2019 FIDO Seoul Seminar - Moving Beyond Passwords

Moving Beyond
Passwords
23 September 2019 | Seoul

All Rights Reserved | FIDO Alliance | Copyright 20192
Welcome
FIDO Seoul Seminar
23 September 2019

Agenda: Morning

Agenda: Afternoon

Sponsors

Opening Remarks
FIDO Seoul Seminar
23 September 2019

Please welcome Mr. Jae Moon Park @ TTA
Mr. Jae Moon Park
President
Telecommunications Technology Association

Latest News & Perspectives
from FIDO Alliance
FIDO SEMINAR
SEOUL
23 SEPTEMBER 2019
Andrew Shikiar
Executive Director & CMO
FIDO Alliance

Historical context
Key progress points
The future of FIDO Authentication

(Not) breaking news: Password problems
credentials
stolen in
2017 alone
(Shape Security)
2.3 billion
cost to U.S.
businesses
each year
(Shape Security)
$5 billion
36% rise
in phishing
attacks
in 2018
(Webroot)
1,244
breaches in 2018, a 126% jump
in exposed records containing PII
(Identity Theft Resource Center 2018 Breach Report)
51%
of passwords
are reused
across services
(University of Oxford)
collectively spent by
humans each day entering
passwords
(Microsoft)
1,300 years
e-commerce sites’
attempted log-ins
are compromised
by stuffing
(Shape Security)
80-90%
Password-driven cart
abandonment rate
(Visa)
49%
Of IT leaders re-use a
single password
(Sailpoint)
55%
Of helpdesk calls are
for password resets
(Forrester)
20-50%
OF PEOPLE HAVE FELT STRESSED OR ANNOYED
AS A RESULT OF FORGETTING THEIR PASSWORD
(Okta)
62%

+ Sponsor members + Associate members + Liaison members
An industry movement to solve the
password problem

Industry imperative: Simpler and
stronger
Security
Usability
Poor Easy
WeakStrong
=
Single Gesture
Possession-based Authentication
Open standards for simpler,
stronger authentication using
public key cryptography

FIDO Specifications
UAF U2F
CTAP WebAuthn

Backed By Certification
• Functional Certification (End-to-End):
• Conformance Testing
• Interoperability Testing
• Universal Server:
• Ensures compatibility with all FIDO Certified Authenticators
• Nok Nok, Hancom Secure, LINE, KDDI, Quado, …
• Security Certification Levels
• How well do you protect the private key?
• 3rd-party laboratory verification
• Complemented by Biometric Component certification

Biometric Component Certification
• Validates biometric components against
globally-recognized standards FRR, FAR, PAD
• 3rd-party laboratory verification: 5 labs
accredited including TTA
Galaxy S10 and S10+
FIRST TO ACHIEVE
FIDO BIOMETRIC
CERTIFICATION

FIDO2 Platform/browser support: progress
*NEW* Now shipping
in Safari 13
Hello
• Since May 2018
• Broader matrix of support in
2019

Cross-platform deployment capabilities
Hello

Standardization across other
organizations
WebAuthn meets
W3C Final
Recommendation
FIDO CTAP and
FIDO UAF are
ITU standards
ISO 27553,
29115 engagement

The future of FIDO Authentication

InternetofThingsIDVerification
Gaps in adjacent areas need to be filled
for FIDO mission to be realized
Only9%ofcompanieswarnemployees
aboutIoTrisks
6wayssmartdevicescan
behacked
Hackersusednewweaponstodisruptmajor
websitesacrossU.S.
Howtoprotectyourbusinessfrom
accounttakeoverattacks:
3tips
Thirdpartydatabreach
hitsQuestDiagnosticswith
12millionconfidentialpatientrecords
exposed
Here’sthebestwaytoprotectyouraccounts
fromhackertakeovers

Our plan to fill these gaps: new work areas
Device & User Verification
and Onboarding
Authentication
Federation
Single
Sign-On
Strengthen identity verification assurance
to support better account recovery
Automate secure device onboarding to
remove password use from IoT.

