SlideShare a Scribd company logo

OpenSC: eID interoperability through open source software

Martin Paljak
Martin Paljak
Technology
1 of 55
Download to read offline
eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
OpenSC
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
OpenSC enables applications!
OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
Real life applications, right now.
OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
Regulators endorse execution, incl. open source.
Initiation & execution
Initiation & execution • Reduced platform availability
Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
Trust
Trust • STOP ABUSING THIS WORD!
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
Sustainability Interoperability
Sustainability
Sustainability • Silos
Sustainability • Silos • 27x same mistakes? Probably.
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
Innovation
Innovation • Commodity vs niche product • Easily available, interchangeable
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
Thank you! Questions? opensc-project.org @MartinPaljak.net

Recommended

Kali presentation
Kali presentationKali presentation
Kali presentation
Zain Ul abadin
 
Github Actions and Terraform.pdf
Github Actions and Terraform.pdfGithub Actions and Terraform.pdf
Github Actions and Terraform.pdf
Vishwas N
 
Kali linux
Kali linuxKali linux
Kali linux
abdulla78
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF Workshop
Michael Kehoe
 
Hacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableHacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e Metasploitable
Andrea Draghetti
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
anumeha bhatnagar
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
Victor Morales
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 

Recommended

Kali presentation
Kali presentationKali presentation
Kali presentation
Zain Ul abadin
 
Github Actions and Terraform.pdf
Github Actions and Terraform.pdfGithub Actions and Terraform.pdf
Github Actions and Terraform.pdf
Vishwas N
 
Kali linux
Kali linuxKali linux
Kali linux
abdulla78
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF Workshop
Michael Kehoe
 
Hacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableHacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e Metasploitable
Andrea Draghetti
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
anumeha bhatnagar
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
Victor Morales
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Thomas Graf
 
DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit)
ymtech
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalation
nullthreat
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
Christian Posta
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
Ubuntu OS.pptx
Ubuntu OS.pptxUbuntu OS.pptx
Ubuntu OS.pptx
AhmedSubhanFarjamBai
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
Ivan Serdyuk
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
Gireesh Hariharasubramony
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
Mydbops
 
NMap
NMapNMap
NMap
Pritesh Raka
 
kali linux
kali linuxkali linux
kali linux
Darshan Dalwadi
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
Thomas Graf
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
Amazon Web Services
 
Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)
PLVision
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
Hisaki Ohara
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
Mostafa El Lathy
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
KhaledMohamed767546
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
Martin Paljak
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
Martin Paljak
 

More Related Content

What's hot

DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit)
ymtech
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 

What's hot (20)

Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
 
DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit) DPDK (Data Plane Development Kit)
DPDK (Data Plane Development Kit)
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalation
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 
Ubuntu OS.pptx
Ubuntu OS.pptxUbuntu OS.pptx
Ubuntu OS.pptx
 
Getting started with Ansible
Getting started with AnsibleGetting started with Ansible
Getting started with Ansible
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
 
NMap
NMapNMap
NMap
 
kali linux
kali linuxkali linux
kali linux
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)Stratum: Next-Gen SDN (beyond OpenFlow)
Stratum: Next-Gen SDN (beyond OpenFlow)
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 

Viewers also liked

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
 

Viewers also liked (9)

JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
 
OpenDNIe Hackfest
OpenDNIe HackfestOpenDNIe Hackfest
OpenDNIe Hackfest
 
Codebits 2011
Codebits 2011Codebits 2011
Codebits 2011
 
Veebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardigaVeebis allkirjastamine ID-kaardiga
Veebis allkirjastamine ID-kaardiga
 
ID-kaardist 100%
ID-kaardist 100%ID-kaardist 100%
ID-kaardist 100%
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
 

Similar to OpenSC: eID interoperability through open source software

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
NoDelay Software
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
apps4allru
 

Similar to OpenSC: eID interoperability through open source software (20)

No Delay Software Company Overview
No Delay Software Company OverviewNo Delay Software Company Overview
No Delay Software Company Overview
 
TypeScript - Javascript done right
TypeScript - Javascript done rightTypeScript - Javascript done right
TypeScript - Javascript done right
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
Cybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersCybersecurity Roadmap for Beginners
Cybersecurity Roadmap for Beginners
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoT
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of Things
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineers
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Elements of Connected Products
Elements of Connected ProductsElements of Connected Products
Elements of Connected Products
 
Building the Ultimate Device Matrix
Building the Ultimate Device MatrixBuilding the Ultimate Device Matrix
Building the Ultimate Device Matrix
 
SIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - MadridSIGFOX Makers Tour - Madrid
SIGFOX Makers Tour - Madrid
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Developing a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT EditionDeveloping a NodeBot using Intel XDK IoT Edition
Developing a NodeBot using Intel XDK IoT Edition
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020Sundance's presentation at B:RAI 2020
Sundance's presentation at B:RAI 2020
 
