SlideShare une entreprise Scribd logo

The Belgian E Id Hacker Vs Developer

B
beires
1  sur  47
Télécharger pour lire hors ligne
OWASP Belgium The OWASP Chapter Foundation http://www.owasp.org The Belgian e-ID: hacker vs developer  Erwin Geirnaert ZION SECURITY Frank Cornelis Fedict
The OWASP Foundation http://www.owasp.org Agenda ● eID Card Introduction ● eID Card Integration ● Examples of bad implementations 2
Who are we? •Frank: eID Architect at Fedict ●eID Middleware ● eID Applet ● eID Trust Service, jTrust, eID IdP, eID DSS •Erwin: whitehat hacker at ZION SECURITY
eID Card Introduction
eID in Belgium ● eID cards issued (16/01/2010) ● 8.220.456 citizen eID cards (full deployment) ● 511.774 foreigner eID cards ● 186.011 kids eID cards ● Technology ● RSA 1024 smart card ● QC with 5 year validity ● Involved major organizations: ● FedICT: Federal ICT – PKI, client software, SOA solutions ● National Registry – user database, card issuing 5
eID Card Physical Structure Logical Structure eID Card APDU Crypto ROM Belgian eID Card JavaCard Applet (RSA) (operating system) JavaCard Virtual Machine EEPROM (file system) Basic Operating System CPU RAM Infineon Chip (SLE66CX322P) (memory) 6
eID Card Content PKI Citizen Identity Data Authentication Photo PKCS1 RSA-SHA1 RSA key + Cert NRN Signatures Non-repudiation RSA key + Cert Identity File Identity File NRN Signature Root CA Certificate Address File Citizen CA Address File NRN Signature Certificate NRN Certificate PKCS#15 file structure 7
eID Card Functionality ● Non-electronic functionality ● Visible Identification ● Visible Authentication via facial recognition and/or hand-written signature (a kind of challenge) ● Electronic functionality ● Identification: who are you? – Passive eID usage – Privacy sensitive ● Authentication: can you prove who you are? – Active challenging the eID card + eID user (2 factor) ● Digital Signing: non-repudiation signature – Prove of acknowledgment at a point in time 8
eID PKI Topology GlobalSign CA Certificate RSA2048 Certificate Signatures Root CA Root CA same key according to Certificate Certificate PKCS1-RSA- RSA2048 RSA2048 SHA1 CRL NRN Certificate RSA2048 RSA2048 Citizen CA Gov CA Certificate Certificate OCSP Responder CRL CRL Authn/non-repud SSL Certificate Certificate RSA1024 RSA1024 9
eID Card Integration
eID Card Interfacing ● Via APDU messages ● Application Protocol Data Unit ● Command: from the reader to the card ● Response: from the card to the reader ● Example: Creation of a signature ● Set APDU: select the key. 0x82 = authn key ● Prepare DigestInfo PKCS1 DER sequence ● Verify PIN APDU: (PIN BCD encoded) ● Compute Digital Signature APDU ● Retrieve signature data ● Doing the APDU interface is crazy 11
eID Card APDU Demo
eID Card Integration Web Application Important aspects when integrating: ●Ease of integration ●Secure usage of eID ●Platform independent solution: ● Windows ?????????????? ● Linux ● Mac OS X ●Multiple browser support: ● Firefox ● MS IE ● Safari ● Chrome eID Card ●Integration point abstraction level ●Idiot proof eID components 13
eID Architecture authentication IdP SAML SAMLp WS-Federation OpenID eID IAM eID IdP Integration Points signatures XKMS identification SSL eID Applet trust PKI DSS display tokend CSP PKCS#11 OCSP CRL pinpad minidriver PC/SC CA TSA CCID reader PDF PKCS#7 eID ID ODF XMLDSig TSL NTP PKCS#15 PKCS#1 NR OOXML XAdES TSP 14
eID Identification ● Identification: who are you? identification ● Readout of the eID Identity, eID Applet Address and Photo files. ● Server-side identity file parsing PC/SC ● Server-side integrity reader validation of all identity files eID ID is possible via NRN signature NR 15
eID Applet ● Java 6 Web Browser eID Component ● Supports multiple web browsers: ● Firefox, Chrome, Internet Explorer, Safari ● Platform-independent: ● Windows, Linux, Mac OS X ● Interactive eID card handling ● Support for secure CCID pinpad readers ● Web developer friendly ● Open Source Software: GNU LGPL 3 ● http://code.google.com/p/eid-applet/ 16
eID Applet Architecture Web Browser Servlet Web Container Web Page 1 eID Applet 3 eID Applet SPI 2 Service 4 5 3 HTTP Session Target Page Service Implementation 6 jTrust SPI design pattern is key to enabling eID Applet features 17
