So how does this protocol work? So I'm focusing on CTAP, the back end, so talking to an authenticator. Well, the idea is that first you have to register, so registration is just to register
05:24
your public key with this verifier, this relying party, whoever that is, and then later you can use that public key for authentication. So there's two steps, registration, authentication. And so in the registration steps, so I'm not going to talk about all the details, but you just register your public key with a relying party, and this is including something called
05:50
the relying party ID, so in WebAuthn, this is the identifier of the web server, but in other applications, it can be anything, but the idea is that it is included in
06:04
so you fix this relying party ID when you register. Later with authentication, this relying party ID is included in the signature so you can, as a relying party, verify that it is used for your application. So you cannot use the same public key for some other application with a different relying
06:23
party ID. So, not going into too much detail, now you might think, well, I can do this stuff with PGP, I can do it with smart cards, so what is different about security keys if
06:40
you're not using it in a web browser. Well, actually, many of the things that I'm talking about will also work with PGP or other technologies, although there are some specific features that are not always included, and one of them is attestation. So attestation means that you can prove that some signature was generated with a
07:02
security key. So, of course, if you know that the public key is generated on a security key, then obviously that is the case, but if you're dealing with someone that claims to have a security key but you're not sure, you can actually verify it by this process called attestation.
07:20
So you can prove that someone uses, let's say, a Google Titan key to generate the signature. So this is what's called attestation, and there's a service hosted by the FIDO Alliance, so the organization that actually produces those specifications, and they host metadata.
07:41
So if you have a security key, it will have a unique identifier, so not unique for that particular Yubikey, but unique for the make and model. So any, let's say, any Titan key or any Feishang key or any Yubikey that is of a particular
08:00
make and model will have the same identifier. And in the specs it says that at least 100,000 keys need to use that same identifier if they are the same make and model, so you can be sure that, let's say, that the signature is generated by its Titan key. And that is also interesting. So attestation, together with its metadata, they really add something to this process.
08:26
So here's an example of the metadata. So someone built a nice web view of the metadata, so you can look up things like, of course, who's the vendor of this Yubikey or this security key, but also is it using
08:40
protected hardware, and is it certified to a certain security level? So all these things you can actually use in, actually, yeah, so I'm not going to do any demo, so I include all my demo slides for you to try yourself, so we don't have time here, but I just leave them in the slides so you can actually try.
09:01
So this is a way to extract metadata, so it's a bit technical, but if you want to try it, please do. Then about open source software, so Yubico publishes a FIDO library, and it's actually used by a lot of open source projects, so this is open source, although it's produced
09:24
by Yubico, and yeah, if you look at, for example, GitHub, and you look at all the projects that use this library, then there's lots of interesting projects that do it, and that means that you can use a security key, any security key by any vendor using that software.
09:43
And yeah, what I'll do in the rest of the talk is give you some examples, because it's interesting that although FIDO was primarily intended to do authentication, you can actually do other things. You can do encryption, you can do signing, and you can actually store things on the Yubikey. So I'll give an example of all these features.
10:02
So let's start with a very simple example, like a pluggable authentication module. So that's another open source library that is included in many Linux distributions, and the idea is that you can open source software.
16:23
You can try it out yourself, but let's give a practical example. Let's say that you want to encrypt your hard disk. You're on a Linux system, you're using Lux, and typically this is done using a password. Instead of using a password, you can also use a security key, a FIDO key, that instead of deriving some encryption key from your password,
16:45
it will derive the encryption key from this extra key that is generated on your security key. So this means that if you want to decrypt your hard disk, you just need to insert your security key, so this is what you have factored to gain some extra confidence that only you can decrypt that hard disk.
17:06
So worth looking up. Then there's another extension called LargeBloss, and this is for storing things on your security key. So it doesn't have a lot of space, but this is typically used for storing certificates.
17:22
So let's say you're using SSH, and you use SSH with SSH certificates. These are small files, and it's feasible to store them on your security key. So this is an extension that is not very often implemented at the moment.
17:41
I think there are a couple of vendors that actually implement this, but it means that if you move to a different system and you want to log in there, you can actually take your security key and extract both the public key and the certificate. Of course, the private key stays on your key, on your security key, and then log into a remote server from there,
18:03
so everything is contained in the same security key. Here's an example how you do this with tools. Do it yourself if you have a key that supports it. Finally, last example about this at the station. So if you generate an SSH key that is backed by a security key,
18:24
you can actually ask the security key to provide at the station. So there's this extra parameter in the SSH key gen that will extract the attestation data, as it's called, that you can look up in the FIDO metadata service, and this way you can prove that the signature was generated by some security key,
18:46
and you can look up exactly which one, and you're certain that this is done with secure hardware. Okay, you can try it out. So getting to a conclusion,
19:03
so I'm not saying you have to stop using PGP or anything, but this is an alternative to doing things with secure hardware, and the idea is now that since all the big vendors like Apple and Google and Microsoft, they've jumped on the FIDO bandwagon so we can see a lot more support for FIDO in the future.
