This post is also available in: Danish
Here we will outline the structure of a reliable setup for identifying users based on asymmetric encryption with the dynamic duo: FIDO and PKI. The methods complement each other and optimal for various purposes such as secure login, digital signing and encryption.
FIDO is an open authentication standard for asymmetric, encrypted login, but without the need for certificates and associated end-user-level directory services. Once the user has registered their username and password, and the system is activated, login can be done with a hardware key, PIN code, fingerprint or even face recognition.
The PKI authentication method, like FIDO, is open but offers stricter identity management. It is ideal for digital signatures as well as email and document encryption. PKI can be compared to the security processes that follow credit cards.
The methods have both advantages and disadvantages, but the discussion about which one to choose has become irrelevant because they work excellently in interaction with each other. PKI is typically used for secure login, email in the internal environment, where FIDO can be a valuable supplement to external authentication for web-based services.
The core of the ecosystem
To build confidence in the FIDO system, an “ecosystem” is needed. We need a safe environment that, among other things, takes unpredictable user behaviour into account. This ecosystem must be based on the following four cornerstones:
- Reliable protocols
- Reliable storage of security keys
- Reliable environment
- Reliable fitting
Let’s take a closer look at them:
The protocol is open and issued by the FIDO Alliance. They are standardized and undergo a thorough review before being published. Read more about FIDO Alliance here: fidoalliance.org
Reliable storage of security keys
Reliable storage is obtained by defining specific requirements for different applications and security levels, for example, requirements for the use of a software key stored in a hardware device.
The trusting party, such as a service provider, must ensure that trusted metadata is made available in the FIDO security key. For the sake of transparency, the backend features should be designed for established security certificates (SSL / ETSI / CABF). Certification processes must be established to ensure compliance. These features are also widely used in the PKI world (ETSI / CABF / ISO 27001).
It must be possible to personalize the security key and protect the identity of the holder. For the sake of transparency, personalization procedures should be documented and reviewed by independent third parties. This is described in the PKI standards.
Comparison of approval and identification with PKI and FIDO
While PKI systems typically use a combination of authentication and identification, FIDO clearly distinguishes between these two processes. This has benefits for both the user and the trusted party, as login can be performed securely and using a minimal amount of data.
Both the PKI and FIDO systems use a token consisting of a security chip and an operating system certified according to CC EAL4 +. In a FIDO solution, this token is already certified and ready for use. In a PKI solution, it is certified according to the EU regulation on electronic identification.
PKI is preferred for the following areas:
- Server authentication
- Client authentication
- Log in to a desktop computer
- Approval of devices before start
- Remote Desktop Access
- Email encryption and authentication
- Internet Protocol Security (IPSec) for Virtual Private Networks (VPN)
- Wireless access
- Approval of transactions
- Code signing
- Disk encryption
- Single Sign On (SSO)
However, there are situations where FIDO has advantages. In general, the FIDO solution is easier to use for the end-user. The protocol is also easier to integrate into web and mobile apps. Compared to PKI systems, FIDO systems are usually cheaper in terms of operation and maintenance because they do not contain as many certificates to be renewed.
The table below shows which applications can be handled with PKI and FIDO, respectively.
|Approval before start||Yes||Yes|
|Web client authentication||Yes||Yes|
|Thick client approval||Yes||Yes|
|Email encryption and signing – S/MIME||Yes||No|
|EAP-TLS for wireless access||Yes||No|
|Approval of transactions||Yes||Yes|
|Single Sign on||Yes||Yes|
Areas where FIDO and PKI have similar features
Web client authentication:
The FIDO protocol uses TLS in server-only authentication mode, while PKI uses TLS with certificate-based authentication on the client-side.
Here, built-in APIs are used to authenticate the user. For example, a thick client might be a mobile app or a computer application. PKI can perform certificate-based authentication without user intervention. In a FIDO solution, action from the user is always required.