eID Applet Identification identify-the-user.html <script src="https://www.java.com/js/deployJava.js"></script> <script> var attributes = { code :'be.fedict.eid.applet.Applet.class', archive :'eid-applet.jar', width :600, height :300 }; var parameters = { TargetPage :'identification-result-page.jsp', AppletService :'applet-service', }; var version = '1.6'; deployJava.runApplet(attributes, parameters, version); </script> identification-result-page.jsp <%@page import="be.fedict.eid.applet.service.Identity"%> <html> <body> <%=((Identity) session.getAttribute("eid.identity")).name%> </body> </html> <servlet> web.xml <servlet-name>AppletServiceServlet</servlet-name> <servlet-class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>AppletServiceServlet</servlet-name> <url-pattern>/applet-service</url-pattern> </servlet-mapping> 18
eID Identification Demo
eID Identity Integrity ● eID Applet reads the identity files and NRN signatures, posts to eID Applet Service ● Server-side verification of the NRN signatures over the identity, photo and address files by the eID Applet Service ● Verification of the NRN certificate chain via the IdentityIntegrityService SPI <servlet> <servlet-name>AppletIntegrityServiceServlet</servlet-name> <servlet-class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-class> <init-param> <param-name>IdentityIntegrityService</param-name> <param-value>/location/in/jndi/of/the/IdentityIntegrityServiceBean</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>AppletIntegrityServiceServlet</servlet-name> <url-pattern>/applet-service-integrity</url-pattern> </servlet-mapping> 20
eID Identification Demo Integrity Validation
eID Card Cloning ● eID has a 3th key pair: card authn key ● eID Card Authentication signature can be created without PIN verification ● eID Card Authentication allows for detection of a cloned eID card ● eID Card Authentication signature cannot be verified due to missing corresponding public key. ● National Registry needs to make the public key available as an eID file ● Would prevent identity fraude 22
eID Authentication authentication IdP ● Authentication: can you prove who you IAM eID IdP are? ● Using the eID SSL eID Applet authentication key tokend CSP PKCS#11 minidriver pinpad PC/SC CCID reader eID PKCS#1 23
Entity Authentication ● Entity authentication is the process whereby one party is assured of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired) ● Formal definition (A authenticated B if): ● Alice A, Bob B ● A believes freshness challenge_A ● A believes (B recently said challenge_A) ● Authentication vs. Session Key Establishment ● How to achieve this using an eID card? 24
eID Authentication ● Authentication Private Key (1024 bit RSA) ● PKCS1-RSA ● PIN authorization for Authn Key usage ● Card caches the authn PIN authorizations ● Log-off instruction to reset PIN authorization ● Creation of a signature: ● Set APDU: select the key. 0x82 = authn key ● Prepare DigestInfo PKCS1 DER sequence ● Verify PIN APDU: (PIN BCD encoded) ● Compute Digital Signature APDU ● Retrieve signature data ● eID can only sign (RSA decryption of DigestInfo) 25
Authentication Protocol ● eID authentication by itself is useless ● Remote Entities, e.g. web application context. ● We need an Authentication Protocol ● Different Authentication Protocols are possible ● Each Entity Authentication Protocol yields its own cryptographic goals. ● Of course Entity Authentication ● Session key via combined Key Agreement (SSL) ● DO NOT TRY TO INVENT YOUR OWN PROTOCOL! ● Needham-Schroeder protocol: replay attack ● Creativity is great for non-critical applications, like music. 26
Candidate Protocols ● Mutual SSL ● Browser initiated SSL handshake ● Relies on eID PIN authorization caching feature ● Tunneled Entity Authentication ● Uses unilateral SSL to authenticate the server ● Based on ISO/IEC 9798-3 Authentication SASL Mechanism (RFC 3163) ● Cryptographic channel binding to secure the channel (RFC 5056) ● Requires an eID Applet (or browser extension) ● Explicit eID card management possible ● Sequential eID card access possible 27
Unilateral SSL Alice Bob HelloClient(ciphers,Ra) HelloServer(cipher,Rb) Ra: random by A Rb: random by B Certificate(cert chain) Kb+: public key of B Validate cert ServerHelloDone pre_master_secret: chain random by A ClientKeyExchange PRF: pseudo-random {pre_master_secret}Kb+ function ChangeCipherSpec ClientFinish (encrypted) PRF(master_secret,handshake_msgs) Entity Authentication ●A believes freshness Ra ●A believes B recently said Ra ChangeCipherSpec ServerFinish (encrypted) PRF(master_secret,handshake_msgs) master_secret=PRF(pre_master_secret, Ra, Rb) session_key=F(master_secret) 28