19:25
That means that a lot more people will own a FIDO security key. For example, already mentioned this morning is if you have an Apple iOS device, you can protect your Apple ID using a FIDO security key. So it's built into iOS 16.3, I think.
19:47
So this means that it is a viable alternative that's actually also a lot cheaper than many of the other hardware keys that you can buy, like a smart card. So I think for 20 or 30 bucks you can buy a FIDO security key,
20:02
whereas smart cards are usually, especially if you consider all the middleware and everything else that you need to get it working, that can be a lot more expensive. So just a list of our resources. If you want to look up things, of course you can also contact me.
20:21
I'll be here all day, and happy to take questions if there are any. Hi. I have a question about the attestation process and open implementations of FIDO2. If you have an open implementation, is it possible to get that certified with FIDO2 Alliance?
20:42
My understanding is that in order to enable the people to compile their own binaries to put on their own open keys, is that possible, or is it not? Yeah, so as a relying party, there's a certification process that you can use to test if you are compatible with the FIDO standards.
21:04
So there's different certification programs. The most heavy ones are for the actual security keys. So there you have to actually do a lot of work to get it certified. But there's also a self-certification toolkit, I think,
21:20
that you can use to see if you are compatible with the FIDO standards. So there's a lot of tests you can run against your own relying party software. So you can do some application, right? Yeah, yeah, yeah. Any other questions? What is publicly known about hardware tokens' failure rates, at least for popular models,
21:43
and how many identical devices would you enroll for the most important things personally? The question is, I think, twofold. First is about failure rates. Actually, I don't know about failure rates, but of course there's different ways to do user verification,
22:01
and I skipped over it a bit, but to use a security key, you need to either touch it and sometimes also prove that you are using it. And this is done typically with a PIN or with a biometric. So I've never seen a security key fail, except when it's using biometrics,
22:21
because of course that is a less. So every biometric has a false acceptance rate and a false rejection rate. And yeah, I don't know numbers, but it differs with different vendors. So I think Apple doesn't say anything about their false acceptance rate, for example.
22:44
So I guess you just have to trust them, and that is with many vendors. I missed the second part of your question. How many identical devices do you enroll at once for the supply? Oh, yeah. So already mentioned, if you lose your security key, you have a problem.
23:02
So you want to have multiple public keys registered. And how many? That depends on the relying party. So some relying parties initially only allowed you to register one. So that's pretty useless, because, yeah, if you lose that one, then you're out of business.
23:21
So usually there are several, and yeah, I think, for example, on an Apple iOS device, you can now register six, but that's really depending on the relying party. So some have an infinite number, so you can just register as many as you like. But that's really depending on the relying party.
23:41
Okay, we've got time for our question. There is an IC hand here. So I guess we have now a single point of failure with the USB socket, especially if we are traveling. So are there any plans to have implementation for the Bluetooth FIDO standards?
24:11
So we can still work if the USB is broken, maybe at the phone or whatever.
24:20
Keep it a little quiet, because I have trouble hearing the question. Are there any plans for the Bluetooth support in the libraries? Because when, especially if I'm traveling, I often have problems with USB sockets,
24:47
so I would have a single point of failure there. So you're saying if you have a problem with your USB sockets, then you cannot use a key? So is there an alternative? Yes, and I would prefer to have some Bluetooth fall back then.
25:05
And the FIDO standard also specifies FIDO over Bluetooth, but I don't see it's only implemented on Windows and Android, but not on the Linux libraries.
25:25
Bluetooth support is not in this libFIDO 2. It only has USB and NFC, no Bluetooth. But there may be an addition in the next version of CTAP. There will be a way to, and maybe you've seen it in Google Chrome.
25:40
You can generate a QR code so that you can use your phone. So if you have to listen to your phone as an authenticator, you can do it over Bluetooth low energy. But the Bluetooth channel is only used for proximity. It's not used to actually transfer anything. For example, if you register a key, your public key is not submitted over Bluetooth.
26:00
But that will be in the next version of CTAP. Okay, thank you for the talk. We are out of the time, so applause.