For the trusted party, it is easier to verify a digital signature of a document within their domain, where the user’s FIDO security key is registered. It is a complicated task to check the signature outside the domain of the trusted party. FIDO protocols are not intended to solve this, and here PKI solutions are better suited.
Code signing can be performed with FIDO if the verifier (usually the trusted party) has access to the public FIDO key.
Single Sign On:
The FIDO protocol can be used for Single Sign-On if used in combination with a federation protocol, such as Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). The trusted party then acts as the Identity Provider (IdP) and handles the authentication of the user.
Approval before start:
Both PKI and FIDO can be used to authenticate the user before the computer starts, and the two systems work in the same way.
Approval of transactions:
This application is supported by two FIDO protocols and is intended for smaller transactions that can be performed on a mobile device.
Differences between Fido og PKI
Internal PKI solutions use electronic certificates issued by a Certificate Authority (CA). These certificates make it possible to verify that a particular public key belongs to the alleged owner. This is not necessary for FIDO, and that is the great advantage of this solution. Conversely, the benefits of PKI are many. Since PKI uses certificates from a Certificate Authority (CA), which consists of a public and a private key, the certificate can be sent over the Internet. FIDO security keys are tied to a specific trusted party and can therefore only be used within a specific security domain.
This applies to mail encryption. Historically, email encryption and signing have been performed using the S / MIME protocol, which requires an X.509 certificate. Because FIDO protocols do not use electronic certificates, they cannot be used for this application.
The same goes for VPN IPSec and TLS. VPN uses electronic certificates and the IPSec protocol that require an X.509 certificate. Because FIDO protocols do not use electronic certificates, they cannot be used for this application.
TLS and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols that use public keys to encrypt traffic between two or more communication applications, for example, between a web server and the user’s browser. The server authenticates the browser with an X.509 server certificate, and the browser authenticates the server with an X.509 client certificate. The FIDO protocols do not support certificate-based authentication and are not intended for client or server authentication in TLS. However, FIDO can be used for client authentication in the application database instead of or in addition to authentication with X.509 certificates.
Extensible Authentication Protocol (EAP) for wireless access also can not Again FIDO protocols do not use electronic certificates.
Similar to the approval of transactions, FIDO can be used for e-signature. For the trusted party, however, it is easier to verify an electronic signature of a document in the domain where the user’s FIDO security key is registered. Checking the signature outside the domain of the trusted party is a task that the FIDO protocols are not intended to solve and for which PKI solutions are better suited.
FIDO protocols can be used to verify code-signed applications within the domain, while PKI solutions are better suited for verifying code-signed applications and installations outside the domain, at least for the time being.
FIDO protocols do not support disk encryption. With PKI, smart cards can be protected by encryption.
In a combined solution for access management, protocols such as SAML and OIDC are used to establish a relationship of trust between the identity provider (IdP, identity provider) and the service provider (the trusted party) through the exchange of certificates. FIDO protocols are not intended for authentication based on the exchange of certificates.
When summarizing the differences, similarities, and advantages and disadvantages of PKI and FIDO, there is a security aspect to notice: For security reasons, electronic certificates usually have a limited validity period. The period of validity must always be weighed against the cost of issuing new certificates. The FIDO protocol does not specify the period of validity of the security keys registered with the trusted party. From a protocol point of view, the keys never expire, and the protocol contains no function to recall them.
The benefits of using a combination of PKI and FIDO
FIDO is a password-free login system where public encryption keys are used for authentication. This provides security at the level of certificate-based authentication without the need for investment in an expensive certificate management infrastructure.
The FIDO protocol can be used for various applications:
- login to web and cloud services
- login to apps on mobile phones
- login on desktops, both offline and online
- login to shared workstations
- secure approval of employees working externally and internally
Organizations that have invested in a PKI solution can extend their authentication solution with FIDO at a reasonable cost.
For organizations that have not invested in PKI and need a secure approval solution, FIDO may be an appropriate solution, provided that the security requirements and business objectives are met.