FIDO UAF & U2F Key / Authenticator / Client / Server

FIDO Alliance was created in 2013 to reduce user reliance on password for online authentication and propose a compliance framework to ease user acceptance. Started by 6 members, the alliance now includes more than 200.

The past decade, we have seen an exponential increase of online activity per capita. Access to fast and reliable network made constant and instant connectivity a reality. This translated in people spending on average 3 hours a day online, seeing this number increase to 4.5 hours for teenagers.

Most of this time is spent on social network, online information, e-commerce, messaging and emailing, media content portal.

All these activities have one thing in common: AUTHENTICATION. Either we realize it or not anymore, these activities need to be securely managed to protect user’s privacy and identity. As much as we like, as a user, to take this into account, the current solutions are not always helping.

Here are some of the key challenge the authentication world is facing today:

-   The traditional user/login/password seems broken:  recent attacks showed that most of the user ID and profiles information are at risk. WE often see in the news database being ‘hacked’ compromising millions of credit cards numbers, user IDs, login and password.

-   Security should not rely anymore on the complexity of the password: most of the password used by individuals are considered weak. How many of you are using 1234, your date of birth, or the same password for multiple platform.

-   19: that is the number of password that an active online user has to memorize today. Among these, 30% are considered weak. It becomes obvious that this is not manageable anymore as a sole solution.

-   2-3: the number of connected devices that a normal user will manipulate every day. Considering the rise of smart devices, IoT and AR/VR technologies, this number is expected to grow fast. We need universal authentication methodology, device independent.

-   Software based security: as for the user habit, security is also migrating toward software based solutions. The traditional model (think banking card) was to isolate and lock critical information in hardened chips. Now, devices need to be open, connected and updatable. This creates a whole new set of attack vectors for hackers. Hardware based, software based and biometric technologies need to work together to provide stronger, cheap and flexible security.

FIDO proposes a framework of specification to streamline both cases:

-U2F: Universal Second Factor

-UAF: Universal Authentication Framework

The U2F case allows user to couple a strong second factor authentication, with plug & play capability to all legacy product. U2F is immediately compatible with all devices:

The UAF case implies that FIDO was already considered during the design phase by supporting related APIS. The UAF case means that a FIDO authenticator is fully integrated in the device. Common example couples biometric authenticator using FIDO technology as a password replacement or additional security measure:

FIDO proposes a strong (PKI infrastructure),unique(unique device or biometric),multi-platform (one key for different accounts) and convenientsolution for the new online security challenge.

At OSR, we see our role as developer and integrator of ‘crypto related’ technologies. We see FIDO as a unique vehicle for the work we already deliver in IoT, Smart Grid, bitcoin and automotive industry. Hence, our vision is to develop innovative model to use the now available technologies that FIDO is part of.

Here are some examples of the scenarios we work on:

‘Standard’ Authentication: we supply our customers with a full FIDO solution for remote or local access to VPN, CRM or emailing systems. U2F token (USB or wifi enabled) are normally preferred for such case.

Remote Field Workers: OSR also proposed to support your field remote worker deployed at your outside facilities. For example engineers using hardened terminal to collect grid information (electrical and gas consumption, diagnostic) whom may need to authenticate themselves to this terminal.

Project X: this is our confidential, out-of-the-box, secret type of projects we develop for the future of FIDO. Either with technology partner or on our own, think about IoT, GPS, UAV, Blockchain…… more to come soon.

FIDO solutions are composed of:

-Authenticator:  A FIDO Authenticator is responsible for user verification, and maintaining the cryptographic material required for the relying party authentication

-Client: This is the software entity processing the UAF or U2F protocol messages on the FIDO User Device. FIDO Clients may take one of two forms:

o   A software component implemented in a user agent (either web browser or native application)

o   A standalone piece of software shared by several user agents. (web browsers or native applications)

-Servers: Server software typically deployed in the relying party’s infrastructure that meets UAF protocol server requirements

-Browser App:  A set of functionality provided by a common entity (the application owner, aka the Relying Party), and perceived by the user as belonging together

OSR-Lab is developing a full FIDO solution to cover all aspects of FIDO. See below the currently available components:

All components are fully FIDO Certified.

OSR-Lab is also capable to customize its offering to your specified cryptographic needs and proprietary algorithms.

Contact us for more information.