Uploads Contact
/
Login Upload
The FIDO Approach to Privacy The FIDO Approach to Privacy

The FIDO Approach to Privacy - PowerPoint Presentation

desiron
desiron . @desiron
Follow
343 views
Uploaded On 2020-09-22
About Share Download

The FIDO Approach to Privacy - PPT Presentation

Hannes Tschofenig ARM Limited 1 Privacy by Design History 2 Ann Cavoukian the former Information and Privacy Commissioner of OntarioCanada coined the term Privacy by Design back in the late 90s ID: 812009

privacy fido attestation authenticator fido privacy authenticator attestation server key app data user reg principles amp step registration web

Share:

Link:

Embed:

Download Presentation from below link

Download The PPT/PDF document "The FIDO Approach to Privacy" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

Slide1

The FIDO Approach

to Privacy

Hannes Tschofenig, ARM Limited

1

Slide2

Privacy by Design History

2

Ann

Cavoukian

, the

former Information and Privacy Commissioner

of Ontario/Canada, coined the term “Privacy by Design” back in the late 90’s.

Idea was to take privacy into account already early in the design process.

Cavoukian

went a step further and developed 7 principles.

It took years to investigate the idea further and to become familiar with privacy as an engineering concept.

Slide3

Privacy Principles

3

https://

fidoalliance.org/wp-content/uploads/2014/12/FIDO_Alliance_Whitepaper_Privacy_Principles.pdf

Slide4

4

No 3rd Party in the Protocol

No Secrets

generated on

the Server side

Biometric Data (if used) Never Leaves Device

No Link-ability Between

Services and Accounts

De-register at any time

No release of information without consent

Slide5

FIDO & Privacy

AUTHENTICATOR

5

USER VERIFICATION

FIDO AUTHENTICATION

Slide6

Prepare

0

STEP 1

FIDO

Authenticator

FIDO

Server

App

Web

App

6

FIDO REGISTRATION

Slide7

FIDO REGISTRATION

Prepare

0

STEP 2

FIDO

Authenticator

FIDO

Server

App

Web

App

7

TLS Channel Establishment

1

No 3rd Party in the Protocol

Slide8

FIDO REGISTRATION

Prepare

0

STEP 2

FIDO

Authenticator

FIDO

Server

App

Web

App

8

Verify User & Generate New Key Pair

(Specific to Online Service Providers)

Legacy Auth.

+ Initiate Reg.

Reg. Request

+ Policy

1

2

3

No release of information without consent

Slide9

FIDO REGISTRATION

Prepare

0

STEP 3

FIDO

Authenticator

FIDO

Server

App

Web

App

9

3

Legacy Auth.

+ Initiate Reg.

Reg. Request

[Policy]

1

2

Reg. Response

4

Verify User & Generate New Key Pair

(Specific to Online Service Providers)

No Secrets

generated on

the Server side

Slide10

10

No Link-ability Between

Accounts and Services

Website A

Website B

FIDO

REGISTRATION

(On Multiple Sites)

Slide11

FIDO REGISTRATION

Prepare

0

STEP 4

FIDO

Authenticator

FIDO

Server

App

Web

App

11

3

Verify User & Generate New Key Pair

(Specific to Online Service Providers)

Success

5

Legacy Auth.

+ Initiate Reg.

Reg. Request

+ Policy

1

2

Reg. Response

4

Biometric Data (if used) Never Leaves Device

Slide12

PERSONAL DATA

12

Application-specific Data

Depending on the service

(e.g., shipping address, credit card details)

User Verification Data

Biometric data

(e.g.,

fingerprint or voice

template,

heart-rate variation

data)

FIDO-related Data

Identifiers used by

the

FIDO

and protocols

(e.g., public key, key handle)

Data

Minimization,

Purpose Limitation

and

protection

against unauthorized

access

Outside the scope of FIDO

Slide13

THE BUILDING BLOCKS

BROWSER/APP

FIDO USER DEVICE

RELYING PARTY

WEB SERVER

FIDO AUTHENTICATOR

FIDO SERVER

FIDO CLIENT

ASM

TLS Server Key

Cryptographic

Authentication

Public

Keys DB

Authentication

Private Keys

Attestation

Private Keys

Authenticator

Metadata

& Attestation

Trust Store

FIDO

UPDATE

13

Slide14

ATTESTATION

14

SE

How is the key protected (TPM, SE, TEE, …)?

What user gesture is used?

14

Can I be tracked

using the attestation method?

AUTHENTICATOR

USER VERIFICATION

FIDO AUTHENTICATION

Slide15

ATTESTATION & METADATA

FIDO Server

FIDO

Authenticator

Metadata

Signed

Attestation

Object

Obtain meta-data

from

Metadata

Service or Other

Sources

Understand Authenticator

Characteristic

15

Slide16

ATTESTATION & METADATA

16

Basic

Attestation

A set of authenticators (of the same model) share one attestation

certificate.

Injected at manufacturing time

Privacy CA

Each authenticator has a unique “endorsement”

key.

Authenticator generates an attestation key and requests an attestation certificate from a Privacy CA (using the endorsement key) at

run-time

.

Direct Anonymous Attestation

(DAA

)

Each authenticator receives one set of

DAA attestation credentials.

Private

key is unique to authenticator but

unlinkable

.

Slide17

Mapping to Regulatory Requirements

17

FIDO privacy principles guided the work inside the FIDO Alliance on technical specifications.

Interoperability tests and certification programs verify implementations.

Regulation impacts those who deploy services.

Intentionally, the FIDO principles are more detailed versions of already existing regulatory requirements.

Upcoming whitepaper explains the regulatory requirements to FIDO-offered functionality.

Offers mapping based on the European Data

Protection Directive

(95/46/EC

) and the

Identity Ecosystem Steering Group (IDESG) privacy principles

.

Slide18

Summary

18

With the work in FIDO we have been trying to exercise the

privacy by design

philosophy.

Whitepaper explains the privacy principles. Those principles have been taken into account during the work on the technical specifications.

Unique privacy characteristics:

User verification happens locally at the Authenticator

No centrally created or managed credentials.

Reduced tracking capability.

Related Contents


Ethics and Privacy 3 35 Slides
Ethics and Privacy 3 35 Slides PowerPoint Presentation
348 views
'I' Before 'E
'I' Before 'E PowerPoint Presentation
367 views
FIA TOOLS Forest Inventory & Analysis
FIA TOOLS Forest Inventory & Analysis PowerPoint Presentation
345 views
Authentication Session
Authentication Session PowerPoint Presentation
397 views
Why Economists Often
Why Economists Often PowerPoint Presentation
396 views
2011 by helen nissenbaum
2011 by helen nissenbaum PowerPoint Presentation
375 views
Privacy Preserving Data Publishing
Privacy Preserving Data Publishing PowerPoint Presentation
457 views
As defined in the Generally Accepted Privacy Principles, “privacy” refers to the
As defined in the Generally Accepted Privacy Principles, “privacy” refers to the PowerPoint Presentation
394 views
Privacy Lost: How Technology is Endangering Your Privacy
Privacy Lost: How Technology is Endangering Your Privacy PowerPoint Presentation
482 views
Instance Based Social Network Representation
Instance Based Social Network Representation PowerPoint Presentation
411 views
PRIVACY IN CYBERSPACE
PRIVACY IN CYBERSPACE PowerPoint Presentation
402 views
Overview of the Privacy Act
Overview of the Privacy Act PowerPoint Presentation
343 views
Kunal Talwar MSR SVC The Price of Privacy and
Kunal Talwar MSR SVC The Price of Privacy and PowerPoint Presentation
352 views
Next Show more