\documentclass{beamer}
\usepackage{hyperref}
\usepackage{graphicx}
\usepackage{qrcode}
\usepackage[normalem]{ulem}
\usepackage{xcolor}
% Colorblind-friendly palette from .
\definecolor{Vermillion} {cmy}{0, 0.8, 1}
\definecolor{Orange} {cmy}{0, 0.5, 1}
\definecolor{SkyBlue} {cmy}{0.8, 0, 0}
\definecolor{BluishGreen} {cmy}{0.97, 0, 0.75}
\definecolor{Yellow} {cmy}{0.1, 0.5, 0.9}
\definecolor{Blue} {cmy}{1, 0.5, 0}
\definecolor{ReddishPurple} {cmy}{0.1, 0.7, 0}
\newcommand{\BSD}{BSD}
\newcommand{\Age}{Age}
\newcommand{\Bluetooth}{Bluetooth}
\newcommand{\EuroBSDcon}{EuroBSDcon}
\newcommand{\FIDO}{FIDO}
\newcommand{\Firefox}{Firefox}
\newcommand{\FreeBSD}{FreeBSD}
\newcommand{\HID}{HID}
\newcommand{\NFC}{NFC}
\newcommand{\NetBSDcurrent}{\NetBSD-current}
\newcommand{\NetBSD}{NetBSD}
\newcommand{\OpenBSD}{OpenBSD}
\newcommand{\OpenSSH}{OpenSSH}
\newcommand{\USBHID}{\USB~\HID}
\newcommand{\USB}{USB}
\newcommand{\Webauthn}{Webauthn}
\newcommand{\email}[1]{\texttt{#1}}
\newcommand{\texttildecenter}{\raisebox{0.5ex}{\texttildelow}}
\newcommand{\brdots}{[\,\dots]}
\title{\FIDO\ and \Webauthn\ on \BSD: \\
Authentication for the easily distracted}
\author{Taylor R Campbell \\
\email{riastradh@NetBSD.org}}
\date{\EuroBSDcon\ 2023 \\
Coimbra, Portugal \\
September 17, 2023}
\begin{document}
\frame{\titlepage}
\begin{frame}
\frametitle{\FIDO\ and \Webauthn\ on \BSD}
\centering
\url{https://www.NetBSD.org/gallery/presentations/riastradh/eurobsdcon2023/fidobsd.pdf}
\vspace{\baselineskip}
\qrcode[height=2in]{https://www.NetBSD.org/gallery/presentations/riastradh/eurobsdcon2023/fidobsd.pdf}
\end{frame}
�
\begin{frame}
\LARGE
Why do we need a new authentication system?
\end{frame}
\begin{frame}[fragile]
\frametitle{Hook}
\begin{verbatim}
Date: Sun, 17 Sep 2023 13:20:59 +0000
From: "EuroBSDcon (via Google Drive)"
To: riastradh@gmail.com
Subject: Folder shared with you: "Conference program"
I've shared an item with you:
Conference program
https://drive.googIe.com/drive/folders/
Gb5Z_sYiHuiqUClpeCISutMRc3rMmzZAg?
usp=sharing&invite=vigcIJy&ts=6ff7f21e
It's not an attachment -- it's stored online.
To open this item, just click the link above.
\end{verbatim}
\end{frame}
\begin{frame}
\frametitle{Line}
\centering
\includegraphics[height=0.9\textheight]{google-login1.png}
\end{frame}
\begin{frame}
\frametitle{Sinker}
\centering
\includegraphics[height=0.9\textheight]{google-login2.png}
\end{frame}
\begin{frame}
\LARGE
You've been phished!
\end{frame}
\begin{frame}
\frametitle{Two-factor authentication}
Prove at least two:
\begin{itemize}
\item something you know (password, security question)
\item something you have (phone, USB token, smart card)
\item something you are
\only<2>{(a \BSD\ nerd)}%
\only<3>{(\sout{a \BSD\ nerd})}%
\only<4->{(biometrics: retina, fingerprint, \dots)}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Two-factor authentication}
Typical 2FA:
\begin{itemize}
\item 2FA codes sent over SMS to your phone
\item Authenticator app, usually meaning TOTP
(RFC 6238/4226) stored on phone
\item Push notifications to your phone,
usually Microsoft or Duo proprietary
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Two-factor phishing: TOTP codes, SMS 2FA codes}
\includegraphics[height=0.9\textheight]{github-totp-phish.png}
\end{frame}
\begin{frame}
\frametitle{Two-factor phishing: push notifications}
(screenshot of notification left as an exercise for the reader)
\end{frame}
\begin{frame}
\frametitle{Two-factor phishing}
\begin{itemize}
\item 2FA codes sent over SMS
\begin{itemize}
\item<2-> \dots are gathered by the same phishing page and
relayed on by the attacker
\end{itemize}
\item TOTP codes
\begin{itemize}
\item<3-> \dots are gathered by the same phishing page and
relayed on by the attacker
\end{itemize}
\item Push notifications
\begin{itemize}
\item<4-> \dots are sent when the password you entered into the
phishing page is relayed on by the attacker
\item<5-> \dots lead to notification fatigue
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Two-factor phishing}
Main problem: copying \& pasting secrets not bound to origin
\end{frame}
\begin{frame}
\frametitle{Threat models}
\begin{enumerate}
\item<2-> Phishing
\item<3-> Phishing
\item<4-> Phishing
\item<5-> User fatigue and circumvention
\begin{itemize}
\item<6-> Message to security people:
Be an enabler.
