Post on 25-Jul-2020
The FIDO Approach to Privacy
Hannes Tschofenig, ARM Limited1
Privacy by Design History
2
• AnnCavoukian,theformerInformationandPrivacyCommissionerofOntario/Canada,coinedtheterm“PrivacybyDesign”backinthelate90’s.
• Ideawastotakeprivacyintoaccountalreadyearlyinthedesignprocess.
• Cavoukianwentastepfurtheranddeveloped7principles.
• Ittookyearstoinvestigatetheideafurtherandtobecomefamiliarwithprivacyasanengineeringconcept.
Privacy Principles
3https://fidoalliance.org/wp-content/uploads/2014/12/FIDO_Alliance_Whitepaper_Privacy_Principles.pdf
4
No 3rd Party in the Protocol
No Secrets generated on the Server side
Biometric Data (if used) Never Leaves Device
No Link-ability Between Services and Accounts
De-register at any time
No release of information without consent
FIDO & Privacy
AUTHENTICATOR
5
USER VERIFICATION FIDO AUTHENTICATION
Prepare0
STEP 1
FIDO Authenticator
FIDO Server
App WebApp
6
FIDO REGISTRATION
FIDO REGISTRATION
Prepare0
STEP 2
FIDO Authenticator
FIDO Server
App WebApp
7
TLS Channel Establishment
1
No 3rd Party in the Protocol
FIDO REGISTRATION
Prepare0
STEP 2FIDO Authenticator
FIDO Server
App WebApp
8
Verify User & Generate New Key Pair(Specific to Online Service Providers)
Legacy Auth.+ Initiate Reg.
Reg. Request+ Policy
1
2
3
No release of information without consent
FIDO REGISTRATION
Prepare0
STEP 3
FIDO Authenticator
FIDO Server
App WebApp
9
3
Legacy Auth.+ Initiate Reg.
Reg. Request[Policy]
1
2
Reg. Response4
Verify User & Generate New Key Pair(Specific to Online Service Providers)
No Secrets generated on the Server side
10No Link-ability Between Accounts and Services
Website A
Website B
FIDO REGISTRATION(On Multiple Sites)
FIDO REGISTRATION
Prepare0
STEP 4FIDO
AuthenticatorFIDO
ServerApp Web
App
11
3
Verify User & Generate New Key Pair(Specific to Online Service Providers)
Success 5
Legacy Auth.+ Initiate Reg.
Reg. Request+ Policy
1
2
Reg. Response4
Biometric Data (if used) Never Leaves Device
PERSONAL DATA
12
Application-specific Data
Depending on the service(e.g., shipping address, credit card details)
User Verification Data
Biometric data (e.g., fingerprint or voice template,
heart-rate variation data)
FIDO-related Data
Identifiers used by the FIDO and protocols
(e.g., public key, key handle)
Data Minimization,
Purpose Limitation
and protection
against unauthorized
access
Outside the scope of
FIDO
THE BUILDING BLOCKS
BROWSER/APP
FIDO USER DEVICE RELYING PARTY
WEB SERVER
FIDO AUTHENTICATOR
FIDO SERVERFIDO CLIENT
ASM
TLS Server Key
CryptographicAuthentication
Public Keys DB
AuthenticationPrivate Keys
Attestation Private Keys
Authenticator Metadata
& Attestation Trust Store
FIDO UPDATE
13
ATTESTATION
14
… …SE
Howisthekeyprotected(TPM,SE,TEE,…)?Whatusergestureis
used?
14
CanIbetrackedusingtheattestationmethod?
AUTHENTICATOR
USER VERIFICATION FIDO AUTHENTICATION
ATTESTATION & METADATA
FIDO ServerFIDO Authenticator
Metadata
Signed Attestation
Object
Obtain meta-data from
Metadata Service or Other Sources
Understand Authenticator Characteristic
15
ATTESTATION & METADATA
16
• BasicAttestationAsetofauthenticators(ofthesamemodel)shareoneattestationcertificate.Injectedatmanufacturingtime
• PrivacyCAEachauthenticatorhasaunique“endorsement”key.AuthenticatorgeneratesanattestationkeyandrequestsanattestationcertificatefromaPrivacyCA(usingtheendorsementkey)atrun-time.
• DirectAnonymousAttestation(DAA)EachauthenticatorreceivesonesetofDAAattestationcredentials.Privatekeyisuniquetoauthenticatorbutunlinkable.
Mapping to Regulatory Requirements
17
• FIDOprivacyprinciplesguidedtheworkinsidetheFIDOAllianceontechnicalspecifications.
• Interoperabilitytestsandcertificationprogramsverifyimplementations.
• Regulationimpactsthosewhodeployservices.• Intentionally,theFIDOprinciplesaremoredetailed
versionsofalreadyexistingregulatoryrequirements.• Upcomingwhitepaperexplainstheregulatoryrequirements
toFIDO-offeredfunctionality.• OffersmappingbasedontheEuropeanDataProtection
Directive(95/46/EC)andtheIdentityEcosystemSteeringGroup(IDESG)privacyprinciples.
Summary
18
• WiththeworkinFIDOwehavebeentryingtoexercisetheprivacybydesign philosophy.
• Whitepaperexplainstheprivacyprinciples.Thoseprincipleshavebeentakenintoaccountduringtheworkonthetechnicalspecifications.
• Uniqueprivacycharacteristics:• UserverificationhappenslocallyattheAuthenticator• Nocentrallycreatedormanagedcredentials.• Reducedtrackingcapability.