Presentation is loading. Please wait.

Presentation is loading. Please wait.

The eID-ClientCore - Status and Outlook

Similar presentations


Presentation on theme: "The eID-ClientCore - Status and Outlook"— Presentation transcript:

1 The eID-ClientCore - Status and Outlook
Dr. Wolf Müller https://sar.informatik.hu-berlin.de

2 Embedded & Mobile Devices
PC Laptop eIDCC: Focus Library Command Line Interface GUI Evaluation Prototype Demo Education Research nPA PIN- Manag. eID eSIGN Open Identity Summit 2013

3 eIDCC: Requirements Interoperability Binary Distribution
Compiling for different hardware platforms C based Implementation PACE / EAC, RSA-PSK, Secure Messaging ASN.1 Parsing (Certificates …) Inspection of Protocol / Freshness / Binding of Channels Crypto Basic Implementation nPA-only, (optional) Card Detection eCard-API Licensing Looking for Compatible Building Blocks OpenSource Open Identity Summit 2013

4 eIDCC: Seed September 2012: BDr and HUB release initial version as OpenSource https://github.com/BeID-lab/eIDClientCore Open Identity Summit 2013

5 eIDCC: License OpenSource, but use limited to eID@(nPA|eAT)
„Die Humboldt-Universität räumt dem Nutzer mit diesen Nutzungsbedingungen unentgeltlich ein einfaches, räumlich und zeitlich unbeschränktes Nutzungsrecht ein, den eIDClientCore nach Maßgabe der folgenden Bestimmungen zu nutzen, und zwar beschränkt auf eIDClientCore Software für clientseitige Anwendungen, die einen elektronischen Identitätsnachweis mittels eines deutschen hoheitlichen Dokuments ermöglichen …“ https://raw.github.com/BeID-Lab/eIDClientCore/master/COPYING Open Identity Summit 2013

6 eIDCC (Seed): Libs & Dependencies
Lang C C++ Crypto gnutls cryptopp gcrypt Parse asn1c expat SC pcsc-lite No Libs  or Own  PAOS  TR-03112 TR-03110 html Open Identity Summit 2013

7 eIDCC: Further Steps OpenSSL Reduce dependencies!
Integration of OpenPACE one Cryto-Lib PACE, CA, TA, SSL/TLS, RSA-PSK, Verification of (CV)-Certificates, … Modularization in order to Separate test cases for different layers OpenSSL Open Identity Summit 2013

8 eIDCC: Future C++ Parse C Lang SC No Libs or Own Crypto openssl asn1c
expat libcurl SC generic No Libs or Own PAOS  TR-03112 Open-PACE Open Identity Summit 2013

9 eIDCC: Challenges Used with real Infrastructure
Interoperability: Different (implemented) eID-Services Different nPA-generations “Cat-B”-Reader in the field eIDCC (or similar) becomes available = possible automated access to eID-Services Re-assembling/-connecting of components (of eID-infrastructure) by an attacker becomes feasible “Selbstauskunft”-in the middle Relaying eSIGN Open Identity Summit 2013

10 “Selbstauskunft”-in the middle*
Does X need a “Berechtigungszertifikat” to verify a users name? Strategy like “Sofortüberweisung” Prove ID: Firstname Name via Selbstauskunft = Remote Reader https & eID-Client eID-Service Y own SSL/TLS (PSK) Secure Messaging X X eID- Service SSL/TLS Open Identity Summit 2013

11 Relaying eSIGN Cat-B Cat-K*
video of the demo available eID victim attacker Cat-K )))) ! ? eSIGN 2-factor “something you have attacker can access + something you know”  1-factor Open Identity Summit 2013

12 Credits Students or PHDs Michael Gehring Dominik Oepen Frank Morgner
Pictures: https://openclipart.org/{radar, , buildng, rubik_3D_colored, service} https://commons.wikimedia.org/wiki/File:Personalausweis_Text_logo.svg Open Identity Summit 2013


Download ppt "The eID-ClientCore - Status and Outlook"

Similar presentations


Ads by Google