SlideShare ist ein Scribd-Unternehmen logo

Protecting IDAAS with FIDO Authentication

FIDO Alliance
FIDO Alliance

A case study from FIDO Member, Neowave and their client Trustelem on securing "identity as a service" (IDAAS) with FIDO Certified Authenticators.

Internet
1 von 18
Downloaden Sie, um offline zu lesen
All Rights Reserved | FIDO Alliance | Copyright 20171 NEOWAVE + TRUSTELEM PROTECTING IDAAS* (WEB/CLOUD SSO*) WITH FIDO U2F * IDAAS: IDENTITY AS A SERVICE SSO: SINGLE SIGN ON
All Rights Reserved | FIDO Alliance | Copyright 20172 Deployment Case Study: Trustelem & Neowave Protecting IDAAS with FIDO U2F Gregory Haïk, CEO, Trustelem Frederic Martin, Security Architect, NEOWAVE
All Rights Reserved | FIDO Alliance | Copyright 20173 FIDO U2F TO PROTECT IDENTITY AS A SERVICE
All Rights Reserved | FIDO Alliance | Copyright 20174 NEOWAVE: SMART CARD BASED SECURITY PRODUCTS NEOWAVE mission is to address these issues through strong authentication, encryption and digital signatures based on secure smart card based products. Identity theft (phishing), fraud, data theft and cyber attacks are on the rise
All Rights Reserved | FIDO Alliance | Copyright 20175 EASY PHISHING ATTACKS AGAINST SMS CODES User Real website username password SMS username password SMS Send SMS3 1 4 5 2 Fake website or MITM attack
All Rights Reserved | FIDO Alliance | Copyright 20176 EASY PHISHING ATTACKS AGAINST OTP / TOTP username password OTP username password OTP OTP generator2 1 3 5 4 User Real websiteFake website or MITM attack
All Rights Reserved | FIDO Alliance | Copyright 20177 EASY PHISHING ATTACKS AGAINST SCANNED QR CODE VALIDATION User Real websiteFake website or MITM attack Give access Read QR Code 2 3 1 Validate (wrong) access4 5
All Rights Reserved | FIDO Alliance | Copyright 20178 FIDO U2F: SIMPLE / SECURE SOLUTION AGAINST PHISHING ATTACKS 2 – Data to be signed (challenge, hashed url, etc.) 4 – Signed Data 3 – Digital Signature (built-in smart card) 6 – Signature Verification 1 – Data to be signed (challenge, hashed url, etc.) 5 – Signed Data SSL Token Binding MITM protection
All Rights Reserved | FIDO Alliance | Copyright 20179 FIDO U2F USB SECURITY KEY PLUG KEYDO SECURITY KEY IN ENTER USERNAME & PASSWORD THAT’S IT
All Rights Reserved | FIDO Alliance | Copyright 201710 FIDO U2F NFC CARD APPROACH BADGEO NFC CARD THAT’S IT ENTER USERNAME & PASSWORD
All Rights Reserved | FIDO Alliance | Copyright 201711 TRUSTELEM: IDENTITY AS A SERVICE Company Corporate applications Trustelem enables your IT users to go from one application to another, without the need to re-authenticate. Trustelem manages digital identities of your IT users (IDaaS - Identity-as-a-Service Cloud Single Sign-On, SSO).
All Rights Reserved | FIDO Alliance | Copyright 201712 FIDO U2F ADVANTAGES FOR WEB SSO LOGON • No driver installation requirement • Web browser built-in support • Multi-platform / multi-channel protocol • High security level (built-in smart card) • Ultimate solution against identity theft
All Rights Reserved | FIDO Alliance | Copyright 201713 SIMPLE /SECURE WEB SSO LOGON Password then FIDO U2F
All Rights Reserved | FIDO Alliance | Copyright 201714 ALL-IN-ONE USER DASHBOARDS ACCESS PROTECTION Now you don’t have to wait for Microsoft to integrate FIDO U2F authentication :)
All Rights Reserved | FIDO Alliance | Copyright 201715 APPLICATIONS ACCESS e.g. facebook workplace
All Rights Reserved | FIDO Alliance | Copyright 201716 ADMIN CONSOLE Setup directories, users, apps, permissions… Logs, deployment audit
All Rights Reserved | FIDO Alliance | Copyright 201717 MORE FIDO U2F ADVANTAGES • FIDO U2F devices are anonymous (no user information, just anonymous keys, association is done on the server side) • FIDO U2F devices can be filtered, web services can be locked only for our own customized devices (attestation certificate)
All Rights Reserved | FIDO Alliance | Copyright 201718 CONCLUSION • FIDO U2F strongly recommended for Web SSO users and/or administrators • Secure but easy to use and deploy