Why FIDO and ID Verification?
FIDO Authentication
has been proven to
protect against
account takeover
through phishing and
other credential-
based attacks.
But…
“What happens if
I lose my FIDO
authenticator?”
For accounts protected
with FIDO Authentication, the
account recovery process
when a FIDO device is lost or
stolen becomes critical to
maintaining the integrity of
the user’s account.

IDWG
ADDRESSING THE GAPS:
ID VERIFICATION & BINDING WORKING GROUP
• Define criteria for solution performance
• Create and deploy a program to support
the adoption of that criteria
• Similar to biometric certification programs
with test requirements, lab procedures, etc.
• Will collaborate with the FIDO Certification
Working Group (CWG) and Certification
Secretariat
• Produce thought leadership white papers
to promote the utilization and market
awareness of the new program
Provide authoritative guidance
and solution certification
programs for possession-based
identity verification procedures.
This includes (but is not limited
to) government-issued identity
document authentication and
biometric “selfie” matching.
MISSION: ACTIVITIES:
IDWG will:

Why is FIDO focusing on IoT ?
• The IoT industry is looking to standardize identity of devices,
remove passwords and automate the binding of devices to the
cloud applications – and
• FIDO has a proven track record of removing password
dependence for user authentication and can now brings its vision
for passwordless authentication to IoT.
• IoT brings adjacent use cases for user-less, automated
authentication – introducing new ‘smart’ intermediaries for
secure authentication of IoT devices
• The automated secure onboarding of IoT devices will remove the
need for a password – eliminating a critical vulnerability for
businesses and consumers worldwide

IOT
WG
ADDRESSING THE GAPS:
IOT TECHNICAL WORKING GROUP
Develop use cases, target architectures, and
specifications covering the following topics:
• IoT Device Attestation/Authentication profiles to
enable interoperability between relying
parties and IoT devices
• Automated onboarding, and binding of
applications and/or users to IoT devices
• IoT device authentication and provisioning via
smart routers and IoT hubs
• Gap analysis and extensions/modifications
(where necessary) of existing FIDO specifications
related to IoT authentication, platforms and
protocols
Provide a comprehensive
authentication framework for
IoT devices in keeping with
the fundamental mission of
the FIDO Alliance:
passwordless authentication.
MISSION: ACTIVITIES:

Informational
materials
Further enabling the ecosystem
Developer
library
Workshops Hackathons
Giving deployers the tools to “pick their own
path” to FIDO rollout
Case Studies

Getting Started with your FIDO
Deployment
• Match your use case to FIDO’s specifications
• Leverage publicly available resources
• Case studies
• Best practices
• Developer tools
• Seek FIDO Certified Vendors
• Engage with the FIDO Community / FKWG

The Future of User Authentication
FIDO Authentication is the industry’s answer to the password problem
INDUSTRY SUPPORT
FIDO represents the
efforts of some of the
world’s largest
companies whose very
businesses rely upon
better user
authentication
THOUSANDS OF
SPEC DEVELOPMENT
HOURS
Now being realized in
products being used
every day
ONGOING
INNOVATION
Specifications,
certification programs,
and deployment
working groups
establishing best
implementation
practices
ENABLEMENT
Leading service
providers representing
billions of user
identities are already
FIDO-enabling their
authentication
processes

Get involved in the FIDO ecosystem
@FIDOALLIANCE
WWW.FIDOALLIANCE.ORG
Andrew Shikiar
andrew@fidoalliance.org

Korean Market Trends &
Opportunities
- Panel Discussions -
FIDO Seoul Seminar
23 September 2019

Please welcome the panelists
Dongho Kim
Samsung SDS
Junho Shin
Telecommunication Technology Associations
Youngsuk Hong
eWBM
David Ahn
CrossCert
Yoosurk Han
AirCuve
Youngwoong Park
BC Card

Question No. 1
“Please introduce yourself and the
organization you are representing while
explaining what FIDO means to you and your
organization.”

