OpenDNIe Hackfest


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

OpenDNIe Hackfest

  1. 1. eIDthe open source perspective Martin Paljak (maintainer of) OpenSC Project
  2. 2. Agenda• Brief history of eID in Estonia• History of OpenSC• Why open source matters• What’s up next for OpenSC ?
  3. 3. eID in Estonia• Preparations from 1997, actions from 1999/2000 to issue PKI smart cards to every citizen• First cards issued in January 2002• “Probably the best beer eID in the world”• 1.1 Million cards, around 30% electronic users• Problem: no client software procured by government at first
  4. 4. eID software in Estonia• Plan A: proprietary free (as beer) software for Windows, created by the (commercial) CA• A-Team: creates necessary software as open source (OpenSC, OpenSC.tokend, installers etc)• Plan B: (5 years later) government tender to legalize (?) and re-use the open source software (#1 failed, #2 failed, #3 ongoing...)
  5. 5. Happy 10th birthday, OpenSC!• Two Finns, Juha and Antti, wanted to write an open source PKCS#11 driver for FINeID (PKCS#15) cards• 2001/2002 first posts on the opensc-devel mailing list• 0.4.0 released on 2001-12-29, contains a single, read-only driver
  6. 6. OpenSC in 2011• 0.12.1 released on 17.05.2011• ~30 card drivers• A reasonable PKCS#11 module• Mac OS X integration (TokenD)• Windows integration coming (MiniDriver)• Binary installers (Windows, Mac OS X)• Synthesized (non-PKCS#15) formats• Card personalization support
  7. 7. 2001 to 2011• Got interested around summer 2003• Germans project: “Got ~2005, things to do ...” leave the took over in better Founding Finns• Early adopter of understandingOpenSC because “lack Belgium ditches from project”• Basically announced “soon stagnated or dead, if not already” by maintainer• “MUSCLE” practically dead, except for pcsc- lite+CCID• Maintenance “back in Nordic” (Estonia) since April 2010
  8. 8. Why OpenSC “won”?• A. Driver framework to support different cards • Compare: Linux; Evolution prefers heterogenous systems• B. Thrive to integrate with the environment • Apple is as good standard as Microsoft or RSA. % & $• C. Dedication to core values • Open source, open attitude, community-driven• “If your work is stolen, it has value”
  9. 9. Why open source eID?• PKI - I as Infrastructure • 27 EU silos? Spanish Apache, “Spache”?• Transparency • eID affects almost everyone, trust in system is required for adoption
  10. 10. Neat reasons• eID often implemented as JavaCard applets • +1 for first published on-card applet. • “Fake eID applet” for badly written library copy machines & “free” copying• “What about my Commodore64 or Atari?” • Or Android, embedded ARM, ... ?
  11. 11. Neat anti-reasons• Open source makes attacks easier • Re-using branding, planting malware inside• Closed source allows for more competition from companies / possible technology export
  12. 12. Trends• First iteration often fails (technical or political or licensing issues)• SETEC ASTRONOMY fails • Don’t let government become Sony• Second round will be OSS anyway • Help others avoid the first mistake
  13. 13. Internationalcollaboration benefits• Applications (Firefox, OpenSSH, XXXOffice etc) all done elsewhere, by “foreigners”. • OpenSC as the grassroots EU interest body and lobby group of open source software smart card support (Mozilla, Apple etc)• Smart cards and crypto a niche sector, difficult to find motivated and competent fresh blood.• Homogeneous systems are doomed by evolution and limited by kind.
  14. 14. IAS-ECC, STORK, ...• US: PIV/CAC• EU: IAS-ECC • Standards are nice but real life matters too• Cross-border eID-enabledto test” (x27) “Install Elbonian software services:• Grassroots collaboration andbetter services interoperability could create resulting before policymakers.• Reference implementation benefits everyone
  15. 15. What lies ahead• OpenSC is far from an optimal or perfect solution • Old cruft, missing driver authors, lack of documentation, lack of courageous decisions (“structural reforms”), suboptimal design etc• Still it seems to have properties other projects don’t
  16. 16. OpenSC 0.12.2• To be released on 2011.06.10• Hopefully most of OpenDNIe code merged • “driver framework” is important• Bugfixes, cleanups, improvements• Automated tests, fast build iterations, infrastructure changes to support gradual project reform
  17. 17. Future of OpenSC• More cards, less drivers• Commodity (infrastructure) vs expensive gadget• New algorithms (Elliptic Curves)• Contactless world• Beyond conventional PKI crypto• COLLABORATION!