Empfohlen

Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
FIDO Authentication in Europe the Momentum and Opportunities
FIDO Authentication in Europe the Momentum and OpportunitiesFIDO Authentication in Europe the Momentum and Opportunities
FIDO Authentication in Europe the Momentum and OpportunitiesFIDO Alliance
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
The Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipThe Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipFIDO Alliance
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 

Weitere ähnliche Inhalte

Was ist angesagt?

Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO AuthenticationFIDO Alliance
 
Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
Google Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableGoogle Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableFIDO Alliance
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsFIDO Alliance
 
FIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Alliance
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in EducationFIDO Alliance
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile ConnectFIDO Alliance
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 
Fido China Working Group (FCWG)
Fido China Working Group (FCWG)Fido China Working Group (FCWG)
Fido China Working Group (FCWG)FIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
 
Modern Authentication for a Connected World
Modern Authentication for a Connected WorldModern Authentication for a Connected World
Modern Authentication for a Connected WorldFIDO Alliance
 

Was ist angesagt? (20)

Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
 
Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2Deployment Case Study: Login.gov & FIDO2
Deployment Case Study: Login.gov & FIDO2
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
Google Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableGoogle Case Study: Becoming Unphishable
Google Case Study: Becoming Unphishable
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation Protocols
 
FIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile ConnectFIDO Authentication and GSMA Mobile Connect
FIDO Authentication and GSMA Mobile Connect
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in Education
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile Connect
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
 
Fido China Working Group (FCWG)
Fido China Working Group (FCWG)Fido China Working Group (FCWG)
Fido China Working Group (FCWG)
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
Modern Authentication for a Connected World
Modern Authentication for a Connected WorldModern Authentication for a Connected World
Modern Authentication for a Connected World
 

Andere mochten auch

Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Alliance
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 
FIDO Authentication & Blockchain
FIDO Authentication & BlockchainFIDO Authentication & Blockchain
FIDO Authentication & BlockchainFIDO Alliance
 
FIDO Certified Program: Status & Futures
FIDO Certified Program: Status & FuturesFIDO Certified Program: Status & Futures
FIDO Certified Program: Status & FuturesFIDO Alliance
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Alliance
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesFIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Javelin Research 2017 State of Authentication Report
Javelin Research 2017 State of Authentication ReportJavelin Research 2017 State of Authentication Report
Javelin Research 2017 State of Authentication ReportFIDO Alliance
 
FIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO Alliance
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 

Andere mochten auch (12)

Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor Payments
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
FIDO Authentication & Blockchain
FIDO Authentication & BlockchainFIDO Authentication & Blockchain
FIDO Authentication & Blockchain
 
FIDO Certified Program: Status & Futures
FIDO Certified Program: Status & FuturesFIDO Certified Program: Status & Futures
FIDO Certified Program: Status & Futures
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in Healthcare
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Javelin Research 2017 State of Authentication Report
Javelin Research 2017 State of Authentication ReportJavelin Research 2017 State of Authentication Report
Javelin Research 2017 State of Authentication Report
 
FIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social Login
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership
 

Ähnlich wie Protecting IDAAS with FIDO Authentication

Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO AuthenticationLINE Corporation
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationFIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesFIDO Alliance
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationFIDO Alliance
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowellFIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressFIDO Alliance
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBMFIDO Alliance
 

Ähnlich wie Protecting IDAAS with FIDO Authentication (20)

Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and Status
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric Authentication
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management Webinar
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
 

Mehr von FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポートFIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
 

