1 / 12

The eID-ClientCore - Status and Outlook

The eID-ClientCore - Status and Outlook. Wolf.Mueller @ informatik.hu-berlin.de https://sar.informatik.hu-berlin.de http://BeID-lab.de . Dr. Wolf Müller. eIDCC : Focus. eIDCC : Requirements. eIDCC : Seed. September 2012: BDr and HUB release initial v ersion as OpenSource

newton
Télécharger la présentation

The eID-ClientCore - Status and Outlook

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The eID-ClientCore - Status and Outlook Wolf.Mueller@informatik.hu-berlin.dehttps://sar.informatik.hu-berlin.de http://BeID-lab.de Dr. Wolf Müller

  2. eIDCC: Focus Wolf.Mueller@informatik.hu-berlin.de

  3. eIDCC: Requirements Wolf.Mueller@informatik.hu-berlin.de

  4. eIDCC: Seed • September 2012: BDr and HUB release initial versionasOpenSource • https://github.com/BeID-lab/eIDClientCore Wolf.Mueller@informatik.hu-berlin.de

  5. eIDCC: License • OpenSource, but use limited to eID@(nPA|eAT) „Die Humboldt-Universität räumt dem Nutzer mit diesen Nutzungsbedingungen unentgeltlich ein einfaches, räumlich und zeitlich unbeschränktes Nutzungsrecht ein, den eIDClientCore nach Maßgabe der folgenden Bestimmungen zu nutzen, und zwar beschränkt auf eIDClientCore Software für clientseitige Anwendungen, die einen elektronischen Identitätsnachweismittels eines deutschen hoheitlichen Dokuments ermöglichen …“ https://raw.github.com/BeID-Lab/eIDClientCore/master/COPYING Wolf.Mueller@informatik.hu-berlin.de

  6. eIDCC (Seed): Libs & Dependencies Wolf.Mueller@informatik.hu-berlin.de

  7. eIDCC: Further Steps • Reduce dependencies! • Integration of OpenPACE • oneCryto-Lib • PACE, CA, TA, • SSL/TLS, RSA-PSK, • Verification of (CV)-Certificates, … • Modularization in order to • Separate test cases fordifferent layers OpenSSL Wolf.Mueller@informatik.hu-berlin.de

  8. eIDCC: Future Wolf.Mueller@informatik.hu-berlin.de

  9. eIDCC: Challenges • Used with real Infrastructure • Interoperability: • Different (implemented) eID-Services • Different nPA-generations • “Cat-B”-Reader in the field • eIDCC (or similar) becomes available= possible automated access to eID-Services • Re-assembling/-connecting of components (of eID-infrastructure)by an attackerbecomes feasible • “Selbstauskunft”-in the middle • Relaying eSIGN Wolf.Mueller@informatik.hu-berlin.de

  10. “Selbstauskunft”-in the middle* Does X need a “Berechtigungszertifikat” to verify a users name? • Strategy like “Sofortüberweisung” = Remote Reader https & eID-Client eID-Service Y • Prove ID: • Firstname • Name • via • Selbstauskunft own SSL/TLS (PSK) X X eID-Service Secure Messaging SSL/TLS Wolf.Mueller@informatik.hu-berlin.de *{gehring,wolfm}@informatik.hu-berlin.de

  11. RelayingeSIGNCat-BCat-K* Cat-B video of the demo available eID victim attacker Cat-K )))) ? ! eSIGN 2-factor “something you haveattacker can access+ something you know”  1-factor Wolf.Mueller@informatik.hu-berlin.de *{gehring,wolfm}@informatik.hu-berlin.de

  12. Credits Students or PHDs • Michael Gehring • DominikOepen • Frank Morgner Pictures: • https://openclipart.org/{radar, 1284641890, buildng, rubik_3D_colored, service} • https://commons.wikimedia.org/wiki/File:Personalausweis_Text_logo.svg Wolf.Mueller@informatik.hu-berlin.de

More Related