Question No. 2
“What are the notable FIDO related news or
events that you witnessed or experienced this
year? (or expect to see in 4th quarter of
2019?)”

Question No. 3
“In terms of FIDO Deployment in Korea, what
do you expect to see in year 2020 and going
forward?”

Anything else you wish to
share with audience today?

Agenda: Morning

FIDO Hackathon Cases
& Award Ceremony
FIDO Seoul Seminar
23 September 2019

Please welcome FKWG Co-Chairs
Henry Jong-Hyeon Lee
Senior Vice President, Mobile Security Technologies
Samsung Electronics Co., Ltd.
Sanghun Won
Head of Digital Laboratory
BC Card Co., Ltd

Case Presentations
- Top 3 Award -
Ping Point
By N-Key X LINE

Current Problems
N-Key X LINE
Time-Consuming to Authenticate Users Vulnerable to Data Breach

Challenges
N-Key X LINE
• Difficulty of
Remembering
• High Possibility of
Leakage
• Inconvenience of
Typing at Kiosk
E-mail / Password
• Low Level
Recognition of
Barcode
• Inconvenience
From The Process
of Turning On
Barcode
Barcode
• The Need To
Carry Membership
Card All The Time
• Risk of Losing
Card
Membership Card
• Potential Risk of
Identity Theft
• Difficulty of
Verifying Users
Phone-Number

Solution
N-Key X LINE
FIDO2

Why NFC?
N-Key X LINE
NFC Trigger FIDO
Auth

Service Structure
N-Key X LINE
KIOSK
RP Server
Android
NFC
HTTPS
HTTPS
HTTPS
LINE FIDO Server

Result (Register)
N-Key X LINE

Result (Membership Authentication)
N-Key X LINE

Overview (PingPoint Application)
N-Key X LINE
Splash Log-in FIDO Login Simple PasscodeRegister

Overview (PingPoint Application)
N-Key X LINE
Main Membership Point List Store Search Menu My Page

Experience
N-Key X LINE
Teamwork and Collaboration Learning New Skills

Award Ceremony
- Top 3 Award -
Ping Point
By N-Key X LINE
Gift Sponsors:

Case Presentations
- Special Award -
KwangHae X Yubico & AirCuve
LinkME X BC Card
KISMI X eWBM
Soondae X Yubico & AirCuve

FIDO2 Enabled SSH Login
KwangHae X Yubico & AirCuve
● Linux Servers are highly popular
● Public IP Address In Linux
→ Easy Target for Attackers
● 81% of Company Data Breaches
due to Poor Passwords
● Customized PAM
● FIDO2 authentication service
Enables Easy-to-use yet Highly
Secure Login
● Eliminates need for End-User
Password Management
Linux ssh login system with FIDO 2.0 protocol
Challenges Solution

FIDO Enabled Blockchain Crowdfunding
LinkME X BC Card

Decentralized ID Based ERP System
KISMI X eWBM
Decentralized ID based ERP system
- FIDO2와 블록체인 기반의 공증센터에서 분산 ID를 발급, 인증
- 멀티 클라우드 분산 저장소에 전자문서와 분산 ID 보관
- 분산 ID 공증센터, 근태관리 시스템, 전자문서 이력관리 시스템
- 하나의 분산 ID로 연결된 모든 서비스 사용 가능
K-AUTH 공증센터
K-EMS 근태관리시스템
K-DMS 전자결재시스템
…
Blockchain
Team
박성갑 연구소장
김창규 팀장
어다희 팀원
서동권 팀원
박두현 팀원
Technology
특허 4건
저작권 4건
MVP 10건
Mentor
해커톤 성과
KISMI 소개 도전과제
1. One ID & Passwordless
2. 디지털 신원관리 체계
3. 클라우드 기반 분산 저장
직원ID(분산ID) Windows Hello Login 사내 시스템 사용

