Paranoid crypto citizen
A story of Estonian eID, OpenSC and FUD
• Estonian ID-card history
• Client software evolution & OpenSC
• Misc uses for the card and some “hacks”
• Generic PKI-paranoia mixed with FUD
• Martin Paljak, ~30
• From periphery of Estonia
• ID-card user/hacker since 2003
• Wearing my (invisible) tinfoil hat today
• Introduced in 2002 (conceived in ~1999)
• Currently ~1.1million cards (~1.35 million citizens)
• ~400000 active electronic users
• 4th generation of card in circulation + Mobile-ID
• Non/pre-standard on-card structures
What can it do?
• Authentication (certiﬁcate)
• Legally binding signatures (certiﬁcate)
• Visual ID (electronic ID as well)
• Decryption (for data in motion)
• People smashing the chip with a hammer
• Cryptographers disabling their certiﬁcates
• “I did not generate those keys!”
• Tinfoil envelopes (and hats!)
• But no ICAO/RFID on the card...
• Knowledgeable people writing satire...
• Started by a Finn named JuhaYrjölä in ~2001
• Open source smart card middleware
• Includes support for several cryptographic
smart cards (national eID-s,“blank” cards, etc)
• Not necessarily the cutest piece of software
• It uses OpenSSL ;)
... of not having any software ...
OpenSC the software
• First custom Linux code & PKCS#11
• Then OS X - Tokend
• Now deprecated from 10.7+
• Now slowly Windows code - MiniDriver
• Extra cruft to support not a single card but
many cards with common goals
• A framework, sort of
“Implement API-s and platform modules used by real life
applications, to provide those applications access to
OpenSC the project
• Not to be confused with opensc.ws, a trojan forum
• Not to be confused with opensc-vdr, some SAT-TV
card-sharing thing (also illegal)
• An umbrella for people, code and projects with one
goal: use various cryptographic hardware.With open
source. Especially smart cards.
• New goal: reduce fragmentation in Linux and improve
interoperability between libraries (OpenSSL, NSS,
GnuTLS etc) with PKCS#11
• Government ﬁnally opens a tender for eID
• Based on existing open source code ;)
• Ofﬁcial E-voting happened in 2005
without ofﬁcial middleware to use the
card on “other” platforms...
• New, slightly different version of the card
• Campaign to increase electronic users of
the PKI system to 400000 in 3 years
• Cheap (6€) OmniKey card readers
subsidized by government made available
• Mobile-ID (WPKI) for driverless operation
• eID usage has increased tremendously
• People depend on it for online lifestyle
• “Temporary-ID” card introduced
(incompatible with original card), to have a
backup card if needed. Electronic use only.
• Software procurement failed, a fork of
forked open source code is created.
• A new (incompatible) card is introduced,
with 2048 bit RSA keys.
• There is ﬁnally “ofﬁcial software” available
to everyone, with real support. Open
source. Uses OpenSC for some parts.
• Smartphones make Mobile-ID an
• I get to plant paranoia on Codebits :)
• Smart card authentication != PIN veriﬁcation!!!
• Presenting your ID-card without the security guy
doing a face<>card check != ID veriﬁcation.
Door lock with ID+PIN
• Enter your ID card
• Type the PIN on keypad
• Simsalabim, door opens
• Remember EMV “CHIP+PIN” ?
In Bigger cities of Estonia
• Pay money to a company for credit
• Present your ID-card to public transport
workers when asked
• Checked from database, if your ID-code has a
• But municipal workers are not border guards ;)
A Public Library
• Pay money to secretary for credit
• Insert ID-card at copy machine
• Machine does:
• You do:
• A card that “looks” like your roommates card
• TIP: always do cryptographic veriﬁcation!
• Actually abusing the system
• Developing a “database nation”
• For the government, your identity
becomes just a primary key in the
“One Card to rule them all, One Card to ﬁnd
them, One Card to bring them all and in the
darkness bind them.”
• You encrypt your vote with the e-voting
system’s public key (anonymous)
• You sign the encrypted vote and send it
over the internet to the “ballot collector”
• Ballot box checks your eligibility to vote,
removes your signature and forwards the
encrypted vote to the “ballot box”
• Anonymous votes get decrypted and
Things to consider
• Vote-forging it not tied to ID-card
• Don’t care (but authentication is)
• Things are heavily monitored
• Don’t care (police will knock on door)
• ZEUS trojan has a smart card module
• Don’t care (but precautions are taken)
• Haters gonna hate.
“It is OK to use card you don’t trust to interact
with a government you don’t trust”
Use and abuse
• “Automatically select certiﬁcate”
• Identiﬁcation of visitors, for fun or proﬁt
• Remove your card if not using it!
• Trojans steal PIN codes and send to ...
• Use pinpad readers!
• Secure pinpad readers coming to market.
The good, the bad, the awful
• Biggest issue: fault in infrastructure
• The basic “SSL/PKI” complaints apply
• No breach from systematic failure has
• DON’T PANIC!
• Do business from anywhere, like Sintra!
• ... helps to ﬁght FUD
• ... helps to ﬁght paranoia
• ... helps to keep things auditable
• Use open source software
• Use public documentation
• If it is hackable, it will be hacked anyway.
Thanks for listening!
See you at FOSDEM 2012