[Cryptography] Curious about FIDO Alliance authentication scheme
Thierry Moreau
thierry.moreau at connotech.com
Mon Nov 2 13:50:00 EST 2015
I previously asked the same question as Henry Baker in another thread
(YubiKeys / FIDO / U2F ??), but I did some primary source material
analysis which I shared.
Here is a reminder:
On 23/09/15 01:33 PM, Thierry Moreau wrote:
> Hi,
>
> Here is a quick review of the FIDO alliance authentication proposal [1].
> After looking superficially at the specifications documentation [2], I
> came to the tentative summary below. I did not feel a need to delve into
> the companion documentation set [3].
>
>
> Core cryptographic principles:
>
> (A) The scheme uses public key crypto signatures (PK signatures) without
> security certificates, for client authentication, in client-server
> applications.
>
> (B) Each server entity (relying party) maintains its own database of
> public keys to account identity relationships.
>
> (C) The scheme documentation suggests a unique PK signature key pair for
> each triplet <client,server,device>.
>
> (D) Account registration is devoid of special provisions for client
> identity verification: client device selects a PK signature key pair,
> signs a protocol-negotiation-derived context-dependent data stream and
> that's it.
>
> Best practice security principles:
>
> (E) The scheme documentation includes a taxonomy of mechanisms with
> which the client device may protect the activation of the device PK
> digital signature capability.
>
> (F) In the account registration protocol exchanges, such client local
> mechanisms are negotiated.
>
> (G) This arrangement is herein qualified as "best practice" because the
> server has no cryptographic integrity protection for client assertions
> in this account registration protocol exchange.
>
> Scheme adoption strategy:
>
> (H) The initial teaser is the appeal of an anti-phishing solution
> (alternative to password authentication).
>
> (I) Levels the playing field for biometric/two-factor/tamper-processor
> authentication vendors.
>
> (J) Not sure about browser support barrier to entry strategy.
>
> Please use this summary with caution since it is very much of a
> guesstimate.
>
>
> Two questions:
>
> 1) any comment about the above summary ...
>
> 2) assuming the authentication scheme turns widely deployed, what are
> the opportunities for the bad guys (those being creative, patient, and
> resourceful at attacking IT security schemes)? (Vulnerabilities in the
> client device are countless, dependent on local arrangements, and mostly
> well understood; it's the protocol vulnerabilities that would be
> relevant in view of the scheme novelty.)
>
> Thanks in advance for feedback.
>
>
> - Thierry
>
> [1] https://fidoalliance.org/
>
> [2]
> http://fidoalliance.org/wp-content/uploads/2014/12/fido-uaf-v1.0-ps-20141208.zip
> -- FIDO Alliance Universal Authentication Framework Complete Specifications
>
> [3]
> https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514.zip
> -- FIDO Alliance Universal 2nd Factor (U2F) specs with Bluetooth and NFC
> transports
More information about the cryptography
mailing list