[Cryptography] Curious about FIDO Alliance authentication scheme
Thierry Moreau
thierry.moreau at connotech.com
Wed Sep 23 09:33:08 EDT 2015
Hi,
Here is a quick review of the FIDO alliance authentication proposal [1].
After looking superficially at the specifications documentation [2], I
came to the tentative summary below. I did not feel a need to delve into
the companion documentation set [3].
Core cryptographic principles:
(A) The scheme uses public key crypto signatures (PK signatures) without
security certificates, for client authentication, in client-server
applications.
(B) Each server entity (relying party) maintains its own database of
public keys to account identity relationships.
(C) The scheme documentation suggests a unique PK signature key pair for
each triplet <client,server,device>.
(D) Account registration is devoid of special provisions for client
identity verification: client device selects a PK signature key pair,
signs a protocol-negotiation-derived context-dependent data stream and
that's it.
Best practice security principles:
(E) The scheme documentation includes a taxonomy of mechanisms with
which the client device may protect the activation of the device PK
digital signature capability.
(F) In the account registration protocol exchanges, such client local
mechanisms are negotiated.
(G) This arrangement is herein qualified as "best practice" because the
server has no cryptographic integrity protection for client assertions
in this account registration protocol exchange.
Scheme adoption strategy:
(H) The initial teaser is the appeal of an anti-phishing solution
(alternative to password authentication).
(I) Levels the playing field for biometric/two-factor/tamper-processor
authentication vendors.
(J) Not sure about browser support barrier to entry strategy.
Please use this summary with caution since it is very much of a guesstimate.
Two questions:
1) any comment about the above summary ...
2) assuming the authentication scheme turns widely deployed, what are
the opportunities for the bad guys (those being creative, patient, and
resourceful at attacking IT security schemes)? (Vulnerabilities in the
client device are countless, dependent on local arrangements, and mostly
well understood; it's the protocol vulnerabilities that would be
relevant in view of the scheme novelty.)
Thanks in advance for feedback.
- Thierry
[1] https://fidoalliance.org/
[2]
http://fidoalliance.org/wp-content/uploads/2014/12/fido-uaf-v1.0-ps-20141208.zip
-- FIDO Alliance Universal Authentication Framework Complete Specifications
[3]
https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514.zip
-- FIDO Alliance Universal 2nd Factor (U2F) specs with Bluetooth and NFC
transports
More information about the cryptography
mailing list