1. eID
the open source perspective
Martin Paljak
(maintainer of) OpenSC Project
www.opensc-project.org
2. Agenda
• Brief history of eID in Estonia
• History of OpenSC
• Why open source matters
• What’s up next for OpenSC ?
3. eID in Estonia
• Preparations from 1997, actions from
1999/2000 to issue PKI smart cards to every
citizen
• First cards issued in January 2002
• “Probably the best beer eID in the world”
• 1.1 Million cards, around 30% electronic users
• Problem: no client software procured by
government at first
4. eID software in Estonia
• Plan A: proprietary free (as beer) software
for Windows, created by the (commercial)
CA
• A-Team: creates necessary software as
open source (OpenSC, OpenSC.tokend,
installers etc)
• Plan B: (5 years later) government tender
to legalize (?) and re-use the open source
software (#1 failed, #2 failed, #3 ongoing...)
5. Happy 10th birthday,
OpenSC!
• Two Finns, Juha and Antti, wanted to write
an open source PKCS#11 driver for
FINeID (PKCS#15) cards
• 2001/2002 first posts on the opensc-devel
mailing list
• 0.4.0 released on 2001-12-29, contains a
single, read-only driver
6. OpenSC in 2011
• 0.12.1 released on 17.05.2011
• ~30 card drivers
• A reasonable PKCS#11 module
• Mac OS X integration (TokenD)
• Windows integration coming (MiniDriver)
• Binary installers (Windows, Mac OS X)
• Synthesized (non-PKCS#15) formats
• Card personalization support
7. 2001 to 2011
• Got interested around summer 2003
• Germans project: “Got ~2005, things to do ...”
leave the
took over in
better
Founding Finns
• Early adopter of understandingOpenSC
because “lack
Belgium ditches
from project”
• Basically announced “soon stagnated or dead, if
not already” by maintainer
• “MUSCLE” practically dead, except for pcsc-
lite+CCID
• Maintenance “back in Nordic” (Estonia) since
April 2010
8. Why OpenSC “won”?
• A. Driver framework to support different cards
• Compare: Linux; Evolution prefers heterogenous systems
• B. Thrive to integrate with the environment
• Apple is as good standard as Microsoft or RSA. % & $
• C. Dedication to core values
• Open source, open attitude, community-driven
• “If your work is stolen, it has value”
9. Why open source eID?
• PKI - I as Infrastructure
• 27 EU silos? Spanish Apache, “Spache”?
• Transparency
• eID affects almost everyone, trust in
system is required for adoption
10. Neat reasons
• eID often implemented as JavaCard applets
• +1 for first published on-card applet.
• “Fake eID applet” for badly written
library copy machines & “free” copying
• “What about my Commodore64 or Atari?”
• Or Android, embedded ARM, ... ?
11. Neat anti-reasons
• Open source makes attacks easier
• Re-using branding, planting malware
inside
• Closed source allows for more competition
from companies / possible technology
export
12. Trends
• First iteration often fails (technical or
political or licensing issues)
• SETEC ASTRONOMY fails
• Don’t let government become Sony
• Second round will be OSS anyway
• Help others avoid the first mistake
13. International
collaboration benefits
• Applications (Firefox, OpenSSH, XXXOffice
etc) all done elsewhere, by “foreigners”.
• OpenSC as the grassroots EU interest
body and lobby group of open source
software smart card support (Mozilla,
Apple etc)
• Smart cards and crypto a niche sector,
difficult to find motivated and competent
fresh blood.
• Homogeneous systems are doomed by
evolution and limited by kind.
14. IAS-ECC, STORK, ...
• US: PIV/CAC
• EU: IAS-ECC
• Standards are nice but real life matters
too
• Cross-border eID-enabledto test” (x27)
“Install Elbonian software
services:
• Grassroots collaboration andbetter services
interoperability could create
resulting
before policymakers.
• Reference implementation benefits
everyone
15. What lies ahead
• OpenSC is far from an optimal or perfect
solution
• Old cruft, missing driver authors, lack of
documentation, lack of courageous
decisions (“structural reforms”),
suboptimal design etc
• Still it seems to have properties other
projects don’t
16. OpenSC 0.12.2
• To be released on 2011.06.10
• Hopefully most of OpenDNIe code merged
• “driver framework” is important
• Bugfixes, cleanups, improvements
• Automated tests, fast build iterations,
infrastructure changes to support gradual
project reform
17. Future of OpenSC
• More cards, less drivers
• Commodity (infrastructure) vs expensive
gadget
• New algorithms (Elliptic Curves)
• Contactless world
• Beyond conventional PKI crypto
• COLLABORATION!