FIDO2 Enabled WiFi Authenticaiton
Soondae X Yubico & AirCuve
❖ Agenda
⮚ To use FIDO to authenticate securely on public WiFi
❖ Challenge
⮚ User connections are widely exposed on open WiFi networks, convenient yet secure authentication is needed to
protect user data
❖ Solution
⮚ Improve the user experience by introducing FIDO2 authentication to enhance end user security on a WiFi network
❖ Implementation
②
③ EAPEAP
EAP
①
① EAP
②
③
① Supplicant must establish HTTPS (TLS) session using RP’s
link within EAP for target AP.
② RP to send the received data to Server
③ Response data from the server is returned to supplicant using
EAP

Award Ceremony
- Special Awards -
KwangHae: Industry Contribution
LinkME: Great Pitch
KISMI: Mentor’s Choice
Soondae: Moonshot
Gift Sponsors:

Case Presentations
- Top 3 Award -
QR Code Info Protection
By Jekyll & Hyde X Samsung

Social & Technical Challenges
Jekyll & Hyde X Samsung

Your Identity: Protect & Hide

Challenges with Existing Technologies

Our Approach to Tackle the Challenges

Service Demonstration: Jekyll & Hyde

Use Case Example

Service Needs & Hackathon Performance

Award Ceremony
- Top 3 Award -
QR Code Info Protection
By Jekyll & Hyde
Gift Sponsors:

Case Presentations
- Special Award -
Drones Without Password X SK Telecom
Umbridge X SK Telecom
Social Mix X BC Card
EASY X CrossCert

Drones Without Password
Drones Without Password X SK Telecom
Problems of common drones
: Low security, Hard to identify users
Experiences during the project
: Complexity of drones, Helpful advices from mentors
I. II.
IV.III.
Project Goal
: FIDO Drone, Check validation of key
Project Goal
: FIDO Drone authentication system

Umbridge
Umbridge X SK Telecom
Motive for participation
- Interesting of biometric authentication protocol
Challenges
- Technical challenges - Embedded Model Design and Fabrication, FIDO protocol
connection
- Social challenges - Increased Umbrella Reusability
Experience
- Learned in detail about FIDO authentication.
- FIDO authentication implementation
Achievement
- Good mentors

Cell Market X FIDO UAF
Social Mix X BC Card

Authentication Application for Low-Income Bracket
EASY & CrossCert
Process
Purpose EASY - CrossCert
Making certification easier for low-income bracket
Easy team surveyed 50 people
 They need online low-income people certification
application
 Start Development
FIDO & IoT
It is supported two features.
1. A function to submit and authenticate documents that prove low-income people
in the app itself
2. A function to unlock unmanned locker which is stored support product for low-
income people by FIDO
< fingerprint authentication (FIDO) >
< Locker & touch panel>
1. join membership
2. registration of documents
3. an application for products
4. receipt of products

Award Ceremony
- Special Awards -
Drones Without Password: Shark Tank
Umbridge: Best Implementation
Social Mix: Idea
EASY: Impact
Gift Sponsors:

Case Presentations
- Top 3 Award -
Decentralized ID-Based Electronic
Signature Contract Solution
By TEEware X CrossCert

Start-up while researching TEE and FIDO
TEEware X CrossCert

Beyond Authentication
TEEware X CrossCert
FIDO
Simpler,
Stronger,
Authentication
Why not
Digital Signature?
Contract
Transaction Confirmation
Document Signing

Problems of Handwritten Signatures
TEEware X CrossCert
Can you tell the difference?
A B

Forgeable Handwritten Signatures
TEEware X CrossCert

Benefits of Digital Signatures
TEEware X CrossCert
Original Forgery Verification
Handwritten
signature
Digital signature
aa634aa83b7a532e95ad4075b859d6b7b
b347fa6630474e8c7250e8679dba94a3ed
b7b705253badb79d48492f90265210b0f0
2afd7d2e95c3d8bd5cf4d4d33d0
aa634aa83b7a532e95ad4075b859d6b7
bb347fa6630474e8c7250e8679dba94a
3edb7b705253badb878b106ef9026521
0b0f02afd7d2e95c3d8bd5cf4d4d33d0
Ask writing expert
✔ Cost
✔ 2~7 days to verify
Automatic verification
✔ By any computer
✔ Immediately verifiable
Signing documents with FIDO -> Easier verification!