SSL Features ● Resuming a TLS connection ● HelloClient(session_id) ● Reusing the same master_secret ● Reduces load due to a full TLS handshake ● Renegotiating the SSL handshake ● Over an already established SSL connection ● Useful when client authentication is required ● Both client and server can initiate a renegotiation ● Not all SSL stacks support this (Java does not) ● Security flaws in implementations 29
Mutual SSL via eID Alice Bob HelloClient(ciphers,Ra) Ra: random by A HelloServer(cipher,Rb) Rb: random by B Certificate(cert chain) Kb+: public key of B CertificateRequest,ServerHelloDone pre_master_secret: random by A Certificate(cert chain) Ka-: private key of A ClientKeyExchange PRF: pseudo-random function {pre_master_secret}Kb+ CertificateVerify Entity Authentication sign_Ka-(handshake_msgs) ●A believes freshness Ra ●A believes (B recently said ChangeCipherSpec Ra) ●B believes freshness Rb ClientFinish (encrypted) ●B believes (A recently said PRF(master_secret,handshake_msgs) Rb) ChangeCipherSpec ServerFinish (encrypted) PRF(master_secret,handshake_msgs) 30
eID SSL Authentication ● So we need two SSL terminations: ● One for unilateral SSL ● One for the mutual SSL using eID ● Requires 2 IP addresses (+ DNS names), or at least 2 different ports. SSL Terminator Application Internet firewall Server eID SSL Terminator ● Problem: how to properly link the SSL sessions? ● If same IP address, via session cookies ● If different IP address, via signed SAML tickets 31
eID SSL Authentication ● How about session life cycles? ● The Application Server cannot inform SSL to terminate that easily... A B Unilaternal SSL eID Login Magical SSL Session Linking Mutual SSL Handshake What if the web eID Show profile, payments application wants to sign Server a contract with eID of SSL SSL Logout citizen C??? eID index.html PIN authz eID Login caching eID SSL session still alive!!! Show profile Short SSL sessions? :) 32
eID SSL Authentication Demo
Tunneled Entity Authn Alice Bob A trusts B Unilateral SSL At this point B still doubts A Challenge sign_Ka-(Ra,challenge), Ra, cert A What can B believe at this point? ● ISO/IEC 9798-3 Authentication SASL Mechanism ● RFC 3163 ● Unilateral client authentication: server already authenticated via unilateral SSL connection ● Did we achieve the same effect as mutual SSL? ● What if challenge actually is SHA1(contract)? ● B can abuse A's challenge signature. 34
eID Tunneled Entity Authentication Demo
MITM attack on SASL Alice Mallory Bob Unilateral SSL Unilateral SSL Challenge Challenge sign_Ka-(Ra,challenge), Ra, cert A sign_Ka-(Ra,challenge),Ra,cert A ● Mallory can abuse the authentication token of Alice ● Why is this going wrong? ● SSL: sign_Ka-(handshake_msgs) so the signature digests parts of the secure channel's “identity” ● SASL: sign_Ka-(Ra,challenge) does not digest any part of the secure channel's “identity”. 36
Secure Channel Binding Alice Bob Unilateral SSL Challenge SSL context Sign_Ka-(Ra,challenge,channel_binding), Ra, cert A ● RFC 5056: cryptographic binding ● channel_binding = ● Hostname B (nice try) ● Inet address B (nice try) ● SSL certificate B (OK) ● SHA1(master_key) (even better) ● A channel binding should really digest part of the channel's “identity”. Alice's SSL stack must support this. 37
Secure Channel Binding Demo
eID Applet Signatures client server Browser PKCS1-RSA eID Applet Signature eID Applet Service SPI XML Signature Service eID ODF Signature OOXML Signature Service Service OpenOffice XAdES Office 2007 39
eID Applet Signature Demo
Examples of Bad Implementations
Examples of bad implementations ● Identification is not authentication ● Unsecure trust in a third party ● After successful authentication abuse HTTP ● Web vulnerabilities in an eID site 42
Identification is not authentication ● Using a Java applet to retrieve first name and last name and use this for authentication => bad ● Without using HTTPS • Sniffing • MITM • XSRF 43
Unsecure trust in a third party ● Authentication occurs using a redirect or intercept by reverse proxy ● To forward credentials to web application, an insecure mechanism is used ● HTTP Header contains NRN: can be spoofed, hijacked 44
After successful authentication abuse HTTP ● Session cookie is used to maintain state ● Redirect to HTTP • Sniff cookie and spoof authentication 45
Web vulnerabilities in an eID site ● Cross-site-scripting to steal session cookie ● SQL Injection  ● XSRF ● Broken authorization 46
Questions?

