#2 - U2F Case Study
Transcript of #2 - U2F Case Study
1
U2F Case StudyExamining the U2F paradox
3
What is Universal 2nd
Factor (U2F)?
4
Simple, Secure, Scalable 2FA
5
Didn’t We Solve This Already?
SMS OTP DevicesCoverageDelayCostBatteryPolicy
One per siteProvisioning costsBattery
Smart CardsReaders/driversMiddlewareCost
6
Bad User experience Still phishableUsers find it hard to use Successful attacks
carried out today
MitMSuccessful attacks carried out today
And...
7
Why U2F?• Simple
– To register and authenticate -- a simple touch!– No drivers or client software to install
• Secure– Public key cryptography– Protects against phishing and man-in-the-middle
•Scalable– One U2F device, many services
•Protects Privacy – No secrets shared between service providers
8
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Google Login With U2F
9
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Dropbox Login With U2F
10
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
GitHub Login With U2F
11
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F
12
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F
13
1. Enter username/pwd 2. Insert U2F Key 3. Touch device
Your Login With U2F
14
Protocol Overview
Serversendschallenge1
Serverreceivesandverifiesdevicesignatureusingattestationcert5Keyhandleandpublickeyarestoredindatabase6
Devicegenerates keypair2Devicecreateskeyhandle3Devicesignschallenge+clientinfo4
Registration
Serversendschallenge+keyhandle1
Serverreceivesandverifiesusingstoredpublickey4
Deviceunwraps/derivesprivatekeyfromkeyhandle2Devicesignschallenge+clientinfo3
Authentication
Individu
alwith
U2FDevice
,RelyingParty
16
Protocol DesignStep-By-Step
17
U2F Device Client
Relying Party
challenge
challenge
Sign with kpriv signature(challenge)
s
Checksignature (s)using kpub
s
Lookupkpub
Authentication
18
U2F Device Client
Relying Party
challenge
challenge, origin, channel id
Sign with kpriv
signature(c)
c, sCheck susing kpub
Verify origin & channel id
s
Lookupkpub
Phishing/MitM Protection
19
U2F Device Client
Relying Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
aCheckapp id
Lookupthe kpriv
associated with h
Sign with kpriv
signature(a,c)
c, sCheck susing kpub
Verify origin & channel id
s
h
Lookup the kpub
associated with h
Application-Specific Keys
20
U2F Device Client
Relying Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
aCheckapp id
Lookupthe kpriv
associated with h
Sign with kpriv
counter++
counter, signature(a,c, counter)
counter, c, sCheck susing kpub
Verify origin, channel id & counter
s
h
Lookup the kpub
associated with h
Device Cloning
21
U2F Device Client
Relying Party
app id, challenge
a; challenge, origin, channel id, etc.
c
aCheckapp id
Generate:kpub
kpriv
handle h kpub, h, attestation cert, signature(a,c,kpub,h)
c, kpub, h, attestation cert, s
Associate kpub with handle hfor user
s
Registration + Device Attestation
22
Bad User Experience
StillPhishable
MitM
x xxSo How Did We Do?
23
ResourcesStrengthen 2 step verification with Security Key
Yubico Security Key
Yubico Libraries, Plugins, Sample Code, Documentation
FIDO U2F Protocol Specification
Yubico Demo Server - Test U2F
Yubico Demo Server - Test Yubico OTP
Google security blog
yubico.com/security-key
developers.yubico.com
fidoalliance.org/specifications
demo.yubico.com/u2f
demo.yubico.com