Paranoid crypto citizen
A story of Estonian eID, OpenSC and FUD
• Estonian ID-card history
• Client software evolution & OpenSC
• Misc uses for the card and some “hacks”
• Generic PKI-paranoia mixed with FUD
• Martin Paljak, ~30
• From periphery of Estonia
• ID-card user/hacker since 2003
• Wearing my (invisible) tinfoil hat today
• Introduced in 2002 (conceived in ~1999)
• Currently ~1.1million cards (~1.35 million citizens)
• ~400000 active electronic users
• 4th generation of card in circulation + Mobile-ID
• Non/pre-standard on-card structures
What can it do?
• Authentication (certiﬁcate)
• Legally binding signatures (certiﬁcate)
• Visual ID (electronic ID as well)
• Decryption (for data in motion)
• People smashing the chip with a hammer
• Cryptographers disabling their certiﬁcates
• “I did not generate those keys!”
• Tinfoil envelopes (and hats!)
• But no ICAO/RFID on the card...
• Knowledgeable people writing satire...
• Started by a Finn named JuhaYrjölä in ~2001
• Open source smart card middleware
• Includes support for several cryptographic
smart cards (national eID-s,“blank” cards, etc)
• Not necessarily the cutest piece of software
• It uses OpenSSL ;)
... of not having any software ...
OpenSC the software
• First custom Linux code & PKCS#11
• Then OS X - Tokend
• Now deprecated from 10.7+
• Now slowly Windows code - MiniDriver
• Extra cruft to support not a single card but
many cards with common goals
• A framework, sort of
“Implement API-s and platform modules used by real life
applications, to provide those applications access to
OpenSC the project
• Not to be confused with opensc.ws, a trojan forum
• Not to be confused with opensc-vdr, some SAT-TV
card-sharing thing (also illegal)
• An umbrella for people, code and projects with one
goal: use various cryptographic hardware.With open
source. Especially smart cards.
• New goal: reduce fragmentation in Linux and improve
interoperability between libraries (OpenSSL, NSS,
GnuTLS etc) with PKCS#11
• Government ﬁnally opens a tender for eID
• Based on existing open source code ;)
• Ofﬁcial E-voting happened in 2005
without ofﬁcial middleware to use the
card on “other” platforms...
• New, slightly different version of the card
• Campaign to increase electronic users of
the PKI system to 400000 in 3 years
• Cheap (6€) OmniKey card readers
subsidized by government made available
• Mobile-ID (WPKI) for driverless operation
• eID usage has increased tremendously
• People depend on it for online lifestyle
• “Temporary-ID” card introduced
(incompatible with original card), to have a
backup card if needed. Electronic use only.
• Software procurement failed, a fork of
forked open source code is created.
• A new (incompatible) card is introduced,
with 2048 bit RSA keys.
• There is ﬁnally “ofﬁcial software” available
to everyone, with real support. Open
source. Uses OpenSC for some parts.
• Smartphones make Mobile-ID an
• I get to plant paranoia on Codebits :)
• Smart card authentication != PIN veriﬁcation!!!
• Presenting your ID-card without the security guy
doing a face<>card check != ID veriﬁcation.
Door lock with ID+PIN
• Enter your ID card
• Type the PIN on keypad
• Simsalabim, door opens
• Remember EMV “CHIP+PIN” ?
In Bigger cities of Estonia
• Pay money to a company for credit
• Present your ID-card to public transport
workers when asked
• Checked from database, if your ID-code has a
• But municipal workers are not border guards ;)
A Public Library
• Pay money to secretary for credit
• Insert ID-card at copy machine
• Machine does:
• You do:
• A card that “looks” like your roommates card
• TIP: always do cryptographic veriﬁcation!
• Actually abusing the system
• Developing a “database nation”
• For the government, your identity
becomes just a primary key in the
“One Card to rule them all, One Card to ﬁnd
them, One Card to bring them all and in the
darkness bind them.”
• You encrypt your vote with the e-voting
system’s public key (anonymous)
• You sign the encrypted vote and send it
over the internet to the “ballot collector”
• Ballot box checks your eligibility to vote,
removes your signature and forwards the
encrypted vote to the “ballot box”
• Anonymous votes get decrypted and
Things to consider
• Vote-forging it not tied to ID-card
• Don’t care (but authentication is)
• Things are heavily monitored
• Don’t care (police will knock on door)
• ZEUS trojan has a smart card module
• Don’t care (but precautions are taken)
• Haters gonna hate.
“It is OK to use card you don’t trust to interact
with a government you don’t trust”
Use and abuse
• “Automatically select certiﬁcate”
• Identiﬁcation of visitors, for fun or proﬁt
• Remove your card if not using it!
• Trojans steal PIN codes and send to ...
• Use pinpad readers!
• Secure pinpad readers coming to market.
The good, the bad, the awful
• Biggest issue: fault in infrastructure
• The basic “SSL/PKI” complaints apply
• No breach from systematic failure has
• DON’T PANIC!
• Do business from anywhere, like Sintra!
• ... helps to ﬁght FUD
• ... helps to ﬁght paranoia
• ... helps to keep things auditable
• Use open source software
• Use public documentation
• If it is hackable, it will be hacked anyway.
Thanks for listening!
See you at FOSDEM 2012
Parece que tiene un bloqueador de anuncios ejecutándose. Poniendo SlideShare en la lista blanca de su bloqueador de anuncios, está apoyando a nuestra comunidad de creadores de contenidos.
¿Odia los anuncios?
Hemos actualizado nuestra política de privacidad.
Hemos actualizado su política de privacidad para cumplir con las cambiantes normativas de privacidad internacionales y para ofrecerle información sobre las limitadas formas en las que utilizamos sus datos.
Puede leer los detalles a continuación. Al aceptar, usted acepta la política de privacidad actualizada.