The Value of FIDO Certification

All Rights Reserved | FIDO Alliance | Copyright 2018
FIDO Certification
Programs

2
AGENDA
• The Value of FIDO Certification
• FIDO Certification Programs
• Functional
• Authenticator
• Biometric
• Getting Started
Dr. Rae Hayward,
Certification Director,
FIDO Alliance

BENEFITS TO CERTIFICATION
Validation Interoperability Rigorous testing
Trust
Competitive
edge
Market
expansion

FIDO CERTIFIED ECOSYSTEM (SAMPLE)
PHONES & PCs
Over 525 FIDO Certified Solutions Available Today
SECURITY KEYS CLOUD/SERVER SOLUTIONS

5
FIDO METADATA SERVICE
• Web-based tool where FIDO authenticator vendors can publish metadata
statements for FIDO servers to download
• Provides organizations deploying FIDO servers with a centralized and
trusted source of information about FIDO authenticators
• Validate the integrity of a device population by periodically
downloading a digitally signed metadata to verify individual metadata
statements

7
AGENDA
• Functional
• Authenticator
• Biometric
• Getting Started

FUNCTIONAL CERTIFICATION
• Available to members and non-members
• Measures compliance among products and services
that support FIDO specifications
• Validates interoperability within the ecosystem
• Certify products such as authenticators, servers,
clients, and combos

9
INTEROP TESTING OVERVIEW
• Existing Process – Interop Testing Events
• Interop every 90 days
• Plan ahead! May impact product schedules…
• New Process – On Demand Testing
• Pick your testing date from a calendar
• Servers: remote / virtual testing
• Authenticators: ship device or in-person testing
• Convenience and fast turn-around
FIOD
Testing
Virtual
Shipped
In-Person
Interop Events

10
FIDO AUTHENTICATOR CERTIFICATION
• The FIDO Authenticator Certification
Program validates that Authenticators
conform to the FIDO specifications
(UAF/U2F/FIDO2) and allows vendors to
certify the security characteristics of their
implementations
• After completing certification, vendors may
use the FIDO logo on their products

11
A COMPREHENSIVE SET OF LEVELS FOR ALL USES CASES
SAMPLE DEVICE HARDWARE &
SOFTWARE REQUIREMENTS
DEFENDS AGAINST
Protection against chip fault injection,
invasive attacks… L3+
Captured devices
(chip-level attacks)
Circuit board potting, package on
package memory, encrypted RAM… L3
Captured devices
(circuit board level attacks)
Restricted Operating Environment (ROE)
(e.g., TEE or Secure Element in a phone,
USB token or Smart Card which are
intrinsically ROEs, other…)
L2+
Device OS compromise
(defended by ROE)
L2
Any device HW or SW
L1+
Device OS compromise
(defended by white-box cryptography)
L1
Phishing, server credential
breaches & MiTM attacks
(better than passwords)

LEVEL 1
Examples
• Android or IoS applications
• Platform built-in authenticators
• Level 2- or Level 3-capable
authenticators that yet been certified
at Level 2 or Level 3
Certification Process
Vendor documents their design in detail
L1+ only: Evaluation by FIDO-accredited lab,
penetration testing (L1+ program still in development)
Evaluation by FIDO Alliance Security Secretariat
• Better than passwords
• FIDO is unfishable and biometrics are
more convenient
• Keys and biometric templates are
protected similar to passwords
stored by a browser or password
manager app
• Requires best facilities offered by
hosting OS
• L1+ adds white-box cryptography
(obfuscation and other techniques)
to defend against compromise of
hosting OS

LEVEL 2
In addition to L1
• A restricted operating
environment like a TEE gives
security even if OS is
compromised.
• Separate USB, BLE and NFC
authenticators are considered
to use a restricted operating
environment
• Gives defense against larger
scale attacks
• Additional assurance at L2+
L2+ only: Vendor submits source code (L2+ program
still in development)
Evaluation by a FIDO-accredited lab
L2+ only: Attack potential calculation, pen testing
Examples
• Android apps using FIDO Level 2 certified
phone (there aren’t any yet)
• USB, BLE and NFC Security Keys
• Level 3-capable authenticators that
haven’t yet been certified at Level 3

LEVEL 3
In addition to L2
• Defends against physically
captured authenticators
• Defenses against disassembling,
probing, glitch and other such
physical attacks
• L3+ adds defense against chip-level
physical attacks, such as decapping
and probing the chip
Vendor submits source code
Evaluation by a FIDO-accredited lab (L3, L3+)
Attack potential calculation and penetration testing
L3+ only: Higher attack potential requirements
Examples
• USB, BLE and NFC Security Keys using
Secure Elements or other means of
defending HW attacks
• In some case phone or platform
authenticators may achieve L3, but is
difficult