Two Components of Signing
TEEware X CrossCert
Who signed it?
“Identity”
Did the person
actually signed it?
“signature”

Traditional Off-line Document Signing
TEEware X CrossCert
< Identity >
A person's identity is verified with
physical ID card
< Signature >< Contract >

FIDO-DID based On-line Document Signing
TEEware X CrossCert
Only device owner
can make digital signature
Digital signature proves
the device owner signed
the document
aa634aa83b7a532e95ad4075b859
d6b7bb347fa6630474e8c7250e86
79dba94a3edb7b705253badb79d
48492f90265210b0f02afd7d2e95c
3d8bd5cf4d4d33d0
DID proves the identity
of device owner
< Signature >< Identity >
< Device owner > < FIDO authenticator >

DID(Decentralized Identity)
TEEware X CrossCert
Federated
✔ DID is a blockchain-based digital identity service.
✔ DID is emerging global standard for representing digital identity.
Isolated
Self-sovereign
Decentralized

Visualizing a DID
TEEware X CrossCert
Name
DID Identity ID: did:teeware:1234567890abcdef
David Kim
City
Seoul
Country
Republic of Korea
Birth Validity
1990-01-01 2024-01-01
----- BEGIN PUBLIC KEY ----- MIIEpQIBAAKCAQEA0amz+6t8OE0ceIqscfk7U
DkVtpJ9jy/pCoHDwH/SELJvtW9eaLjC9PU6pDH ----- END PUBLIC KEY -----

Service Scenario: Registration
TEEware X CrossCert
Enter Personal
Information
Register
FIDO Authenticator
Record DID
to Blockchain
Lookup DID

Service Scenario: Document Signing
TEEware X CrossCert
Select Document
FIDO Authentication
Send Document
Verify Signtature

CrossCert X TEEware
TEEware X CrossCert

Real-world Application
TEEware X CrossCert
Integrating FIDO-DID digital signature to
ReDWit's Electronic Lab Notebook service
x x
< Requirements for Official Lab Notebook >

FIDO-based DID for Digital Signature
TEEware X CrossCert
FIDO
Usable
Secure
Strong
DID
Distributed
Self-sovereign
Universal
Simple and Secure Document Signing Service built with FIDO and DID

Award Ceremony
- Top 3 Award -
Decentralized ID-Based Electronic
Signature Contract Solution
By TEEware
Gift Sponsors:

Sponsor Showcase
- Egis Technology -
FIDO Seoul Seminar
23 September 2019

It all started
with the
password
Protected
passwords with
salted hash
One-time
passwords
emerge
Public-key
infrastructure
2FA adoption
takes hold
Smartphone
era
Mid-90s detour:
CAPTCHAs
The 60s
The 70s
The 80s
The 2000s
The 2010s
The 90s
Passwordless
NextDigital authentication Roadmap:
The past, present and uncertain future of the keys to online identity
https://www.geekwire.com/2018/digital-authentication-human-beings-history-trust/

Agenda: Morning

Agenda: Afternoon

2019 FIDO Seoul Seminar - Moving Beyond Passwords

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a 2019 FIDO Seoul Seminar - Moving Beyond Passwords

Similar a 2019 FIDO Seoul Seminar - Moving Beyond Passwords (20)

Más de FIDO Alliance

Más de FIDO Alliance (20)

Último

Último (18)

2019 FIDO Seoul Seminar - Moving Beyond Passwords