Implementation Case Study by eWBM
•
2 recomendaciones•2,732 vistas
Universal MFA FIDO Device for PC Use by eWBM - Presented at FIDO Korea Working Group Technical Seminar on July 16th, 2018
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Implementation Case Study by eWBM
Similar a Implementation Case Study by eWBM (20)
Más de FIDO Alliance
Más de FIDO Alliance (20)
Último
Último (20)
Implementation Case Study by eWBM
- 1. All Rights Reserved | FIDO Alliance | Copyright 2018 An Universal MFA Fido Device for PC use Stephen Oh eWBM 1
- 2. All Rights Reserved | FIDO Alliance | Copyright 2018222222 eWBM is a Fabless Semiconductor company. We are “Fabulous Fabless” Founded on Oct. 15th, 2009 CEO : Stephen Oh / Ph.D. Business area : Security IoT MCU (Microprocessor) Our Version • Create New Market using Disruptive Technology
- 3. All Rights Reserved | FIDO Alliance | Copyright 2018333333 Fido is The Best application for eWBM “ What’s special about eWBM’s authenticator? ” Answer : (1) Security by design (2) Bottom-up Design using a single Chip (3) Strong Int’l Partnerships Service Layer HAL Layer FIDO SECUREDB I/OINTERFACECRYPTOHWACCELERATOR PHY CRYPTOFW UAF FP U2F MANAGER AES SHA ECC RSATRNG ENCRYPTION COMMAND DISPATCH Application Layer AES/SHA TRNGRSA/ECC UART BSPISPI GPIO … DECRYPTION FIDO2 Security MCU (MS500) of eWBM Fido Protocol : eWBM Cyberbridge Fingerprint Recognition: Precise Biometric Crypto Embedded HW engine
- 4. All Rights Reserved | FIDO Alliance | Copyright 2018444444 FIDO(Fast IDentity Online) CURRENT BIOMETRIC SYSTEM ⚫ VulnerabilityfromBiometricdata transmission ⚫ HackingVulnerabilityofBiometricdata on theServer side PROBLEM OF ID/PW SYSTEM ⚫ MultipleID / PASSWORD pairsto remember ⚫ PASSWORDrequirementgetting complicatedand hard to managedue to frequentupdates ⚫ Easyto be hacked-- Securitynightmare! FIDO ⚫ No 3rd Party in the Protocol ⚫ No PASSWORD on the server side ⚫ No Private key on the server side ⚫ No Biometric data transmission ⚫ Easy to use but very secure ⚫ Biometric Data is safely stored in device ⚫ Biometric Recognition done in secure region ⚫ No Personal information transmission out from device ⚫ Cryptography based protocol What eWBM’s Security MCU offers
- 5. All Rights Reserved | FIDO Alliance | Copyright 2018555555 Inside eWBM’s MFA Fido Authenticator USB Chip MS500 SPI SPI USBTypeA 1. All Crypto functions 2. Fido Protocol 3. Fingerprint Recognition Algorithm 4. Fingerprint template stored encrypted 5. All Crypto keys stored encrypted 6. Each device has unique key set 7. Secure Booting Next Gen MCU will include USB interface
- 6. All Rights Reserved | FIDO Alliance | Copyright 2018666666 FIDO(Fast IDentity Online) • Lower cost for the Enterprise • Simpler Use for Consumer • Stronger Security for Online ServicesStronger Security Lower Cost Simpler Use “Benefits of eWBM”s FIDO Solution” Securebooting Securestorage Simple and LowCost JustScanyour Fingerprint
- 7. All Rights Reserved | FIDO Alliance | Copyright 2018777777 Why eWBM’s MFA Fido Device? True MFA (Multi-factor Authentication) in One Device Biometric MFA is safer than PIN based MFA → “Something you are” vs “Something you know” Cases for using previous generation computers without Biometric sensor → External MFA Device Cases for using Company and/or Government provided Computers → Use Fido MFA device without providing your Biometric data Cases for using Internet Café PC’s (PC room in Korea) → Overcome the vulnerability of shared computers
