FIDO Alliance paper details extending PKI security with authentication standards
The FIDO Alliance has released a new white paper in support of the U.S. Commission on Enhancing National Cybersecurity’s recommendations for all agencies to use strong authentication across all government systems.
Titled “Leveraging FIDO Standards to Extend the PKI Security Model in United States Government Agencies,” the paper describes the use of FIDO solutions to improve cybersecurity within the government environment and act as a complement to traditional PKI.
Developed by FIDO’s Public Policy and Privacy Working Group (P3WG), the paper outlines the many benefits of a FIDO-inclusive method of providing other authentication solutions that are both easier to use and to integrate with legacy applications.
These authentication solutions still provide the same core security associated with asymmetric public key cryptography
Though the Derived PIV Credential (DPC) program allows the issuance of a separate PKI certificate by proving possession of a PIV Card, the DPC workflow detailed in NIST 800-157 can be used to issue a FIDO public/private key pair, linked to the same identity record associated with the PIV card.
The main difference is that the key pair is part of a “lightweight” key pair instead of a “full” public key infrastructure.
For individuals in the government ecosystem that are not required to obtain a PIV, FIDO offers an alternative method that is more affordable, management and easier to use.
Using this method would ensure that individuals have a strong authentication based on public key cryptography.
The paper emphasizes that PIV is still the highest standard for authentication in the U.S. government, and will remain an essential aspect of the federal enterprise.
But as agencies work towards fulfilling the Commission’s recommendations, facilitating a method that extends PIV solutions with FIDO can improve the security across the Federal enterprise and help the U.S. to more effectively secure digital assets.
FIDO asserts that while eliminating password-based breaches by 2021 would be a significant challenge, it is not an entirely impossible goal.
Previously reported, the new FIDO Certified showcase provides deploying organizations with a one-stop shop to learn about the companies and products that can bring FIDO Authentication to their users.