Don't get in the way; enable people to get their work done
with less risk.
\end{itemize}
\item<7-> Hardware theft, MITM attacks, shoulder surfing, \dots
\end{enumerate}
\end{frame}
\begin{frame}
\frametitle{Hardware tokens}
\begin{itemize}
\item RSA SecurID---proprietary version of TOTP on a gizmo with an
LCD display
\item Old Yubikeys---USB keyboard that types a proprietary version
of TOTP token
\item PKCS\#11, PKCS\#15, OpenPGP, \dots
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Legacy crypto tokens}
\begin{itemize}
\item Software stack
\begin{enumerate}
\item security/pcsc-lite---daemon that talks to USB
smartcard-like reader (pcscd)
\item security/opensc---library and tools that talk to
smartcard through pcsc-lite
\item security/ccid---opensc driver that talks to
chip/smart card interface driver devices
\end{enumerate}
\item proprietary magic protocols and file layout:
\url{https://github.com/OpenSC/OpenSC/pull/2097}
\item limited number of keys per device
\item state management
\item privacy leaks across sites
\end{itemize}
\url{https://wiki.NetBSD.org/tutorials/howto_bootstrap_the_ePass2003_smartcard/}
\end{frame}
�
\begin{frame}
\LARGE
\FIDO\ will protect us from the phish
\end{frame}
\begin{frame}
\frametitle{Live demo}
\end{frame}
\begin{frame}
\frametitle{Protocol flow---Registration}
\begin{enumerate}
\item Server at example.com asks to make a credential
\item Browser asks user to tap button to approve
\item Device generates credential id and key pair for
`example.com'
\item Device returns credential id and public key
\item Server stores credential id and public key for later use
\end{enumerate}
Note: Every registration creates an independent random key pair---key
generation with elliptic-curve crypto is cheap!
\end{frame}
\begin{frame}
\frametitle{Protocol flow---Authentication}
\begin{enumerate}
\item Server at example.com sends a challenge and stored credential
ids and asks for proof of one of them
\item Browser asks user to tap button to approve
\item Device re-derives key pair from credential id for `example.com'
\item Device returns signature on challenge
\item Server verifies signature with stored publickey
\end{enumerate}
\end{frame}
\begin{frame}
\frametitle{Properties}
\begin{itemize}
\item Independent keys for each site---no cross-site tracking
\item No special software, drivers, configuration tools needed
\item No user-visible state to manage on device
\item Unbounded number of credentials
\item Used as 2FA: vendor is not single point of failure
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Privacy leaks}
Privacy leaks are much more limited than traditional hardware tokens
with X.509 client certificates:
\begin{itemize}
\item On registration: device may send attestation of manufacturer
and batch number (not serial number!)---up to browser
\item On authentication: device may send signature count---up to
device
\item Server can tell if same device is used for multiple accounts
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Recommendations for users}
Get two devices:
\begin{itemize}
\item Primary on keychain or always plugged into laptop
\item Backup in desk or somewhere safe
\end{itemize}
If you lose one, no big deal---get a new one and use the backup to
log in and register it.
\begin{itemize}
\item<2-> \dots And don't use PINs: bad user experience, limited
software support, requires special tooling
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{How to add web application support---Registration}
\begingroup\small
\begin{verbatim}
const credential = await navigator.credentials.create({
publicKey: {
challenge: ...,
rp: {name: "Example GmbH", id: "example.com"},
pubKeyCredParams: [{alg: -7, type: "public-key"}],
authenticatorSelection: {
authenticatorAttachment: "cross-platform"
},
excludeCredentials: [...],
timeout: 60000,
...
}
})
\end{verbatim}
\endgroup
Returns structure with credential id, public key, optional device
attestation.
\vspace{\baselineskip}
More info: \url{https://webauthn.guide}
\end{frame}
\begin{frame}[fragile]
\frametitle{How to add web application support---Authentication}
\begingroup\small
\begin{verbatim}
const credential = await navigator.credentials.get({
publicKey: {
challenge: ...,
allowedCredentials: [{
id: credential_id0, ...
}],
...
}
})
\end{verbatim}
\endgroup
Returns structure with proof of ownership of one of the allowed
credentials.