Recommandé

PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI InteroperabilityConferencias FIST
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
OTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanOTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanTHANK Truong
 
PKI-In-A-Box
PKI-In-A-BoxPKI-In-A-Box
PKI-In-A-BoxChin Wan Lim
 
SmartCard Forum 2008 - Gemalto
SmartCard Forum 2008 - GemaltoSmartCard Forum 2008 - Gemalto
SmartCard Forum 2008 - GemaltoOKsystem
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
K binkowski metody_uwierzytelnienia_windows_7
K binkowski metody_uwierzytelnienia_windows_7K binkowski metody_uwierzytelnienia_windows_7
K binkowski metody_uwierzytelnienia_windows_7Krzysztof Binkowski
 
Presentation of Crypton Studio
Presentation of Crypton StudioPresentation of Crypton Studio
Presentation of Crypton StudioIgorUstinov6
 

Recommandé

PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI InteroperabilityConferencias FIST
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
OTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanOTP Solution - Mat khau su dung mot lan
OTP Solution - Mat khau su dung mot lanTHANK Truong
 
PKI-In-A-Box
PKI-In-A-BoxPKI-In-A-Box
PKI-In-A-BoxChin Wan Lim
 
SmartCard Forum 2008 - Gemalto
SmartCard Forum 2008 - GemaltoSmartCard Forum 2008 - Gemalto
SmartCard Forum 2008 - GemaltoOKsystem
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
K binkowski metody_uwierzytelnienia_windows_7
K binkowski metody_uwierzytelnienia_windows_7K binkowski metody_uwierzytelnienia_windows_7
K binkowski metody_uwierzytelnienia_windows_7Krzysztof Binkowski
 
Presentation of Crypton Studio
Presentation of Crypton StudioPresentation of Crypton Studio
Presentation of Crypton StudioIgorUstinov6
 
Flyer Letter Gen Vasco
Flyer Letter Gen VascoFlyer Letter Gen Vasco
Flyer Letter Gen VascoLeenVerleyen
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Sms passcode
Sms passcodeSms passcode
Sms passcodeTechMeetups
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Digital signature 3
Digital signature 3Digital signature 3
Digital signature 3Ankita Dave
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
DC Insight - Asset Tracking Solution Overview
DC Insight - Asset Tracking Solution OverviewDC Insight - Asset Tracking Solution Overview
DC Insight - Asset Tracking Solution Overviewleonardsiu
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOSylvain Maret
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
ICPC11b.ppt
ICPC11b.pptICPC11b.ppt
ICPC11b.pptPtidej Team
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Synacts
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Netwax Lab
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginNovell
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceMartijn Oostdijk
 

Contenu connexe

Tendances

Flyer Letter Gen Vasco
Flyer Letter Gen VascoFlyer Letter Gen Vasco
Flyer Letter Gen VascoLeenVerleyen
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Digital signature 3
Digital signature 3Digital signature 3
Digital signature 3Ankita Dave
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
DC Insight - Asset Tracking Solution Overview
DC Insight - Asset Tracking Solution OverviewDC Insight - Asset Tracking Solution Overview
DC Insight - Asset Tracking Solution Overviewleonardsiu
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOSylvain Maret
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Synacts
 

