CTAP1 my U2F you FIDO2 CTAP2.

If you are confused about all various FIDO terms, you are not alone. Over the years FIDO has expanded from two, to a dozen working groups. Standards started overlapping, having backwards compatibility and everything went terminologically speaking, bonkers.

Image for post
Image for post
TL;DR image

So here is a breakdown:

  • FIDOFast IDentity Online, or FIDO Alliance. As I explained earlier it’s a consortium that develops secure, open, phishing proof, passwordless authentication standards. FIDO Protocol Family is a set of protocol that was developed by FIDO Alliance. UAF — Universal Authentication Framework. U2F — Universal Second Factor, and FIDO2. …

…or Level 1 Credential Management API extension for Public Key Credentials, and the untold stories of managing credentials in the browser…

What should I expect from this article?

Learn what is FIDO2 and Webauthn, and how to use them to kill passwords.

What is not going to be here?

Assertion and attestation verification. This is done by the server and so described in my series of articles: “WebAuthn/FIDO2: Verifying responses”.

Table of contents

A long time ago in a galaxy far, far away


Was killed by WebAuthn!… Or FIDO2… Hm… What do these terms even mean?

Well, if you are one of those confused readers, then welcome to my humble article. Sit down. Get a cuppa tea, and let’s dig into the world of phishing proof passwordless authentication. …

Please note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.

Security, yeah
That’s all I want from you, oh now
Security, yeah
And a little love that will be true, oh
— Otis Redding — Security

Android KeyStore is a key management container, that defends key material from extraction. Depending on the device, it can be either software or hardware backed. The main functionality of the KeyStore, manage and store keys, encrypt, decrypt and sign.

One of the important features of KeyStore is ability to provide attestation of the device. The attestation contains information about the security levels and features that device provides, that can be used by the RP to assess the risks for it particular case. Keystore attestation is very useful for authentication and payment solutions. For example Android pay system uses it to asses the device for payment purposes, and for selection of the payment modes. You can learn more about it in 34C3 talk — “Decoding Contactless (Card) Payments”. I as well highly advice “Android Security Internals” by Nikolai Elenkov. …

Please note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.

2014 is outside. Pharrell Williams’s Happy is top chart. Obama is still President. And U2F just was released with simple merged buffer response structure. Then everyone decided that CBOR was the new cool kid in town, and slapped it on top of U2F creating FIDO2 Packed attestation.

A sample of FIDO2 packed attestation response. The fields are hexed for simplicity

Verifying packed attestation is probably the simplest of all attestation. …

Please note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.

“If it keeps on rainin' levee's goin' to break” Led Zeppelin would sing over and over in their songs. But then Google put some crazy big-data on their Play Store, and suddenly infinite rain of data can be not just be handled, but actually used to ensure that apps installed are not doing something stupid, by just analysing their behaviour.

So to be up to date “If it keeps on rainin’ data, levee’s goin’… to protect your…

In this article we will talk about procedures that server will need to perform in order to validate WebAuthn response. If you are interested in playing with WebAuthn first, you should read my article: “Introduction to WebAuthn API”

“Your employees are locked out of their laptops. Their data is gone. They don’t even know what meetings they have today and will be trying to recover for months.” (Sony Pictures)

“Your customer data has been released, including their credit card numbers and social security numbers. The data has been insidiously pilfered for months. Your company is the top headline of every news site and your shareholders are not happy. …

Please note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.

Some of those who have done work with U2F before are confused by FIDO2 U2F attestations. Previously U2F attestations were raw buffer, and now it is fancy CBOR structs. How does one verify these attestations, you might ask?

Before we start, we need to look at original U2F attestations:

Image for post
Image for post
Source: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html

And now lets look at what you get from WebAuthn:

This is happening, because in FIDO2 we introduced CTAP1(U2F) to CTAP2 mapping. …

Please note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.

If anything can intimidate you, that’s TPM. Written in the deep, dark caves under Barad-dûr, by Trusted Computing Group, it was never meant to be read by humans. Eight hundred and sixty one page of the dark spells and tables describing the most wicked of the hardware encryption modules. Those who manage to learn it all will be haunted by the nightmares… until they move to another project.

Image for post
Image for post
Parsing pubArea, the algorithm. Author: Adam Powers

Now keeping LoTR universe behind, I will say that I will be keeping TPM specs out of this section as hard as I can. If you wish to go deep you are free to visit TPM specs, though you nerve system will thank you if you don’t. …

Opinions expressed are solely my own and do not express the views or opinions of my employer.

Recently I’ve seen far too many posts aboutabandoning SMS”. I have only one thing to say: STOP IT

Image for post
Image for post

Yes. I am serious. Your constant non-constructive moaning, is not just annoying, but most importantly it’s dangerous.

Yes, SMS is bad. I know it. I had read NIST Draft on “Digital Authentication Guideline”. I have read about SS7 attack. I know you can build a rogue spoofing base station for under a thousand dollars. And the fact that you can do easy social engineering and reissue some ones sim card.

…or story about trying to find all of the standards.

Being newbie in crypto is fun, a specially when you have to work with PKCS. You will be seeing this acronym everywhere. PKCS stands for “ Public Key Cryptography Standards”. They were developed by RSA Security as standards for their own, patented, algorithms, but today they are pretty much key-stone of a lot of modern cryptographic solutions. You’ve probably heard of ANSI, X9, PKIX, SET, S/MIME, SSL. They are all related or came from PKCS.

They are ugly.

They are old.

But they are everywhere, and you will have to deal with them. …


Ackermann Yuriy

FIDO, Identity, Standards

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store