- 8. All Rights Reserved | FIDO Alliance | Copyright 2018888888 eWBM’s MFA Fido Device feature Covers all Types of Fido protocols • U2F / UAF / FIDO2 Extra Level of Security • Secure Storage ⇒ Fingerprint data never leaves the device ⇒ FIDO Authenticator Security Parameters securely stored • Secure Boot ⇒ FW securely stored with encryption and integrity check True Multi-factor Authenticator with One Device • Authenticator – something you have • User verification – Biometrics (something you are) Multiple OS Support • Windows, MacOS, Linux Platform WebAuthn CTAP1 CTAP2 U2F Authen FIDO2 Authen
- 9. All Rights Reserved | FIDO Alliance | Copyright 2018999999 eWBM’s MFA Fido Authenticator eFA450 (engineering sample)
- 10. All Rights Reserved | FIDO Alliance | Copyright 2018101010101010 eWBM’s MFA Fido Authenticator eFA500
- 11. All Rights Reserved | FIDO Alliance | Copyright 2018111111111111 eWBM’s MFA Fido Authenticators USBforPC Protection Sleeve SnoopingResistance Fingerprintsensor Ruggeddesignforfinger pressingapplication Securechip(MS500) forMaximumsecurity (both fingerprintrecognitionand Fido protocolhappeninsidethe chip) Allbiometricdata storedinside thechipencrypted – no onecanaccessthestored information USBforPC 국산센서
- 12. All Rights Reserved | FIDO Alliance | Copyright 2018121212121212 eWBM’s MFA Fido Authenticator https://www.youtube.com/watch?v=QpP6bdnzvPQ
- 13. All Rights Reserved | FIDO Alliance | Copyright 2018131313131313 eWBM MFA Fido Authenticator Status U2F Inter Op Test • Both eFA450/500 certification (Jul 25, 2018) Fido2 Certification • Passed Self conformance test • Inter Op Test (Aug 20, 2018) Fido Security Certification • Ready for Fido Security L2 (2018 3Q) EMC Certification (Jul ~ Aug, 2018) → KC (Korea), CE (EU), FCC (US) MP Jul ~ Aug 2018
- 16. All Rights Reserved | FIDO Alliance | Copyright 2018 Consumers • Web Surfing, Shopping ⇒ online user authentication • Gaming ⇒ In-Game item purchase • PC Banking and Trading • PersonalAccess Control ⇒ door lock, locker, accessories • Blockchain ⇒ Cold Wallet 161616161616 MFA Device Applications (1) Public worker application • Secure Government workers ⇒ User Verification ⇒ SecuringApproval processor • Public Service security ⇒ Online authentication ⇒ Petition document control Education/Training • User Verification for online lecture • UserAuthentication for transactions
- 17. All Rights Reserved | FIDO Alliance | Copyright 2018171717171717 MFA Device Applications (2) Corporate Applications • Access Control ⇒ Documents access control based on position/function • ElectronicApproval ⇒ No Substitute approval possible • Entrance control ⇒ Current Biometric systems are hackable ⇒ Multiple location office • Privacy protection Service sector • Verification of Customer visiting Service Person ⇒ Even in non-secure situation • Access Control ⇒ FunctionalityAwareAccess Control IT • Server and IT system manager authentication ⇒ Much safer than login/password pair • Equipment user authentication ⇒ Much safer than login/password pair
- 18. All Rights Reserved | FIDO Alliance | Copyright 2018181818181818 FKWG에서의 eWBM 역할 및 향후 기대 1. FKWG → 타 Regional working group과는 달리 새로운 표준 Fido 전체에 확산 가능 • 반도체 개발 업체인 eWBM이 FKWG의 멤버인 이유 • IoT (사물인터넷)에 Fido 적용한 새로운 표준 개발 • 디바이스 회사로서 역할을 감당할 예정 2. FKWG의 혜택 • FKWG를 통해 Fido 관련 대부분의 업체와 교류 가능 • 대부분의 멤버들은 SI 업체 이거나 서비스 업체로 구성 • 대부분 eWBM의 잠재적 고객사 3. 향후 기대 → 멤버사간 단순한 비즈니스 관계보다는 전략적 제휴를 통한 해외 시장 진출
- 19. All Rights Reserved | FIDO Alliance | Copyright 2018191919191919 Summary Fido MFA device based on eWBM’s security MCU → optimized for best performance and price Device will be available this (2018) summer! eWBM’s device is one of the first true MFA Fido devices in industry → external authentication device with Fingerprint Recognition This device is for you when you CANNOT provide full Fido experience to your customer only with Smartphone We are still a semiconductor company → Fido Solution (Development Platform) and Fido Module are available
- 20. All Rights Reserved | FIDO Alliance | Copyright 2018 감사합니다.