Tendances (18)

Flyer Letter Gen Vasco
Flyer Letter Gen VascoFlyer Letter Gen Vasco
Flyer Letter Gen Vasco
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
 
Sms passcode
Sms passcodeSms passcode
Sms passcode
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
 
Digital signature 3
Digital signature 3Digital signature 3
Digital signature 3
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
DC Insight - Asset Tracking Solution Overview
DC Insight - Asset Tracking Solution OverviewDC Insight - Asset Tracking Solution Overview
DC Insight - Asset Tracking Solution Overview
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSO
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
 
ICPC11b.ppt
ICPC11b.pptICPC11b.ppt
ICPC11b.ppt
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04
 

Similaire à The Belgian E Id Hacker Vs Developer

Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Netwax Lab
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginNovell
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceMartijn Oostdijk
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
APG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems LtdAPG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems LtdAdvanced Card Systems Ltd.
 
ACR88 product presentation by Advanced Card Systems Ltd.
ACR88 product presentation by Advanced Card Systems Ltd.ACR88 product presentation by Advanced Card Systems Ltd.
ACR88 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lectureynamoto
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionUlf Mattsson
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisZhi Guan
 
Brokerage 2007 presentation security
Brokerage 2007 presentation securityBrokerage 2007 presentation security
Brokerage 2007 presentation securityimec.archive
 
Smart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securitySmart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securityOKsystem
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM servicesYiannis Hatzopoulos
 
ACOS5 product presentation by Advanced Card Systems Ltd.
ACOS5 product presentation by Advanced Card Systems Ltd.ACOS5 product presentation by Advanced Card Systems Ltd.
ACOS5 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 

Similaire à The Belgian E Id Hacker Vs Developer (20)

Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open source
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
De mystifying pki
De mystifying pkiDe mystifying pki
De mystifying pki
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
 
APG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems LtdAPG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems Ltd
 
ACR88 product presentation by Advanced Card Systems Ltd.
ACR88 product presentation by Advanced Card Systems Ltd.ACR88 product presentation by Advanced Card Systems Ltd.
ACR88 product presentation by Advanced Card Systems Ltd.
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
An Online secure ePassport Protocol
An Online secure ePassport ProtocolAn Online secure ePassport Protocol
An Online secure ePassport Protocol
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
 
Session 1. e-ID_esign
Session 1. e-ID_esignSession 1. e-ID_esign
Session 1. e-ID_esign
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
 
Brokerage 2007 presentation security
Brokerage 2007 presentation securityBrokerage 2007 presentation security
Brokerage 2007 presentation security
 
Smart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant securitySmart Card and Strong Cryptography for instant security
Smart Card and Strong Cryptography for instant security
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
 
ACOS5 product presentation by Advanced Card Systems Ltd.
ACOS5 product presentation by Advanced Card Systems Ltd.ACOS5 product presentation by Advanced Card Systems Ltd.
ACOS5 product presentation by Advanced Card Systems Ltd.
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 

