Presentation is loading. Please wait.

Presentation is loading. Please wait.

The eID-ClientCore - Status and Outlook

Published byAngel James Modified over 10 years ago

Similar presentations

Presentation on theme: "The eID-ClientCore - Status and Outlook"— Presentation transcript:

1 The eID-ClientCore - Status and Outlook
Dr. Wolf Müller

2 Embedded & Mobile Devices
PC Laptop eIDCC: Focus Library Command Line Interface GUI Evaluation Prototype Demo Education Research nPA PIN- Manag. eID eSIGN Open Identity Summit 2013

3 eIDCC: Requirements Interoperability Binary Distribution
Compiling for different hardware platforms C based Implementation PACE / EAC, RSA-PSK, Secure Messaging ASN.1 Parsing (Certificates …) Inspection of Protocol / Freshness / Binding of Channels Crypto Basic Implementation nPA-only, (optional) Card Detection eCard-API Licensing Looking for Compatible Building Blocks OpenSource Open Identity Summit 2013

4 eIDCC: Seed September 2012: BDr and HUB release initial version as OpenSource Open Identity Summit 2013

5 eIDCC: License OpenSource, but use limited to eID@(nPA|eAT)
„Die Humboldt-Universität räumt dem Nutzer mit diesen Nutzungsbedingungen unentgeltlich ein einfaches, räumlich und zeitlich unbeschränktes Nutzungsrecht ein, den eIDClientCore nach Maßgabe der folgenden Bestimmungen zu nutzen, und zwar beschränkt auf eIDClientCore Software für clientseitige Anwendungen, die einen elektronischen Identitätsnachweis mittels eines deutschen hoheitlichen Dokuments ermöglichen …“ Open Identity Summit 2013

6 eIDCC (Seed): Libs & Dependencies
Lang C C++ Crypto gnutls cryptopp gcrypt Parse asn1c expat SC pcsc-lite No Libs  or Own  PAOS  TR-03112 TR-03110 html Open Identity Summit 2013

7 eIDCC: Further Steps OpenSSL Reduce dependencies!
Integration of OpenPACE one Cryto-Lib PACE, CA, TA, SSL/TLS, RSA-PSK, Verification of (CV)-Certificates, … Modularization in order to Separate test cases for different layers OpenSSL Open Identity Summit 2013

8 eIDCC: Future C++ Parse C Lang SC No Libs or Own Crypto openssl asn1c
expat libcurl SC generic No Libs or Own PAOS  TR-03112 Open-PACE Open Identity Summit 2013

9 eIDCC: Challenges Used with real Infrastructure
Interoperability: Different (implemented) eID-Services Different nPA-generations “Cat-B”-Reader in the field eIDCC (or similar) becomes available = possible automated access to eID-Services Re-assembling/-connecting of components (of eID-infrastructure) by an attacker becomes feasible “Selbstauskunft”-in the middle Relaying eSIGN Open Identity Summit 2013

10 “Selbstauskunft”-in the middle*
Does X need a “Berechtigungszertifikat” to verify a users name? Strategy like “Sofortüberweisung” Prove ID: Firstname Name via Selbstauskunft = Remote Reader https & eID-Client eID-Service Y own SSL/TLS (PSK) Secure Messaging X X eID- Service SSL/TLS Open Identity Summit 2013

11 Relaying eSIGN Cat-B Cat-K*
video of the demo available eID victim attacker Cat-K )))) ! ? eSIGN 2-factor “something you have attacker can access + something you know”  1-factor Open Identity Summit 2013

12 Credits Students or PHDs Michael Gehring Dominik Oepen Frank Morgner
Pictures: , buildng, rubik_3D_colored, service} Open Identity Summit 2013

Download ppt "The eID-ClientCore - Status and Outlook"

Similar presentations

Information Systems & Semantic Web University of Koblenz Landau, Germany Advanced Data Modeling Relational Data Model continued Steffen Staab with Simon.

Information Systems & Semantic Web University of Koblenz Landau, Germany Advanced Data Modeling Relational Data Model continued Steffen Staab with Simon.
Network Security.

Network Security.
Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
Mobile Devices in the DoD

Mobile Devices in the DoD
September 11 th 2013 Open Identity Summit 2013, Kloster Banz Marcel Selhorst Cloud-based provisioning of qualified certificates for the German ID card.

September 11 th 2013 Open Identity Summit 2013, Kloster Banz Marcel Selhorst Cloud-based provisioning of qualified certificates for the German ID card.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Eike Stepper Berlin, Germany CDO Model Repository 4.1 Release Review.

Eike Stepper Berlin, Germany CDO Model Repository 4.1 Release Review.
1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.

1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.
Epic’s Build Tools & Infrastructure

Epic’s Build Tools & Infrastructure
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Similar presentations

Ads by Google