FIDO Overview: Status and Future
•
0 likes•615 views
Explore the status and future of FIDO in this presentation, which was given at the European Identity & Cloud Conference (EIC) in May, 2015. The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to FIDO Overview: Status and Future
Similar to FIDO Overview: Status and Future (20)
More from FIDO Alliance
More from FIDO Alliance (20)
Recently uploaded
Recently uploaded (20)
FIDO Overview: Status and Future
- 2. Overview 2 14:00 14:30 FIDO Now Donal O'Shea, FIDO Alliance 14:30 15:00 FIDO UAF 1.0 Specs: Overview and Insights Rolf Lindemann, Nok Nok Labs 15:00 15:30 FIDO U2F 1.0 Specs: Overview and Insights Alexei Czeskis, Google 15:30 15:45 Coffee 15:45 16:15 FIDO, PKI & beyond: Where authentication meets identification Kim Nguyen, D-‐Trust Cord Bartels, CBcon 16:15 16:45 Deploying FIDO: Ins and Outs Panel: Moderator Matthias Reinwarth, Kuppinger Cole; Kevin Lynch, Synaptics; Bob Stewart, Sonavation; Michael Poitner, NXP; Chris Woodthorpe, Infineon 16:45 17:45 FIDO Ready™ Products Entersekt-‐Infineon-‐Nok Nok Labs-‐Yubico 17:45 18:00 Q&A Wrap Up FIDO
- 3. AGENDA 3 Interoperability Problem Password Problem FIDO Solution About FIDO
- 5. The FIDO Story—2 Technology Ecosystem
- 6. AGENDA 6 Interoperability Problem Password Problem FIDO Solution About FIDO
- 7. Cyber crime is out of CONTROL 7
- 8. 708 data breaches IN 2014... 82 million personal records stolen 8
- 9. Average cost per data breach $3.5 MILLION: 9 $92.3 MILLION: Average annual loss to mobile fraud
- 10. We have a PASSWORD PROBLEM 10
- 11. Passwords no longer keep us safe 11
- 12. Ill-suited for mobile devices Kept in centralized databases Easily broken 12
- 13. Re-used Phished Keylogged TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND NOT SECURE 13
- 14. Other mechanisms have not been a success 14
- 15. ONE-TIME CODES Improve security but aren’t easy enough Still Phishable Know attacks today User Experience User Confusion Device Usability One per site/ Fragile SMS Usability Coverage/ Delay/ Cost 15
- 16. WE NEED A NEW MODEL 16
- 17. The FIDO Story—3 • Relevant companies with compelling interest – The FIDO founders • PayPal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon, and Agnitio – Meetings started about four years ago • Technology — initial scoping and approach • Ecosystem — everybody talk to their friends • Legal — – Create an organization that » Protects IP and » Prevents antitrust
- 18. Putting It Together The problem: Simpler, Stronger, Interoperable online authentication The trend: Local device authentication Why not: Use local device auth for online authentication? This is the core idea behind FIDO standards!
- 19. We need ™ 19
- 20. AGENDA 20 Interoperability Problem Password Problem FIDO Solution About FIDO
- 21. THE FIDO SECURITY PARADIGM 21 Poor Good WeakStrong USABILITY SECURITY Current Solutions ™
- 23. 23 No 3rd Party in the Protocol No Secrets on the Server side Biometric data (if used) never leaves device No link-ability between Services No link-ability between Accounts
- 25. FIDO Standardization LOGIN USER APPROVAL REGISTRATION COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Leverage public key cryptography ONLINE CRYPTO PROTOCOL PLUGGABLE LOCAL AUTH
- 26. Not boiling the sea
- 27. Security for providers Reduced enterprise costs Simple for consumers 27
- 28. FOR CONSUMERS Easy to Use Interoperable Private Secure 28
- 29. FOR ENTERPRISES Reduced cost & complexity Strong asset protection Effective BYOD support 29
- 30. FOR ONLINE SERVICE PROVIDERS Exceptional user experience Stronger Security Cost containment 30
- 31. LOWER COST AND COMPLEXITY FOR ONLINE SERVICE PROVIDERS Single Infrastructure Any Device Risk Appropriate 31
- 32. AGENDA 32 Interoperability Problem Password Problem FIDO Solution About FIDO
- 33. FIDO TIMELINE FIDO 1.0 FINAL Specification First UAF & U2F Deployments Specification Review Draft FIDO Ready Program Alliance Announced FEB 2013 DEC 2013 FEB 2014 FEB-OCT 2014 DEC 9 2014 33
- 34. A broad range of board, associate, & sponsor members 34
- 35. Board Members 190 & GROWING… 35
- 36. Sponsor Members 190 & GROWING… 36
- 37. Associate Members 190 & GROWING… 37
- 38. Infineon NSP NNL A range of FIDO PRODUCTS is now available 38
- 39. 39 1.0 Specification Online Services Chip Providers Device Providers Biometrics Technology Providers Enterprise Servers Open Source sw/servers Mobile Aps & clients Browsers
- 40. The FIDO Alliance UAF Working Group U2F Working Group Certification WorkingGroup Marketing WorkingGroup Privacy and Public Policy WorkingGroup Board of Directors Executive Director FIDO Alliance Staff FIDO 2.0 WorkingGroup
- 42. Join FIDO • Three levels of membership – Board of Directors – Member – Associate • Website – www.fidoalliance.org • Email me – donal@fidoalliance.org