UAF Tutorial

UAF Technical Overview

Davit Baghdasaryan – Nok Nok Labs

UAF

http://www.fidoalliance.org/specifications

How does UAF work?

Relying Party

FIDO Authenticators

Verification

FIDO Registration

REGISTRATION BEGINS USER APPROVAL

REGISTRATION COMPLETE NEW KEY CREATED

USER APPROVALUSER APPROVAL

KEY REGISTEREDKEY REGISTERED

1 2

Using Public key

Cryptography

4 3

FIDO Login

LOGIN USER APPROVAL

LOGIN COMPLETE KEY SELECTED

LOGIN CHALLENGELOGIN CHALLENGE

LOGIN RESPONSELOGIN RESPONSE

1 2

4 3

Login

Using Public key

Cryptography

UAF Design Considerations

Decouple User Verification Method from Authentication Protocol

LOGIN USER APPROVAL

REGISTRATION COMPLETE KEY SELECTED

LOGIN CHALLENGE

LOGIN RESPONSE

1 2

4 3

Leverage public key cryptography

ONLINE SECURITY PROTOCOL

ONLINE SECURITY PROTOCOL

PLUGGABLE LOCAL AUTH

PLUGGABLE LOCAL AUTH

No 3rd Party in the Protocol

No secrets on Server side

Focus on User Privacy

• Biometric data never leaves user’s device

• No linkability between RPs

• No linkability between RP accounts

Embrace all kinds of Authenticators

software, proprietary hardware, certified hardware, ...

Risk Based Authentication

Login to online account

Change shipping address

Transfer $10.000

Low

High

UAF Architecture

User Device

User AgentUser Agent Mobile AppsMobile Apps

FIDO UAF ClientFIDO UAF Client

Authenticator AbstractionAuthenticator Abstraction

AuthenticatorsAuthenticatorsAuthenticatorsAuthenticators

Private KeysPrivate Keys

Authentication KeysAttestation Key

Authentication KeysAttestation Key

UAF AuthenticatorsUAF Authenticators

Relying Party

Web ApplicationWeb Application

FIDO UAF ServerFIDO UAF Server

Authentication KeysAttestation Key

Authentication KeysAttestation Key

Public KeysRegistration,

Authentication & Transaction Confirmation

UAFProtocol

UAF Protocol

• Discovery of authenticators on the client

• Registration

• Authentication

• Transaction Confirmation

• Deregistration

Registration

Initiate Registration

Registration Response + Attestation

+ User’s Public Key Validate Response

& Attestation, Store User’s

Public Key

Registration Request+ Policy

FIDOServe

r

FIDOServe

r

FIDOAuthenticat

or

FIDOAuthenticat

or

Web App

Browser or Native

App

2

4

5

Device Relying Party

1

3 Verify User &

Generate New Key Pair

(specific to RP Webapp)

Relying Party

(example.com)

username, policy, AppID, challenge

username, ak; hash(fcp)

a

generate:

key kpub

key kpriv

kh

aaid, kpub, fc, kh, attestation cert, cntr,

signature(aaid,fc,reg-cntr,cntr,kpub)

aaid, kpub, fc, attestation cert,

cntr, s store:

key kpub

s

UAF Registration

ASM + FIDO Client + Browser1stF IAuthnr

select Authenticator according to policy;check AppID, get tlsData (i.e. channel id, etc.);

generate APIKey random, compute access key

ak := hash(a|APIKey|PersonaID|CallerID)fcp := {a, challenge, facetID, tlsData}

fc

Note: This represents using a FIDO First-Factor Internal Authenticator -- it makes the differences to U2F more clear.

Attestation

FIDO Authenticator

FIDO Authenticator

Using HW based crypto

Pure SW based implementation

Based on FP Sensor X

Based on Face Recognition alg. Y

AAID 1

AAID 2

Attestation Key 1

Attestation Key 2

FIDOAuthenticat

or

FIDOAuthenticat

or

Initiate Authentication

Authentication Response

signed by User’s private key

ValidateResponse using

User’s Public Key

Authentication Request + Challenge

+ Policy

FIDOServe

r

FIDOServe

r

Web App

Browser or Native

App

2

4

5

Device Relying Party

1

3

Verify User & Exercise Private

Key(specific to User + RP)

Authentication

1stF IAuthnrASM + FIDO Client

+ BrowserRelying Party

kh, ak; hash(fcp)

select Authenticator according to policy;check AppID, get tlsData (i.e. channel id, etc.);

lookup key handle h and access key ak;fcp := {a, challenge, facetID, tlsData}check: ak

retrieve:

key kpriv

from kh;cntr++generate Authnr Nonce n

fc, n, cntr, signature(fc,n,cntr)

fcp, n, cntr, s

lookup kpub

from DBcheck:policy +signatureusing

key kpub

s

UAF Authentication

fc

a

policy, AppID, challenge

Note: NO username+Password login required before this sequence. Click on FIDO Button (or similar trigger) is sufficient.

FIDOServe

r

FIDOServe

r

Browser or Native

App

FIDOAuthenticat

or

FIDOAuthenticat

orInitiate Transaction

Authentication Response

+ Text Hash, signed by User’s private key

ValidateResponse &

Text Hashusing User’s Public

Key

Authentication Request +

Transaction Text

2

4

5

Device Relying Party

1

3

Web App

Display Text, Verify User &

Exercise Private Key

(specific to User + RP)

Transaction Confirmation

UAF Authenticator

• Bound Authenticator

• Roaming Authenticator

• Other metadata (verification method, key protection, secure display, …)

FIDO Authenticator

User Verification

Secure Display

Attestation Key

Authentication Key(s)

User

Injected at manufacturing, doesn’t change

Generated at runtime (on Registration)

Optional

Thank you