Embarcadero's Connected Development
Embarcadero's Connected DevelopmentEmbarcadero's Connected Development
Embarcadero's Connected Development
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

OpenSC: eID interoperability through open source software

  • 1. eID interoperability through open source software Martin Paljak OpenSC Project www.opensc-project.org
  • 2. Quick background check • Dealing with Estonian eID (1st generation) since 2003 • Involved with OpenID (“OpenID for Estonians, OpenID.ee”) • Open source security/crypto/smart cards/identity software • Maintainer/lead developer of OpenSC Project since 2010 • All opinions expressed are my own
  • 3. Agenda • What is OpenSC • Problems observed from earth • Why open source matters • How OpenSC can help
  • 5. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers
  • 6. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market
  • 7. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA
  • 8. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools
  • 9. OpenSC • Open source software (middleware) for cryptographic smart cards • Developed by independent team of international volunteers • Provides standard interfaces for software developers and applications to access cryptographic capabilities of smart cards • Standards are published or defined by market • Cross platform (Windows, Mac OS X, Linux/Unix) • PKCS#11, CryptoAPI (minidriver), Tokend/CDSA • PKCS#15 (ISO7816-15, IAS-ECC, PIV, EstEID, ...) • Card personalization tools • “OpenSC has become the defacto open source smartcard provider”
  • 11. OpenSC enables applications! • Firefox - HTTPS authentication • Thunderbird - S/MIME signatures and encryption • Google Chrome - HTTPS authentication • E-voting - vote signing and authentication • OpenSSH - authentication • Safari - HTTPS authentication • Mail.app - S/MIME signatures and encryption • Outlook - S/MIME signatures and encryption • Open(Libre)Office - digital signatures • Internet Explorer - HTTPS authentication • Adobe Acrobat - digital signatures • OpenVPN - authentication • Putty - authentication • WinSCP - authentication
  • 13. OpenSC supports* • Estonian eID • Finnish eID • Spanish eID* • Belgian eID • Portuguese eID • Italian eID • IAS-ECC* • PIV/CAC • Latvian eID* * - work in progress or other but-s or limitations
  • 14. Problems with eID software projects • Initiation & execution • Trust • Sustainability • Interoperability • Innovation
  • 15. Regulators endorse execution, incl. open source.
  • 17. Initiation & execution • Reduced platform availability
  • 18. Initiation & execution • Reduced platform availability • Linux (read: non-Windows)
  • 19. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga.
  • 20. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL)
  • 21. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium
  • 22. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain
  • 23. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal
  • 24. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia
  • 25. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost
  • 26. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost
  • 27. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging
  • 28. Initiation & execution • Reduced platform availability • Linux (read: non-Windows) • YourFavoriteStrangeLinuxDistroOnStrongARM. Or Amiga. • Licensing (OpenSC LGPL) • Belgium • Spain • Portugal • Latvia • Commercial vs public interest. Cost • Client software is complex and interweaved. Cost • Keeping up with software changes is challenging • 1st iteration tends to “fail”
  • 29. Trust
  • 31. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats
  • 32. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?”
  • 33. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption
  • 34. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured”
  • 35. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application?
  • 36. Trust • STOP ABUSING THIS WORD! • Opaque systems call for tinfoil hats • “How do I know that the software does not sign a transaction for 10000€?” • Trust is essential for successful widespread adoption • Does not always mean “cryptographically assured” • Who will be the first to publish on-card application? • Ergo I’m no cloud believer
  • 37. Sustainability Interoperability
  • 40. Sustainability • Silos • 27x same mistakes? Probably.
  • 41. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache?
  • 42. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”?
  • 43. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5
  • 44. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills
  • 45. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost
  • 46. Sustainability • Silos • 27x same mistakes? Probably. • eID is infrastructure. “Estache” (“Seto”) the Estonian Apache? • University computer class = 27x “Elbonian card software”? • (PKI smart cards) eID is no CSS or HTML5 • Niche market, requires specific skills • Cost • A plant only grows if you water it
  • 48. Innovation • Commodity vs niche product • Easily available, interchangeable
  • 49. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID
  • 50. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement
  • 51. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys?
  • 52. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export
  • 53. Innovation • Commodity vs niche product • Easily available, interchangeable • P2P vs platform • SAML vs OpenID • eID must be ubiquitous to succeed • Make awkward uses easy to implement • Does open source lead the innovation or jog behind the cool guys? • Import vs export • Fibonacci innovation?
  • 54. How can OpenSC help? • Grassroots community of specialists from different countries • Share knowledge and experiences • No politics. “Show me the solution that works” • Joint lobby group to collaborate with other (open source) projects • Make Firefox (close to 1/3 of the market) to fix their bugs • A reference implementation • Provide a common framework and platform for collaboration, interoperability and innovation
  • 55. Thank you! Questions? opensc-project.org @MartinPaljak.net