\vspace{\baselineskip}
More info: \url{https://webauthn.guide}
\end{frame}
\begin{frame}
\frametitle{How to add web application support}
Various existing \Webauthn\ libraries to handle data structures and
verify credentials on the server side
\vspace{\baselineskip}
More info: \url{https://webauthn.guide}
\centering
\vspace{\baselineskip}
\qrcode[height=1in]{https://webauthn.guide}
\end{frame}
\begin{frame}
\frametitle{Sites that support \Webauthn}
\centering
\url{https://dongleauth.com}
\vspace{\baselineskip}
\qrcode[height=1in]{https://webauthn.guide}
\end{frame}
�
\begin{frame}
\LARGE
\FIDO\ on \BSD
\end{frame}
\begin{frame}
\frametitle{\BSD\ support in kernel: \USBHID}
\begin{itemize}
\item Main transport: \USBHID, like \USB\ keyboard/mouse devices
\item No special drivers needed---simple input/output `report'
pipes
\item Other transports: smartcard, \NFC---kind of works on
\BSD\ but requires pcsc
\item (unsure if \FIDO\ over \Bluetooth\ works on \BSD)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{\BSD\ support in userland: libfido2}
\begin{itemize}
\item libfido2: C library for talking to \FIDO\ devices
\item Maintained by Yubico
\item Supports \NetBSD, \OpenBSD, \FreeBSD out of the box
\item libfido2 available in pkgsrc/ports, shipped in \NetBSD\ base
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{\BSD\ support in browser: \Firefox, authenticator-rs}
\begin{itemize}
\item authenticator-rs: Rust crate for talking to \FIDO\ devices
\item Maintained by Mozilla
\item Used by \Firefox
\item Supports \NetBSD\ and \FreeBSD\ out of the box
\item \OpenBSD\ support may be broken, needs maintainer: \small
\url{https://github.com/mozilla/authenticator-rs/pull/234}
\end{itemize}
\centering
\vspace{\baselineskip}
\qrcode[height=1in]{https://github.com/mozilla/authenticator-rs/pull/234}
\end{frame}
\begin{frame}[fragile]
\frametitle{\FIDO\ in \OpenSSH}
\begin{itemize}
\item Different from usual \FIDO---similar to usual \OpenSSH
\item \verb!$ ssh-keygen -t ecdsa-sk!
\item Keep id\_ecdsa-sk private as usual
\item Copy id\_ecdsa-sk.pub to
\texttildecenter/.ssh/authorized\_keys
on server to register as usual
\item Tap device to authenticate on login
\item<2-> Alternative---resident keys/discoverable credentials:
\begin{itemize}
\item No need to keep id\_ecdsa-sk
\item Requires newer \FIDO\ keys
\item Limited storage per device
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Other platforms}
All major desktop and mobile operating systems and browsers support
\FIDO\ out of the box!
\end{frame}
�
\begin{frame}
\LARGE
Other cool things with \FIDO
\end{frame}
\begin{frame}
\frametitle{`Storing' disk encryption keys---fidocrypt(1)}
\url{https://github.com/riastradh/fidocrypt}
\begin{itemize}
\item Enroll multiple devices to have access to a secret
\item Works with legacy U2F devices and modern FIDO2 devices
\item Needs no storage on device---stored as per-device ciphertexts
in a cryptfile
\item (Might change file format to lighten executable, will provide
upgrade path)
\end{itemize}
\centering
\vspace{\baselineskip}
\qrcode[height=1in]{https://github.com/riastradh/fidocrypt}
\end{frame}
\begin{frame}
\frametitle{Using \FIDO\ to sign messages---fidosig(1)}
\url{https://github.com/riastradh/fidosig}
\begin{itemize}
\item fidosig(1): Sign arbitrary messages with \FIDO\ devices
\item Easily configurable threshold signature policies
\item Binary format, no temptation to act on unauthenticated data
\item \relax[Experimental]
\end{itemize}
\centering
\vspace{\baselineskip}
\qrcode[height=1in]{https://github.com/riastradh/fidosig}
\end{frame}
\begin{frame}
\frametitle{Using \FIDO\ to sign messages---\OpenSSH}
\begin{itemize}
\item Use ecdsa-sk, ed25519-sk keys with \OpenSSH:\par
\mbox{\texttt{ssh-keygen -Y sign}}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Using \FIDO\ with \Age\ to send encrypted messages}
\url{https://github.com/riastradh/age-plugin-fido}
\begin{itemize}
\item Plugin for \Age\ encryption tool:
\url{https://age-encryption.org}
\item Requires newer FIDO2 devices (but no state or PINs)
\item \relax[Experimental]
\end{itemize}
\centering
\vspace{\baselineskip}
\qrcode[height=1in]{https://github.com/riastradh/age-plugin-fido}
\end{frame}
\begin{frame}
\frametitle{Kerberos and \FIDO}
\begin{itemize}
\item Traditional Kerberos single-sign-on uses password to get SSO
tickets
\item New PA-REDHAT-PASSKEY preauthentication protocol adds 2FA
step with \FIDO
\item Very new, not widely supported, maybe soon in Heimdal and MIT
Kerberos!
\end{itemize}
\end{frame}
\begin{frame}
\LARGE
Questions?
\end{frame}
\end{document}