Use

Case of Lockit USB

in terms of U2F

July 11, 2018

Table of Contents

1. Current Issues

2. What is FIDO U2F?

3. How does U2F Work?

4. Introduction of Irisys Lockit U2F

1. Current Issues

Password

ü  Password might be entered into

untrusted
App / Web-site (“phishing”)
ü  Password could be stolen from
the server
OTP
ü  Too many passwords to
remember
à re-use / cart abandonment
ü  Inconvenient to type password
on phone

* Man In The Middle attack / Man In The Browser

1. Current Issues

ü  OTP vulnerable to real-time MITM

Password
and MITB*
attacks
ü  SMS security questionable,
especially when Device is the
phone
- Malicious Apps with SMS
permission can read
OTP OTP and send it back to attacker.
ü  Inconvenient to type OTP on
phone
ü  Specialized OTP devices are
costly and
tough to integrate in existing
system

* Man In The Middle attack / Man In The Browser

2. What is FIDO U2F?
Overview

Traditional passwords are prone to several attacks. The security of the password-only based
systems
relies on user completely. If a good password is not chosen, the degree of randomness is very less
making the system very insecure. Further, users usually use same or similar passwords across
multiple systems; which indeed makes the situation more worse.
Online Auth Request Local Device Auth Success

1 2 3 ü f
ID + Password Done
Insert USB and
Press Button
U2F Server U2F Authenticator
A web enabled server that implements A local authentication mechanism that is abl
FIDO U2F protocol for Server e to perform user registration and authentic
ation after traditional password is authentic
ated.
3. How does U2F Work?

1. Requesting for registration

U2F U2F Compatible

Server Browser (ex : Chrome)
7. U2F Authenticator is successfully registered

2.  HID API : Connecting

6. Send back cryptographically the device through
U2F signed and USB port
Registration encrypted (https) registration 3.  Delivering
RESPONSE registration
back to server
4. Requesting for iris authentication information
Iris recognition Authenticator
module
User Devi 5. Unlock U2F module for the
Verifi ce
first
catio Aut
hen time and perform
n
tica registration
tor operation
1. Requesting for
authentication U2F Compatible
U2F Browser (ex : Chrome)
Server 7. U2F Authenticator is successfully authenticated

2.  HID API : Connecting

6.  Send back cryptographically
U2F the device through
signed and encrypted (https)
Authentication USB port
authentication RESPONSE
3.  Delivering
back to server
4. Request for user consent to authentication
authentication challenge
Iris recognition Authenticator
module
5. Unlock U2F module for the
first time
with IRIS, then request user
consent
and perform authentication
operation
4. Introduction of Irisys Lockit U2F

1 Core Features & Supporting Sites

Scalable
- Works across any number of services

Secure
- Protects against phishing & MITM*
- Verifies user presence
- User verification using IRIS matching

Open Standard
- Native platform/browser support
4. Introduction of Irisys Lockit U2F

2 Authentication Example
(Google)

Authentication with iris Connect Lockit USB to PC

scanning