Abstract
FIDO (Fast Identity Online) is a new online identity management architecture, developed and promoted by a large industry consortium. Its goal is to simplify and strengthen online user authentication by relying on local device user authentication. Another goal is to finally put passwords to rest. This solution requires strong trust between players and components in the architecture. These aspects have received little attention from the FIDO consortium. The aim of this paper is to analyze the trust requirements for FIDO, and assess the cost of establishing the required trust.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
FIDO Alliance. Chinas online giant alibaba endorses fido authentication (2014). www.fidoalliance.org/chinas-online-giant-alibaba-endorses-fido-authentication/
FIDO Alliance. Fido security reference (2014). www.fidoalliance.org/specifications
FIDO Alliance. Google launches security key, worlds first deployment of fido universal second factor authentication (2014). www.fidoalliance.org/category/news-events/news-more/
FIDO Alliance. Google, samsung, and 16 others receive post-password certification (2014). www.fidoalliance.org/google-samsung-and-16-others-receive-post-password-certification/
FIDO Alliance. Reference architecture (2014). www.fidoalliance.org/specifications
FIDO Alliance. Whitepaper: Privacy principles (2014). www.fidoalliance.org/specifications
FIDO Alliance. Windows hello waves off passwords (2014). www.fidoalliance.org/windows-hello-waves-off-passwords-2/
FIDO Alliance. Online identity atraction with governments (2015). www.fidoalliance.org/online-identity-group-gains-traction-with-government-involvement/
Cavusoglu, H., Mishra, B., Raghunathan, S.: The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. Int. J. Electron. Commerce 9(1), 70–104 (2004)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on the World Wide Web, pp. 657–666. Association for Computing Machinery Inc, May 2007
Herley, C.: More is not the answer. IEEE Security and Privacy magazine (2014)
ITU. Recommendation X.800, Security Architecture for Open Systems Interconnection for CCITT Applications. International Telecommunications Union, Geneva (1991)
Jennifer, W.: How to perform and interpret chi-square. SAS Global Forum (2012)
Jøsang, A.: Identity Management and Trusted Interaction in Internet and Mobile Computing. IET Information Security, (in press) (2013)
Jøsang, A., Fabre, J.: Trust requirements in identity management. In: ACSW Frontiers 2005, ACSW Workshops - the Australasian Workshop on Grid Computing and e-Research and the Third Australasian Information Security Workshop, pp. 99–108, Newcastle (2005)
Loutfi, I., Jøsang, A.: 1,2, Pause: lets start by meaningfully navigating the current online authentication solutions space. In: Jensen, C.D., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) IFIPTM 2015. IFIP AICT, vol. 454, pp. 165–176. Springer, Heidelberg (2015)
PandaLabs. PandaLabs Quarterly Report, Q2, June 2012
Prabhu, D., Adimoolam, M.: A novel dna based encrypted text compression. IJCA Special Issue on Network Security and Cryptography NSC(2), 36–41 (2011)
USDoD. Trusted Computer System Evaluation Criteria. US Department of Defence (1985)
Verizon. Control computer crime news (2013). www.verizonenterprise.com/resources
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Loutfi, I., Jøsang, A. (2015). FIDO Trust Requirements. In: Buchegger, S., Dam, M. (eds) Secure IT Systems. NordSec 2015. Lecture Notes in Computer Science, vol 9417. Springer, Cham. https://doi.org/10.1007/978-3-319-26502-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-26502-5_10
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26501-8
Online ISBN: 978-3-319-26502-5
eBook Packages: Computer ScienceComputer Science (R0)