Presentation is loading. Please wait.

Presentation is loading. Please wait.

The eID-ClientCore - Status and Outlook Dr. Wolf Müller.

Similar presentations

Presentation on theme: "The eID-ClientCore - Status and Outlook Dr. Wolf Müller."— Presentation transcript:

1 The eID-ClientCore - Status and Outlook Dr. Wolf Müller

2 eIDCC: Focus Library Command Line Interface GUI Open Identity Summit Embedded & Mobile Devices PCLaptop Evaluation Prototype Demo Education Research nPA PIN- Manag. eID eSIGN

3 eIDCC: Requirements Interoperability Binary Distribution Compiling for different hardware platforms C based Implementation PACE / EAC, RSA-PSK, Secure Messaging ASN.1 Parsing (Certificates …) Inspection of Protocol / Freshness / Binding of Channels Crypto Basic Implementation nPA-only, (optional) Card Detection eCard-API Licensing Looking for Compatible Building Blocks OpenSource Open Identity Summit

4 eIDCC: Seed September 2012: BDr and HUB release initial version as OpenSource Open Identity Summit

5 eIDCC: License OpenSource, but use limited to eID@(nPA|eAT) Die Humboldt-Universität räumt dem Nutzer mit diesen Nutzungsbedingungen unentgeltlich ein einfaches, räumlich und zeitlich unbeschränktes Nutzungsrecht ein, den eIDClientCore nach Maßgabe der folgenden Bestimmungen zu nutzen, und zwar beschränkt auf eIDClientCore Software für clientseitige Anwendungen, die einen elektronischen Identitätsnachweis mittels eines deutschen hoheitlichen Dokuments ermöglichen … Open Identity Summit

6 eIDCC (Seed): Libs & Dependencies Open Identity Summit

7 eIDCC: Further Steps Open Identity Summit Reduce dependencies! – Integration of OpenPACE – one Cryto-Lib PACE, CA, TA, SSL/TLS, RSA-PSK, Verification of (CV)-Certificates, … Modularization in order to – Separate test cases for different layers Open SSL

8 eIDCC: Future Open Identity Summit

9 eIDCC: Challenges Open Identity Summit Used with real Infrastructure – Interoperability: Different (implemented) eID-Services Different nPA-generations Cat-B-Reader in the field eIDCC (or similar) becomes available = possible automated access to eID-Services Re-assembling/-connecting of components (of eID-infrastructure) by an attacker becomes feasible – Selbstauskunft-in the middle – Relaying eSIGN

10 Selbstauskunft-in the middle * Does X need a Berechtigungszertifikat to verify a users name? Strategy like Sofortüberweisung Open Identity Summit Prove ID: Firstname Name via Selbstauskunft Prove ID: Firstname Name via Selbstauskunft eID- Service = Remote Reader https & eID-Client https & eID-Client eID-Service Y SSL/TLS (PSK) own Secure Messaging SSL/TLS *{gehring,wolfm}

11 Relaying eSIGN Cat-B Cat-K * Open Identity Summit eID victim attacker eSIGN )))) ? ? ! ! Cat-B Cat-K 2-factor something you have attacker can access + something you know 1-factor *{gehring,wolfm} video of the demo available

12 Credits Students or PHDs Michael Gehring Dominik Oepen Frank Morgner Pictures: –{radar, 1284641890, buildng, rubik_3D_colored, service} – Open Identity Summit

Download ppt "The eID-ClientCore - Status and Outlook Dr. Wolf Müller."

Similar presentations

Ads by Google