COMPANION PROGRAMS
Re use as much as possible from other programs like
Common Criteria
• Reduces time, effort and cost of certification for authenticator
vendors, sometimes by quite a lot
Companion programs never cover all FIDO requirements;
they were not developed specifically for authenticators
• Even with advanced companion programs, vendors will have to
go through additional certification with the FIDO Alliance
Companion Program FIDO Security Level Program Status
Common Criteria AVA_VAN 3 L3 Operating
Common Criteria AVA_VAN 4 L3+ Operating
FIPS L2+, L3 In development
Global Platform TEE Protection Profile L2+ In development
Authentication-
specific
Companion program
AllFIDOSecurityRequirements
End-device
configuration
Cryptographic
algorithms
FIDOSpecific

FIDO ACCREDITED LABS
L2 L3, L3+
All labs that do FIDO certification must pass accreditation by the FIDO Alliance
Biometric

EXPIRATION, DERIVATIVE & DELTA CERTIFICATION
xPhone Asteroid1 32GB
Authenticator v1
Authenticator v1
Authenticator v1
Authenticator v2
Security Requirements 1.2 Security Requirements 1.3
Authenticator v1
Delta Certification
• When the FIDO functionality changes
• Recertification against new requirements
• After fix to close a vulnerability
• Reevaluation of security is required
Derivative certification
• No change to FIDO functionality allowed
• Surrounding functionality may change
• Packaging & product name may change
• No re evaluation of security
No Expiration
• Certification of a given product never
expires
• Recertification against new versions of
the requirements is optional
Derivative
Delta
Derivative
Delta
Authenticator v1.1 (fixed)
Delta

FIDO Alliance | All Rights Reserved | Copyright 201818
FIDO BIOMETRIC CERTIFICATION
The FIDO Biometric Certification
Program is intended to certify
biometric components and/or
subsystems and is independent from
Authenticator Certification Program

19
BIOMETRIC AND AUTHENTICATOR CERTIFICATION
Using a Certified Biometric Subcomponent:
• Optional for Authenticators using a Biometric at L1-L2.
• The Security Requirements enforce Biometric Certification of the
biometric at L3 and higher when a biometric is used in the
authenticator.
• Once L2+ is finalized Biometric Certification will also be required
• Results in a “FIDO Certified” Authenticator

20
BIOMETRIC DEFINITIONS
• False Accept Rate (FAR): The proportion of verification transactions with
wrongful claims of identity that are incorrectly confirmed
• The requirement of less than 1:10,000 for the upper bound of a 80% confidence
interval
• False Reject Rate (FRR): The proportion of verification transactions with
truthful claims of identity that are incorrectly denied
• the requirement of less than 3:100 for the upper bound of a 80% confidence
interval
• Impostor Attack Presentation Match Rate (IAPMR): Proportion of
presentation attacks in which the target reference is matched
• evaluation measures the Impostor Attack Presentation Match Rate for each
presentation attack type, as defined in ISO 30107 Part 3

SELF-ATTESTATION - OPTIONAL
Biometric Requirements:
• False Accept Rate (FAR): The vendor SHALL attest to an FAR of [1:25,000 or
1:50,000 or 1:75,000 or 1:100,000] at an FRR of 3% or less.
• False Reject Rate (FRR): The vendor SHALL attest to an FRR at no greater than 3%
as measured when determining the self-attested FAR. In other words, self
attestation for FRR is only possible when self attesting for FAR.
NOTE: Self-attestation for FAR and FRR shall be supported by test data and
documented in a report submitted to lab from vendor.

22
AGENDA
• Functional
• Authenticator
• Biometric
• Getting Started

GETTING STARTED: FUNCTIONAL CERTIFICATION
Register for Self-Conformance Test Tool Access :
https://fidoalliance.org/test-tool-access-request/
• For UAF, you will need to complete both automated and manual testing
• UAF Authenticators only will need a Vendor ID:
http://fidoalliance.org/vendor-id-request/
Complete Self-Conformance Testing at least two weeks prior to
interoperability event.
Elect to Participate in Pre-Testing in the two weeks prior to the
interoperability event (recommended)
Register for and attend the next interoperability event:
https://fidoalliance.org/interop-registration/
Next Interoperability Event Host: Seoul, S. Korea, 12-15 November 2018
(Location TBD). Registration is open.

Functional
Testing
Security
Evaluation
Certification
Issuance
Trademark
Licensing
Agreement
Metadata
Submission
24
CERTIFICATION PROCESS OVERVIEW

GETTING STARTED – BIOMETRIC CERTIFICATION
Apply for Biometric component certification
• Request an account: https://fidoalliance.org/certification/certification-
account-request/
Select an Accredited Biometric Lab and agree to terms for testing
• Biometric Accredited Lab list:
https://fidoalliance.org/fido-accredited-biometric-laboratories/

BIOMETRIC SUBCOMPONENT TESTING

27
ALLOWED INTEGRATION DOCUMENT
• Developed by vendor and submitted to lab
• Used to document changes necessary to accommodate integration with
authenticator
• Must include explanation of possible software and hardware changes

TESTING STEP 2: AUTHENTICATOR

Connect with FIDO
fidoalliance.org

The Value of FIDO Certification

More Related Content

What's hot

What's hot (20)

Similar to The Value of FIDO Certification

Similar to The Value of FIDO Certification (20)

More from FIDO Alliance

More from FIDO Alliance (20)

Recently uploaded

Recently uploaded (20)

The Value of FIDO Certification