Security Made Easier

Phillip Dunkelberger of Nok Nok Labs explains what’s behind Fast IDentity Online and why it’s so important for the IoE.

popularity

The FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance’s mission is to change the landscape of authentication by eliminating the reliance on passwords. This is accomplished by developing specificationsThe FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance’s mission is to change the landscape of authentication by eliminating the reliance on passwords. This is accomplished by developing specifications that define an open, scalable, and interoperable set of mechanisms, which will authenticate users, of online services, securely. This new standard for security devices and browser plug-ins will allow any Web site or cloud application to interface with a broad variety of existing and future FIDO-enabled devices for online security.

Phillip Dunkelberger, president and CEO President of Nok Nok Labs, a leader in the paradigm shift to next-generation of unified authentication and its platforms, sat down with Semiconductor Engineering to discuss FIDO and how it will affect the Internet of Everything. What follows are excerpts of that discussion.

SE: What is the FIDO platform?

Dunkelberger: From a high-level perspective, FIDO is a best described as a protocol. It is designed to be a solution that enables strong authenticators of all types – biometrics, secure PINs, and new types of ‘things.’ It is an easy, convenient way to plug and play these new types of things into back-end systems without having to re-engineer everything. So globally it is a protocol and a specification, developed under a non-profit alliance, the goal being to make strong authentication easy to PNP into their infrastructure.

SE: What’s the goal?

Dunkelberger: The FIDO protocol describes how to build a FIDO client, and how to interface the client with a FIDO-enabled serve. The protocol of the FIDO client covers three major areas; discovery, interface with the server, and enrollment. Discovery involves determining what FIDO elements are on the network, such as a FIDO-enabled camera or fingerprint sensor. Once the discovery is established, then the interface sets up which devices the server would like to enable. Finally, the enrollment is implemented. Once all of this is set up a secure connection is established and the authentication

SE: How does it implement security?

Dunkelberger: Once all of the handshakes are complete, and all of the devices on the network are validated, FIDO provisions a private key on your device. All of your information remains on the local device. That is the quintessence of FIDO technology. It doesn’t create a big attack surface by building a large database at the back end. It all stays local.

This is one of the most significant security features of the platform. It deploys a private key on the device, and a public key is all that gets deployed in the account. So now a public-private key pair is generated and the next time one goes to log in, it kicks off a FIDO challenge to that key pair. On a side note, if a device gets lost or compromised, all one has to do is re-enroll. The lost key is, intrinsically, now worthless.

There are three ways to do this. One is to implement it in a classic software environment. It can be set up as a plug-in—a fingerprint sensor or USB key as hardware-based unit. Or it can be implemented in silicon. For example, the key can be part of a trusted execution environment during manufacture. This is the safest way and provides the highest level of security in the FIDO platform. There are multiple ways to deploy the platform FIDO supports any operating system, any device platform, and any time of application.

SE: Security and the IoE is one of the hottest topics on the table today. How does FIDO play into that?

Dunkelberger: One of the most important things about FIDO is that it is attempting to be the best signaling methodology available – the first, best signal the system gets. That is accomplished through what is called an Authenticator Specific Module (ASM). That is what FIDO is based upon and the thing that tells everything else it is a FIDO-certified object. It is the authentication mechanism that is built into the hardware. It is the common element that links all FIDO networks together. FIDO not only ships you the public/private key pair during authentication, but it also expressly states, from a hardware aspect, this is what I am, how I was manufactured, and this is what I represent, cryptographically, as a hardware component.

So when it comes to the IoE for the FIDO-based ASM, let’s say one plugs in a smart device, such as a thermostat or a router, the first thing the OS says is, ‘Welcome, what is your FIDO ASM – please communicate that to me.’ If the device is authentic it will provide a key that will be, cryptographically, what is expected from the device. Again, the beauty of this for the IoE is that it supersedes any of the typical present methods, such as typical username and password scenarios. From an IoE standpoint, FIDO was actually designed to function that way from the ground up. Well, that scenario is great for an all-FIDO network. But what if a device that is similar to an authentic FIDO device (a router for example) is used that doesn’t have a FIDO key? The network then simply denies access to the network. This is automatic and requires no user intervention.