Mehr von FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 

Protecting IDAAS with FIDO Authentication

  • 1. All Rights Reserved | FIDO Alliance | Copyright 20171 NEOWAVE + TRUSTELEM PROTECTING IDAAS* (WEB/CLOUD SSO*) WITH FIDO U2F * IDAAS: IDENTITY AS A SERVICE SSO: SINGLE SIGN ON
  • 2. All Rights Reserved | FIDO Alliance | Copyright 20172 Deployment Case Study: Trustelem & Neowave Protecting IDAAS with FIDO U2F Gregory Haïk, CEO, Trustelem Frederic Martin, Security Architect, NEOWAVE
  • 3. All Rights Reserved | FIDO Alliance | Copyright 20173 FIDO U2F TO PROTECT IDENTITY AS A SERVICE
  • 4. All Rights Reserved | FIDO Alliance | Copyright 20174 NEOWAVE: SMART CARD BASED SECURITY PRODUCTS NEOWAVE mission is to address these issues through strong authentication, encryption and digital signatures based on secure smart card based products. Identity theft (phishing), fraud, data theft and cyber attacks are on the rise
  • 5. All Rights Reserved | FIDO Alliance | Copyright 20175 EASY PHISHING ATTACKS AGAINST SMS CODES User Real website username password SMS username password SMS Send SMS3 1 4 5 2 Fake website or MITM attack
  • 6. All Rights Reserved | FIDO Alliance | Copyright 20176 EASY PHISHING ATTACKS AGAINST OTP / TOTP username password OTP username password OTP OTP generator2 1 3 5 4 User Real websiteFake website or MITM attack
  • 7. All Rights Reserved | FIDO Alliance | Copyright 20177 EASY PHISHING ATTACKS AGAINST SCANNED QR CODE VALIDATION User Real websiteFake website or MITM attack Give access Read QR Code 2 3 1 Validate (wrong) access4 5
  • 8. All Rights Reserved | FIDO Alliance | Copyright 20178 FIDO U2F: SIMPLE / SECURE SOLUTION AGAINST PHISHING ATTACKS 2 – Data to be signed (challenge, hashed url, etc.) 4 – Signed Data 3 – Digital Signature (built-in smart card) 6 – Signature Verification 1 – Data to be signed (challenge, hashed url, etc.) 5 – Signed Data SSL Token Binding MITM protection
  • 9. All Rights Reserved | FIDO Alliance | Copyright 20179 FIDO U2F USB SECURITY KEY PLUG KEYDO SECURITY KEY IN ENTER USERNAME & PASSWORD THAT’S IT
  • 10. All Rights Reserved | FIDO Alliance | Copyright 201710 FIDO U2F NFC CARD APPROACH BADGEO NFC CARD THAT’S IT ENTER USERNAME & PASSWORD
  • 11. All Rights Reserved | FIDO Alliance | Copyright 201711 TRUSTELEM: IDENTITY AS A SERVICE Company Corporate applications Trustelem enables your IT users to go from one application to another, without the need to re-authenticate. Trustelem manages digital identities of your IT users (IDaaS - Identity-as-a-Service Cloud Single Sign-On, SSO).
  • 12. All Rights Reserved | FIDO Alliance | Copyright 201712 FIDO U2F ADVANTAGES FOR WEB SSO LOGON • No driver installation requirement • Web browser built-in support • Multi-platform / multi-channel protocol • High security level (built-in smart card) • Ultimate solution against identity theft
  • 13. All Rights Reserved | FIDO Alliance | Copyright 201713 SIMPLE /SECURE WEB SSO LOGON Password then FIDO U2F
  • 14. All Rights Reserved | FIDO Alliance | Copyright 201714 ALL-IN-ONE USER DASHBOARDS ACCESS PROTECTION Now you don’t have to wait for Microsoft to integrate FIDO U2F authentication :)
  • 15. All Rights Reserved | FIDO Alliance | Copyright 201715 APPLICATIONS ACCESS e.g. facebook workplace
  • 16. All Rights Reserved | FIDO Alliance | Copyright 201716 ADMIN CONSOLE Setup directories, users, apps, permissions… Logs, deployment audit
  • 17. All Rights Reserved | FIDO Alliance | Copyright 201717 MORE FIDO U2F ADVANTAGES • FIDO U2F devices are anonymous (no user information, just anonymous keys, association is done on the server side) • FIDO U2F devices can be filtered, web services can be locked only for our own customized devices (attestation certificate)
  • 18. All Rights Reserved | FIDO Alliance | Copyright 201718 CONCLUSION • FIDO U2F strongly recommended for Web SSO users and/or administrators • Secure but easy to use and deploy