• Keine Ergebnisse gefunden

A New Approach For FIDO UAF - cloud-based FIDO Client

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2021

Aktie "A New Approach For FIDO UAF - cloud-based FIDO Client"

Copied!
7
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 7 Seite )

Volltext

(1)

Prof. Dr.

(TU NN)

Norbert Pohlmann

Institute for Internet Security - if(is)

Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net

A New Approach For FIDO UAF

 Advantages of a cloud-based FIDO Client

(2)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

FIDO

 The classic approach

 FIDO Client is browser extension/plugin

 Authenticator specific module and authenticator are installed in the user's system

(3)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

FIDO

 A new approach (XignQR)

FIDO Client is modelled as cloud-based service (FIDO Proxy) Authenticator specific module and authenticator are installed in the cloud system

Keys generated by authenticator are stored on the XignQR-Server in a High level Security Module (HSM)

User experience is unchanged 3

(XignQR-App) (XignQR-Server)

(4)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

FIDO – A new approach

 Advantages

 Usable with any browser (Independent of browser vendors)  Does not rely on plugins or extensions,

therefore usable with public terminals

 Keys are stored in a secure environment

(no requirement for TPM as secure key storage)

 Loss of user device not so fatal

(keys are stored in cloud-system's HSM)

 Authenticator needs to be registered only once

(5)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

FIDO – A new approach

 New Use Cases

 The alternative approach enables new use cases in scenarios other

than web authentication

 Terminals without displays (charging stations, …)

 Physical access management (smart home, industrial Internet, …)  Mobile transactions (mobile commerce, …)

 …

(6)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any

FIDO – A new approach

 Requirements for alternative scenarios

 There where are no displays involved:

 Authentication and transaction confirmation by XignQR

and static QR Code

 XignQR (Smartphone-XignApp) displays transaction data

and receives user's confirmation

 XignQR System delivers FIDO assertions on behalf of user to

FIDO Server

 XignApp communicates with FIDO Client Proxy in cloud-system

(7)

Prof. Dr.

(TU NN)

Norbert Pohlmann

Institute for Internet Security - if(is)

Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net

Thank you for your attention!

Questions?

A New Approach For FIDO UAF

 Advantages of a cloud-based FIDO Client

Referenzen

Jetzt herunterladen ( PDF - 7 Seite - 421.13 KB )

ÄHNLICHE DOKUMENTE

Grundlagen der FIDO-Authentifizierung und Vergleich mit traditionellen Authentifizierungsverfahren

Der Schlüssel wird für die Authetifizierung benutzt und der Fingerabdruck muss nicht an den Server weitergegeben werden, der Fingerabdruck wird nur für die lokale Authentifizierung

Artificial Intelligence (AI) for Cyber Security - Prof. Pohlmann

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any Success Factors – AI /

Blockchain Security - Prof. Dr. Norbert Pohlmann -

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any BlockChain -Technology

eIDAS - Remote Signatures / Seals - A concept for...

Norb ert P ohlm ann, Ins titute f or I ntern et S ecuri ty - if (is), W es tphal ian U niv e rsity of Applie d Sci ence s Ge lsen kirch en, Ger m any eIDAS Regulation 

The next step in IT security after Snowden - Pohlmann

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any Paradigm Shift – (3).

Network Security in Building Networks - Prof. Norbert Pohlmann

Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any OS 23 Paradigm Shift

How global is the village Internet - Reality, Necessities...

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any 27 User Companies

Changing the defense paradigms to protect the Cyber

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any.. Too many vulnerabilities in