fido overview: status and future

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

1

Data Breachesare out of control

2

783 data breaches

IN 2014...>1 billionrecords stolen since 2012

3

$3.5 millionaverage cost per breach

We have a PASSWORD PROBLEM

4

Re-used Phished Keylogged

TOO MANY TO REMEMBER, DIFFICULT TO TYPE,

AND TOO VULNERABLE

5

Adding more authentication has largely been rejected by users

6

ONE-TIME PASSCODESImprove security but aren’t easy enough

Still Phishable

Poor User Experience

TokenNecklace

SMS Reliability

7

THE OLDPARADIGM

8

USABILITYSECURITY

PasswordsOTP2FA PINs

WE NEED A NEW MODELFast IDentity Online

9

THE FIDO PARADIGM

10

Poor Good

Wea

kSt

rong

USABILITY

SEC

URITYPasswords

™

PINs

OTP2FA

HOW DOES FIDO WORK?

USER VERIFICATION FIDO AUTHENTICATION

AUTHENTICATOR

11

Fido Registration

2

Registration Begins

1

12

User Approval

3

New Key Created

4

Key Registered using Public Key

Cryptography

Fido Login

2

Login

1

13

Login Challenge

3

Key Selected

4

Login Response using Public Key

Cryptography

User Approval

Login Complete

online authentication usingpublic key cryptography

14

Passwordless Experience (FIDO UAF Standards)

Second Factor Experience (FIDO U2F Standards)

Transaction Detail User Authentication Done

1 2 3Success

$10,000Transfer Now

Login & Password

1

Insert donglePress Button

2

Done

3Success

15

2014 Deployments

16

ü PayPal continues FIDO enablement in improved mobile wallet app.

ü Google has FIDO in Chrome and2-Step Verification.

ü Samsung adds FIDO enabled Touch authentication to Galaxy® S6

FIDO UNIVERSAL 2ND FACTOR

AUTHENTICATOR

Is a user present?

Same authenticator as registered

before?


17

18

Step 1U2F AUTHENTICATION DEMO EXAMPLE

19


20


21


+Bob

AUTHENTICATOR


FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF

22

Same User as enrolled

before?

Same Authenticator as registered

before?

UAF AUTHENTICATIONDEMO EXAMPLE

23

STEP 1

24


STEP 2

25


STEP 3

26


STEP 4

USABILITY, SECURITYand

PRIVACY27

28

No 3rd Party in the Protocol

No Secrets on the Server side

Biometric data (if used) never leaves device

No link-ability between Services or Accounts

Better Security for online services

Reduced cost for the enterprise

Simple & Safe for consumers

29

The FIDO Alliance is an open association of more than 180 diverse member organizations

30

31

Physical-to-digital identity

User Management

Authentication

Federation

SingleSign-On

Passwords Risk-BasedStrong

MODERNAUTHENTICATION

10

Board Members

32

ü Online Servicesü Chip Providersü Device Providersü Biometrics Vendorsü Enterprise Serversü Platform Providers

FIDO TIMELINE

FIDO 1.0 FINALSpecification

First UAF & U2F Deployments

SpecificationReview DraftFIDO Ready

ProgramAlliance

Announced

FEB2013

(6 Members)

DEC2013

(59 Members)

FEB2014

(84 Members)

FEB-OCT2014

(129 Members)

DEC 92014

(152 Members)

33

FIDO implementations and deployments

34

FIDO in 2015

35

A range of FIDO PRODUCTS is now available

36

Implementing 1.0 Specifications(this is only a subset of active implementations)

Online Services

Chip Providers

Device Providers

Biometrics Technology Providers

Enterprise Servers

Open Source

Mobile Apps/Clients

WWW Browsers

FIDO in Windows 10

37

ü Windows used by 1.5 billion users

ü Windows 10 in 190 countries by Q3

ü Free upgrade for consumer

FIDO in Snapdragon

38

ü Market leader to ship FIDO client

ü 85+ OEMs as of Q4ü >1 billion Android

devices shippedü Innovative sensor

FIDO in Healthcare

39

ü First healthcare deployment

ü Physician access to health records

ü up to 50 million Healthcare users

FIDO in Enterprise

40

ü Google for Work announced Enterprise admin support for FIDO® U2F “Security Key” – April 21

ü Google for Work is used by over 5 million businesses worldwide

ü “The Security Keys are a great step forward, as they are very practical and more secure.” – Woolsworth IT

FIDO & Government

41

2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security) noted that 76% of 2012 network intrusions exploited weak or stolen credentials.

-- NIST Roadmap for Improving Critical Infrastructure Cybersecurity,12-Feb-2014

ü Governments worldwide are looking at FIDO

ü FIDO featured at White House Summit

ü New collaboration framework…

InfineonNSP

NNL

New Government Membership Class

Ø Reflecting an increased focus on Government collaboration worldwide

Ø Details are now published in the new FIDO Alliance Membership Agreement

42

JOIN THE FIDO ALLIANCE

43

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

44