OpenSC: eID interoperability through open source software

eID interoperability through open source softwareMartin PaljakOpenSC Projectwww.opensc-project.org

Quick background check• Dealing with Estonian eID (1st generation) since 2003• Involved with OpenID (“OpenID for Estonians, OpenID.ee”)• Open source security/crypto/smart cards/identity software• Maintainer/lead developer of OpenSC Project since 2010• All opinions expressed are my own

Agenda• What is OpenSC• Problems observed from earth• Why open source matters• How OpenSC can help

OpenSC

OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers

OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or deﬁned by market

OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or deﬁned by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA

OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or deﬁned by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools

OpenSC• Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or deﬁned by market• Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools• “OpenSC has become the defacto open source smartcard provider”

OpenSC enables applications!

OpenSC enables applications!• Firefox - HTTPS authentication• Thunderbird - S/MIME signatures and encryption• Google Chrome - HTTPS authentication• E-voting - vote signing and authentication• OpenSSH - authentication• Safari - HTTPS authentication• Mail.app - S/MIME signatures and encryption• Outlook - S/MIME signatures and encryption• Open(Libre)Ofﬁce - digital signatures• Internet Explorer - HTTPS authentication• Adobe Acrobat - digital signatures• OpenVPN - authentication• Putty - authentication• WinSCP - authentication

Real life applications, right now.

OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID** - work in progress or other but-s or limitations

Problems with eID software projects• Initiation & execution• Trust• Sustainability• Interoperability• Innovation

Regulators endorse execution, incl. open source.

Initiation & execution

Initiation & execution• Reduced platform availability

Initiation & execution• Reduced platform availability • Linux (read: non-Windows)

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL)

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost • Keeping up with software changes is challenging

Initiation & execution• Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.• Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia• Commercial vs public interest. Cost• Client software is complex and interweaved. Cost • Keeping up with software changes is challenging• 1st iteration tends to “fail”

Trust• STOP ABUSING THIS WORD!

Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats

Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”

Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption

Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”

Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”• Who will be the ﬁrst to publish on-card application?

Trust• STOP ABUSING THIS WORD!• Opaque systems call for tinfoil hats• “How do I know that the software does not sign a transaction for 10000€?”• Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”• Who will be the ﬁrst to publish on-card application?• Ergo I’m no cloud believer

Sustainability Interoperability

Sustainability

Sustainability• Silos

Sustainability• Silos • 27x same mistakes? Probably.

Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?

Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?

Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5

Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires speciﬁc skills

Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires speciﬁc skills• Cost

Sustainability• Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?• (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires speciﬁc skills• Cost • A plant only grows if you water it

Innovation

Innovation• Commodity vs niche product • Easily available, interchangeable

Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID

Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement

Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?

Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?• Import vs export

Innovation• Commodity vs niche product • Easily available, interchangeable• P2P vs platform • SAML vs OpenID• eID must be ubiquitous to succeed • Make awkward uses easy to implement• Does open source lead the innovation or jog behind the cool guys?• Import vs export• Fibonacci innovation?

How can OpenSC help?• Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works”• Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to ﬁx their bugs• A reference implementation• Provide a common framework and platform for collaboration, interoperability and innovation

Thank you! Questions? opensc-project.org @MartinPaljak.net

OpenSC: eID interoperability through open source software

by Martin Paljak

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 1

Statistics

OpenSC: eID interoperability through open source software Presentation Transcript