The Belgian E Id Hacker Vs Developer

  • 1. OWASP Belgium The OWASP Chapter Foundation http://www.owasp.org The Belgian e-ID: hacker vs developer  Erwin Geirnaert ZION SECURITY Frank Cornelis Fedict
  • 2. The OWASP Foundation http://www.owasp.org Agenda ● eID Card Introduction ● eID Card Integration ● Examples of bad implementations 2
  • 3. Who are we? •Frank: eID Architect at Fedict ●eID Middleware ● eID Applet ● eID Trust Service, jTrust, eID IdP, eID DSS •Erwin: whitehat hacker at ZION SECURITY
  • 5. eID in Belgium ● eID cards issued (16/01/2010) ● 8.220.456 citizen eID cards (full deployment) ● 511.774 foreigner eID cards ● 186.011 kids eID cards ● Technology ● RSA 1024 smart card ● QC with 5 year validity ● Involved major organizations: ● FedICT: Federal ICT – PKI, client software, SOA solutions ● National Registry – user database, card issuing 5
  • 6. eID Card Physical Structure Logical Structure eID Card APDU Crypto ROM Belgian eID Card JavaCard Applet (RSA) (operating system) JavaCard Virtual Machine EEPROM (file system) Basic Operating System CPU RAM Infineon Chip (SLE66CX322P) (memory) 6
  • 7. eID Card Content PKI Citizen Identity Data Authentication Photo PKCS1 RSA-SHA1 RSA key + Cert NRN Signatures Non-repudiation RSA key + Cert Identity File Identity File NRN Signature Root CA Certificate Address File Citizen CA Address File NRN Signature Certificate NRN Certificate PKCS#15 file structure 7
  • 8. eID Card Functionality ● Non-electronic functionality ● Visible Identification ● Visible Authentication via facial recognition and/or hand-written signature (a kind of challenge) ● Electronic functionality ● Identification: who are you? – Passive eID usage – Privacy sensitive ● Authentication: can you prove who you are? – Active challenging the eID card + eID user (2 factor) ● Digital Signing: non-repudiation signature – Prove of acknowledgment at a point in time 8
  • 9. eID PKI Topology GlobalSign CA Certificate RSA2048 Certificate Signatures Root CA Root CA same key according to Certificate Certificate PKCS1-RSA- RSA2048 RSA2048 SHA1 CRL NRN Certificate RSA2048 RSA2048 Citizen CA Gov CA Certificate Certificate OCSP Responder CRL CRL Authn/non-repud SSL Certificate Certificate RSA1024 RSA1024 9
  • 11. eID Card Interfacing ● Via APDU messages ● Application Protocol Data Unit ● Command: from the reader to the card ● Response: from the card to the reader ● Example: Creation of a signature ● Set APDU: select the key. 0x82 = authn key ● Prepare DigestInfo PKCS1 DER sequence ● Verify PIN APDU: (PIN BCD encoded) ● Compute Digital Signature APDU ● Retrieve signature data ● Doing the APDU interface is crazy 11
  • 13. eID Card Integration Web Application Important aspects when integrating: ●Ease of integration ●Secure usage of eID ●Platform independent solution: ● Windows ?????????????? ● Linux ● Mac OS X ●Multiple browser support: ● Firefox ● MS IE ● Safari ● Chrome eID Card ●Integration point abstraction level ●Idiot proof eID components 13
  • 14. eID Architecture authentication IdP SAML SAMLp WS-Federation OpenID eID IAM eID IdP Integration Points signatures XKMS identification SSL eID Applet trust PKI DSS display tokend CSP PKCS#11 OCSP CRL pinpad minidriver PC/SC CA TSA CCID reader PDF PKCS#7 eID ID ODF XMLDSig TSL NTP PKCS#15 PKCS#1 NR OOXML XAdES TSP 14
  • 15. eID Identification ● Identification: who are you? identification ● Readout of the eID Identity, eID Applet Address and Photo files. ● Server-side identity file parsing PC/SC ● Server-side integrity reader validation of all identity files eID ID is possible via NRN signature NR 15
  • 16. eID Applet ● Java 6 Web Browser eID Component ● Supports multiple web browsers: ● Firefox, Chrome, Internet Explorer, Safari ● Platform-independent: ● Windows, Linux, Mac OS X ● Interactive eID card handling ● Support for secure CCID pinpad readers ● Web developer friendly ● Open Source Software: GNU LGPL 3 ● http://code.google.com/p/eid-applet/ 16
  • 17. eID Applet Architecture Web Browser Servlet Web Container Web Page 1 eID Applet 3 eID Applet SPI 2 Service 4 5 3 HTTP Session Target Page Service Implementation 6 jTrust SPI design pattern is key to enabling eID Applet features 17
  • 18. eID Applet Identification identify-the-user.html <script src="https://www.java.com/js/deployJava.js"></script> <script> var attributes = { code :'be.fedict.eid.applet.Applet.class', archive :'eid-applet.jar', width :600, height :300 }; var parameters = { TargetPage :'identification-result-page.jsp', AppletService :'applet-service', }; var version = '1.6'; deployJava.runApplet(attributes, parameters, version); </script> identification-result-page.jsp <%@page import="be.fedict.eid.applet.service.Identity"%> <html> <body> <%=((Identity) session.getAttribute("eid.identity")).name%> </body> </html> <servlet> web.xml <servlet-name>AppletServiceServlet</servlet-name> <servlet-class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>AppletServiceServlet</servlet-name> <url-pattern>/applet-service</url-pattern> </servlet-mapping> 18
  • 20. eID Identity Integrity ● eID Applet reads the identity files and NRN signatures, posts to eID Applet Service ● Server-side verification of the NRN signatures over the identity, photo and address files by the eID Applet Service ● Verification of the NRN certificate chain via the IdentityIntegrityService SPI <servlet> <servlet-name>AppletIntegrityServiceServlet</servlet-name> <servlet-class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-class> <init-param> <param-name>IdentityIntegrityService</param-name> <param-value>/location/in/jndi/of/the/IdentityIntegrityServiceBean</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>AppletIntegrityServiceServlet</servlet-name> <url-pattern>/applet-service-integrity</url-pattern> </servlet-mapping> 20
  • 21. eID Identification Demo Integrity Validation
  • 22. eID Card Cloning ● eID has a 3th key pair: card authn key ● eID Card Authentication signature can be created without PIN verification ● eID Card Authentication allows for detection of a cloned eID card ● eID Card Authentication signature cannot be verified due to missing corresponding public key. ● National Registry needs to make the public key available as an eID file ● Would prevent identity fraude 22
  • 23. eID Authentication authentication IdP ● Authentication: can you prove who you IAM eID IdP are? ● Using the eID SSL eID Applet authentication key tokend CSP PKCS#11 minidriver pinpad PC/SC CCID reader eID PKCS#1 23
  • 24. Entity Authentication ● Entity authentication is the process whereby one party is assured of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired) ● Formal definition (A authenticated B if): ● Alice A, Bob B ● A believes freshness challenge_A ● A believes (B recently said challenge_A) ● Authentication vs. Session Key Establishment ● How to achieve this using an eID card? 24
  • 25. eID Authentication ● Authentication Private Key (1024 bit RSA) ● PKCS1-RSA ● PIN authorization for Authn Key usage ● Card caches the authn PIN authorizations ● Log-off instruction to reset PIN authorization ● Creation of a signature: ● Set APDU: select the key. 0x82 = authn key ● Prepare DigestInfo PKCS1 DER sequence ● Verify PIN APDU: (PIN BCD encoded) ● Compute Digital Signature APDU ● Retrieve signature data ● eID can only sign (RSA decryption of DigestInfo) 25
  • 26. Authentication Protocol ● eID authentication by itself is useless ● Remote Entities, e.g. web application context. ● We need an Authentication Protocol ● Different Authentication Protocols are possible ● Each Entity Authentication Protocol yields its own cryptographic goals. ● Of course Entity Authentication ● Session key via combined Key Agreement (SSL) ● DO NOT TRY TO INVENT YOUR OWN PROTOCOL! ● Needham-Schroeder protocol: replay attack ● Creativity is great for non-critical applications, like music. 26
  • 27. Candidate Protocols ● Mutual SSL ● Browser initiated SSL handshake ● Relies on eID PIN authorization caching feature ● Tunneled Entity Authentication ● Uses unilateral SSL to authenticate the server ● Based on ISO/IEC 9798-3 Authentication SASL Mechanism (RFC 3163) ● Cryptographic channel binding to secure the channel (RFC 5056) ● Requires an eID Applet (or browser extension) ● Explicit eID card management possible ● Sequential eID card access possible 27
  • 28. Unilateral SSL Alice Bob HelloClient(ciphers,Ra) HelloServer(cipher,Rb) Ra: random by A Rb: random by B Certificate(cert chain) Kb+: public key of B Validate cert ServerHelloDone pre_master_secret: chain random by A ClientKeyExchange PRF: pseudo-random {pre_master_secret}Kb+ function ChangeCipherSpec ClientFinish (encrypted) PRF(master_secret,handshake_msgs) Entity Authentication ●A believes freshness Ra ●A believes B recently said Ra ChangeCipherSpec ServerFinish (encrypted) PRF(master_secret,handshake_msgs) master_secret=PRF(pre_master_secret, Ra, Rb) session_key=F(master_secret) 28
  • 29. SSL Features ● Resuming a TLS connection ● HelloClient(session_id) ● Reusing the same master_secret ● Reduces load due to a full TLS handshake ● Renegotiating the SSL handshake ● Over an already established SSL connection ● Useful when client authentication is required ● Both client and server can initiate a renegotiation ● Not all SSL stacks support this (Java does not) ● Security flaws in implementations 29
  • 30. Mutual SSL via eID Alice Bob HelloClient(ciphers,Ra) Ra: random by A HelloServer(cipher,Rb) Rb: random by B Certificate(cert chain) Kb+: public key of B CertificateRequest,ServerHelloDone pre_master_secret: random by A Certificate(cert chain) Ka-: private key of A ClientKeyExchange PRF: pseudo-random function {pre_master_secret}Kb+ CertificateVerify Entity Authentication sign_Ka-(handshake_msgs) ●A believes freshness Ra ●A believes (B recently said ChangeCipherSpec Ra) ●B believes freshness Rb ClientFinish (encrypted) ●B believes (A recently said PRF(master_secret,handshake_msgs) Rb) ChangeCipherSpec ServerFinish (encrypted) PRF(master_secret,handshake_msgs) 30
  • 31. eID SSL Authentication ● So we need two SSL terminations: ● One for unilateral SSL ● One for the mutual SSL using eID ● Requires 2 IP addresses (+ DNS names), or at least 2 different ports. SSL Terminator Application Internet firewall Server eID SSL Terminator ● Problem: how to properly link the SSL sessions? ● If same IP address, via session cookies ● If different IP address, via signed SAML tickets 31
  • 32. eID SSL Authentication ● How about session life cycles? ● The Application Server cannot inform SSL to terminate that easily... A B Unilaternal SSL eID Login Magical SSL Session Linking Mutual SSL Handshake What if the web eID Show profile, payments application wants to sign Server a contract with eID of SSL SSL Logout citizen C??? eID index.html PIN authz eID Login caching eID SSL session still alive!!! Show profile Short SSL sessions? :) 32
  • 34. Tunneled Entity Authn Alice Bob A trusts B Unilateral SSL At this point B still doubts A Challenge sign_Ka-(Ra,challenge), Ra, cert A What can B believe at this point? ● ISO/IEC 9798-3 Authentication SASL Mechanism ● RFC 3163 ● Unilateral client authentication: server already authenticated via unilateral SSL connection ● Did we achieve the same effect as mutual SSL? ● What if challenge actually is SHA1(contract)? ● B can abuse A's challenge signature. 34
  • 35. eID Tunneled Entity Authentication Demo
  • 36. MITM attack on SASL Alice Mallory Bob Unilateral SSL Unilateral SSL Challenge Challenge sign_Ka-(Ra,challenge), Ra, cert A sign_Ka-(Ra,challenge),Ra,cert A ● Mallory can abuse the authentication token of Alice ● Why is this going wrong? ● SSL: sign_Ka-(handshake_msgs) so the signature digests parts of the secure channel's “identity” ● SASL: sign_Ka-(Ra,challenge) does not digest any part of the secure channel's “identity”. 36
  • 37. Secure Channel Binding Alice Bob Unilateral SSL Challenge SSL context Sign_Ka-(Ra,challenge,channel_binding), Ra, cert A ● RFC 5056: cryptographic binding ● channel_binding = ● Hostname B (nice try) ● Inet address B (nice try) ● SSL certificate B (OK) ● SHA1(master_key) (even better) ● A channel binding should really digest part of the channel's “identity”. Alice's SSL stack must support this. 37
  • 38. Secure Channel Binding Demo
  • 39. eID Applet Signatures client server Browser PKCS1-RSA eID Applet Signature eID Applet Service SPI XML Signature Service eID ODF Signature OOXML Signature Service Service OpenOffice XAdES Office 2007 39
  • 42. Examples of bad implementations ● Identification is not authentication ● Unsecure trust in a third party ● After successful authentication abuse HTTP ● Web vulnerabilities in an eID site 42
  • 43. Identification is not authentication ● Using a Java applet to retrieve first name and last name and use this for authentication => bad ● Without using HTTPS • Sniffing • MITM • XSRF 43
  • 44. Unsecure trust in a third party ● Authentication occurs using a redirect or intercept by reverse proxy ● To forward credentials to web application, an insecure mechanism is used ● HTTP Header contains NRN: can be spoofed, hijacked 44
  • 45. After successful authentication abuse HTTP ● Session cookie is used to maintain state ● Redirect to HTTP • Sniff cookie and spoof authentication 45
  • 46. Web vulnerabilities in an eID site ● Cross-site-scripting to steal session cookie ● SQL Injection  ● XSRF ● Broken authorization 46