For the IoE, this is particularly applicable because FIDO gives you a cryptographic representation of ‘things, whatever they are — appliances, smart grid devices, smart home devices, even cows in a pasture. With all of these objects, one will never get a bad signal from any device since, unless it has an ASM, it cannot play on the network. And for the IoE it is all about identification and authentication. Once that precept is established, if anything changes in any of the ASMs, the FIDO platform simply no longer trusts the data coming from the changed device. This makes FIDO the ideal cryptographic IoE platform because it provides that strong, built-in hardware level public-private key exchange. An added benefit is that we know it is scalable within the Internet of today. All of this combined, makes FIDO the ideal technology for things like wearables, networks, and other smart devices that will be on the IoE.

SE: FIDO is an open standards protocol. What’s the benefit of that?

Dunkelberger: What is nice about FIDO is that the working group that came together to propose it chose a bunch of strong technologies, such as NIST-based, VSI-approved, CESG, government-based standards. These are good, solid building blocks. The purpose was to develop a better authentication infrastructure than we have had for the last 30 to 40 years. The groups involved in this development stage are some of the best minds in both the infrastructure and security segments. The first standard was released as the 1.0 standard of FIDO. It has already been upgraded to 1.01 and, when Microsoft indicated an interest in FIDO-enabling Windows 10, as soon as FIDO 2.0 is released, they will service-pack it into the OS.

The 2.0 revision is what I refer to as the operating system standard. That is because it is a platform that allows the integration of many of the features one would find in operating systems. And it will live until a standards body such as the IETF can ultimately take it forward. At present FIDO is mainly implemented for its usability and adaptability. But at its core it is a security protocol that enables security types of things to go on.

The danger is that as long as FIDO is a protocol it will be copied or simulated, and the result will be called FIDO-like when, in reality, it won’t be an alliance-certified product. Just because someone creates a fingerprint sensor with FIDO-like characteristics doesn’t mean it will adhere to the alliance certified security levels and protocols. That is why it is so important at this stage to make sure FIDO devices are alliance-certified and come from the FIDO group, because there will be rogue FIDO implementations.

SE: Going forward, with the IoE, is there any place that FIDO might not make sense?

Dunkelberger: I am going to give you a qualified answer on that. From a design standpoint today I am not aware of any. However, I am sure there will be, simply because the FIDO footprint might not be optimal for some devices. So from a design standpoint, no, but from an implementation standpoint, there will likely be some scenarios that FIDO isn’t suitable for. But overall, security is all about narrowing the attack surface, and FIDO does a really good job at the implementation level—especially for persistent connections where transactions will always be valid within the session. FIDO is one new and very good building block aimed at reducing attack surfaces, making things faster, easier and cheaper to use. That is what it is good at.

SE: What do you see as the future of FIDO?

Dunkelberger: FIDO is available, at scale, working in big environments, and it can be used in a variety of devices and applications now. It has many years of really knowledgeable people working on it and has had a deep well of investment to make it what it is today. (The graphic below shows who is currently on board.)

At the end of the day, FIDO offers a security platform for the enterprise, for payment systems, for medical billing and financial institutions – a slew of applications across a sea of technologies. We have taken the standard security approach of today, simplified it, and made it far cheaper and available. In the next few years, we expect more and more players, making more and more announcements that their products are FIDO-enabled.

FIDO paradigm



  • Hitoshi Anatomi

    Security made easier, and perhaps more pleasing to criminals.

    Whether face, iris, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keeping the near-zero false acceptance.

    Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security.

    In short, biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security. It may be interesting to have a quick look at a slide titled “PASSWORD-DEPENDENT PASSWORD-KILLER” shown at
    http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802