Skip to main content
SpringerLink
Log in

FIDO Trust Requirements

  • Conference paper
Secure IT Systems (NordSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9417))

Included in the following conference series:

Abstract

FIDO (Fast Identity Online) is a new online identity management architecture, developed and promoted by a large industry consortium. Its goal is to simplify and strengthen online user authentication by relying on local device user authentication. Another goal is to finally put passwords to rest. This solution requires strong trust between players and components in the architecture. These aspects have received little attention from the FIDO consortium. The aim of this paper is to analyze the trust requirements for FIDO, and assess the cost of establishing the required trust.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. FIDO Alliance. Chinas online giant alibaba endorses fido authentication (2014). www.fidoalliance.org/chinas-online-giant-alibaba-endorses-fido-authentication/

  2. FIDO Alliance. Fido security reference (2014). www.fidoalliance.org/specifications

  3. FIDO Alliance. Google launches security key, worlds first deployment of fido universal second factor authentication (2014). www.fidoalliance.org/category/news-events/news-more/

  4. FIDO Alliance. Google, samsung, and 16 others receive post-password certification (2014). www.fidoalliance.org/google-samsung-and-16-others-receive-post-password-certification/

  5. FIDO Alliance. Reference architecture (2014). www.fidoalliance.org/specifications

  6. FIDO Alliance. Whitepaper: Privacy principles (2014). www.fidoalliance.org/specifications

  7. FIDO Alliance. Windows hello waves off passwords (2014). www.fidoalliance.org/windows-hello-waves-off-passwords-2/

  8. FIDO Alliance. Online identity atraction with governments (2015). www.fidoalliance.org/online-identity-group-gains-traction-with-government-involvement/

  9. Cavusoglu, H., Mishra, B., Raghunathan, S.: The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. Int. J. Electron. Commerce 9(1), 70–104 (2004)

    Google Scholar 

  10. Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on the World Wide Web, pp. 657–666. Association for Computing Machinery Inc, May 2007

    Google Scholar 

  11. Herley, C.: More is not the answer. IEEE Security and Privacy magazine (2014)

    Google Scholar 

  12. ITU. Recommendation X.800, Security Architecture for Open Systems Interconnection for CCITT Applications. International Telecommunications Union, Geneva (1991)

    Google Scholar 

  13. Jennifer, W.: How to perform and interpret chi-square. SAS Global Forum (2012)

    Google Scholar 

  14. Jøsang, A.: Identity Management and Trusted Interaction in Internet and Mobile Computing. IET Information Security, (in press) (2013)

    Google Scholar 

  15. Jøsang, A., Fabre, J.: Trust requirements in identity management. In: ACSW Frontiers 2005, ACSW Workshops - the Australasian Workshop on Grid Computing and e-Research and the Third Australasian Information Security Workshop, pp. 99–108, Newcastle (2005)

    Google Scholar 

  16. Loutfi, I., Jøsang, A.: 1,2, Pause: lets start by meaningfully navigating the current online authentication solutions space. In: Jensen, C.D., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) IFIPTM 2015. IFIP AICT, vol. 454, pp. 165–176. Springer, Heidelberg (2015)

    Google Scholar 

  17. PandaLabs. PandaLabs Quarterly Report, Q2, June 2012

    Google Scholar 

  18. Prabhu, D., Adimoolam, M.: A novel dna based encrypted text compression. IJCA Special Issue on Network Security and Cryptography NSC(2), 36–41 (2011)

    Google Scholar 

  19. USDoD. Trusted Computer System Evaluation Criteria. US Department of Defence (1985)

    Google Scholar 

  20. Verizon. Control computer crime news (2013). www.verizonenterprise.com/resources

Download references

Author information

Authors and Affiliations

  1. University of Oslo, Oslo, Norway

    Ijlal Loutfi & Audun Jøsang

Authors
  1. Ijlal Loutfi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Audun Jøsang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. KTH Royal Institute of Technology , Stockholm, Sweden

    Sonja Buchegger  & Mads Dam  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Loutfi, I., Jøsang, A. (2015). FIDO Trust Requirements. In: Buchegger, S., Dam, M. (eds) Secure IT Systems. NordSec 2015. Lecture Notes in Computer Science, vol 9417. Springer, Cham. https://doi.org/10.1007/978-3-319-26502-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26502-5_10

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26501-8

  • Online ISBN: 978-3-319-26502-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation