opensc: eid interoperability through open source software

eID interoperability through open source software

Martin PaljakOpenSC Projectwww.opensc-project.org

Quick background check

• Dealing with Estonian eID (1st generation) since 2003

• Involved with OpenID (“OpenID for Estonians, OpenID.ee”)

• Open source security/crypto/smart cards/identity software

• Maintainer/lead developer of OpenSC Project since 2010

• All opinions expressed are my own

Agenda

• What is OpenSC

• Problems observed from earth

• Why open source matters

• How OpenSC can help

OpenSC

OpenSC

• Open source software (middleware) for cryptographic smart cards

• Developed by independent team of international volunteers

OpenSC



• Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards

• Standards are published or defined by market

OpenSC





• Cross platform (Windows, Mac OS X, Linux/Unix)

• PKCS#11, CryptoAPI (minidriver), Tokend/CDSA

OpenSC







• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...)

• Card personalization tools

OpenSC







• PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...)

• Card personalization tools

• “OpenSC has become the defacto open source smartcard provider”

OpenSC enables applications!

OpenSC enables applications!

• Firefox - HTTPS authentication• Thunderbird - S/MIME signatures and encryption• Google Chrome - HTTPS authentication• E-voting - vote signing and authentication• OpenSSH - authentication • Safari - HTTPS authentication• Mail.app - S/MIME signatures and encryption• Outlook - S/MIME signatures and encryption• Open(Libre)Office - digital signatures• Internet Explorer - HTTPS authentication• Adobe Acrobat - digital signatures• OpenVPN - authentication• Putty - authentication• WinSCP - authentication

Real life applications, right now.

OpenSC supports*

• Estonian eID

• Finnish eID

• Spanish eID*

• Belgian eID

• Portuguese eID

• Italian eID

• IAS-ECC*

• PIV/CAC

• Latvian eID*

* - work in progress or other but-s or limitations

• Initiation & execution

• Trust

• Sustainability

• Interoperability

• Innovation

Problems with eID software projects

Regulators endorse execution, incl. open source.

Initiation & execution


• Reduced platform availability



• Linux (read: non-Windows)




• YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.





• Licensing (OpenSC LGPL)






• Belgium






• Belgium

• Spain






• Belgium

• Spain

• Portugal






• Belgium

• Spain

• Portugal

• Latvia






• Belgium

• Spain

• Portugal

• Latvia

• Commercial vs public interest. Cost






• Belgium

• Spain

• Portugal

• Latvia


• Client software is complex and interweaved. Cost






• Belgium

• Spain

• Portugal

• Latvia



• Keeping up with software changes is challenging






• Belgium

• Spain

• Portugal

• Latvia



• Keeping up with software changes is challenging

• 1st iteration tends to “fail”

Trust

• STOP ABUSING THIS WORD!

Trust


• Opaque systems call for tinfoil hats

Trust



• “How do I know that the software does not sign a transaction for 10000€?”

Trust




• Trust is essential for successful widespread adoption

Trust





• Does not always mean “cryptographically assured”

Trust






• Who will be the first to publish on-card application?

Trust






• Who will be the first to publish on-card application?

• Ergo I’m no cloud believer

Sustainability Interoperability

Sustainability

Sustainability

• Silos

Sustainability

• Silos

• 27x same mistakes? Probably.

Sustainability

• Silos


• eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?

Sustainability

• Silos



• University computer class = 27x “Elbonian card software”?

Sustainability

• Silos




• (PKI smart cards) eID is no CSS or HTML5

Sustainability

• Silos





• Niche market, requires specific skills

Sustainability

• Silos






• Cost

Sustainability

• Silos






• Cost

• A plant only grows if you water it

Innovation

Innovation

• Commodity vs niche product

• Easily available, interchangeable

Innovation



• P2P vs platform

• SAML vs OpenID

Innovation



• P2P vs platform

• SAML vs OpenID

• eID must be ubiquitous to succeed

• Make awkward uses easy to implement

Innovation



• P2P vs platform

• SAML vs OpenID



• Does open source lead the innovation or jog behind the cool guys?

Innovation



• P2P vs platform

• SAML vs OpenID




• Import vs export

Innovation



• P2P vs platform

• SAML vs OpenID




• Import vs export

• Fibonacci innovation?

How can OpenSC help?

• Grassroots community of specialists from different countries

• Share knowledge and experiences

• No politics. “Show me the solution that works”

• Joint lobby group to collaborate with other (open source) projects

• Make Firefox (close to 1/3 of the market) to fix their bugs

• A reference implementation

• Provide a common framework and platform for collaboration, interoperability and innovation

Thank you!

Questions?

opensc-project.org

@MartinPaljak.net

http://www.opensc-project.org

http://www.opensc-project.org

opensc: eid interoperability through open source software

Technology

cryptographic smart

software developers

open source matters

eid interoperability

pivcac latvian eid

standard interfaces

opensc problems

linuxunix pkcs