johannes schm lz
play

Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch - PowerPoint PPT Presentation

Mar 26, 2024 •171 likes •532 views

Trusted identities for the cloud using open source technologies where Open eCard App meets SkIDentity Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch Berlin, 23.5.2012 Agenda Introduction Identity Management

  1. Trusted identities for the cloud using open source technologies where Open eCard App meets SkIDentity Johannes Schmölz } Tobias Wich Dr. Detlef Hühnlein Moritz Horsch Berlin, 23.5.2012

  2. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  3. Identities ● A „complete identity“ is the sum of all attributes of any entity ● A „digital identity“ ⊂ „complete identity“ ● Or „partial identity“ ● An Identity Management is a system responsible for the attributes of identities ● It creates assertions for partial identities

  4. (Site-)Local IdM Systems ● IdP (Identity Provider) and SP (Service Provider) belong to the same realm ● Not possible to use identity outside realm ● Examples ● /etc/shadow ● Database (SQL/LDAP) ● ...

  5. Federated IdM Systems ● IdP and SP have a trust relationship ● IdP creates assertion of a users identity ● SP can validate and use an assertion ● Examples ● Kerberos ● SAML ● OpenID ● OAuth ● ...

  6. Federated Architecture Identity Provider Client Service Provider

  7. Status Quo Identity Management ● Passwords are (still) standard ● When passwords are simple, then they are ● easy to use ● easy to carry around (knowledge) ● cheap ● Therefore : Identity theft is serious threat ● Phishing, XSS, Sony, … ● In fact even worse with SSO

  8. Authentication T okens to the rescue ● One-Time-Password (OTP) T oken ● Yubikey, Smartphone, ... ● Biometry ● can be strong, but must not be ● X509 is the poor mans smart-card ● Can be seen as hybrid (Possession of knowledge/data) ● But fights XSS, phishing (not all) and Sony ● smart-card + PIN (+ Certificates) ● Cards vary greatly with regard to security

  9. So why is nobody using it? ● Hardware-T okens often use different Protocols ● Few client applications are ready for use with Smart-Card X ● Locked out when token is lost/defect ● Hardware has a price ● High security too

  10. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  11. eCard-API-Framework „The objective of the eCard-API-Framework is the provision of a simple and homogeneous interface to enable standardised use of the various smart cards (eCards) for different applications.“ In other Words: Network transparent abstractions of smart- cards with XML and SOAP .

  12. eCard-API Architecture

  13. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  14. Identity + Cloud = SkIDentity

  15. Who is SkIDentity?

  16. Goals of SkIDentity ● Create infrastructure with all components ● Cloud Connector ● Multi Protocol IdP ● eID-Server backends ● Client Application for arbitrary HW-T okens ● Make infrastructure easy to use (for SP) ● Combine multiple identities/providers ● Make it easy enough for users to use and accept HW-T okens

  17. Architecture eID-Server OTP-Server eID-Broker eID-Client Browser CC Service Provider

  18. How could it look like?

  19. What happens next? ● T oken selection ● T o be continued ...

  20. Benefits ● Supports multiple protocols → When e.g. OAuth is integrated, the SP can switch the IdP, or support multiple IdPs ● More tokens supported by enabling the appropriate backend and add a CardInfo file ● Much easier to integrate than n eID-Servers ● Anonymous identities with Site-specific Pseudonyms

  21. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  22. Existing eCard Clients

  23. What is the problem? ● None has publicly available source ● All free (beer) clients are limited to nPA ● No client has real CardInfo support ● eCard-API is still changing, new features get adopted quite slowly ● Clients in general not non-Web-SSO ready ● Ports to other platforms ● Clients only support Auth and Sign ● ...

  24. Open eCard App - The Facts! ● Dual license (GPLv3 or proprietary) ● Heavily modularized to support pluggable architecture ● Multiple application bundles ● Leightweight design ● Extensible ● Protocols ● Frontend interface (binding) ● Builtin protocol endpoints ● User Consent GUI

  25. T echnical Basis ● Libraries ● Clients in the first release ● Java integrated ● Rich Client for – JAXB, SmartcardIO, Desktops Android NFC, ... ● Bouncycastle ● Applet ● slf4j ● Android

  26. High-Level Design

  27. User Consent Screenshots

  28. User Consent Screenshots

  29. User Consent Screenshots

  30. PIN-entry from IFD

  31. Current Status and Roadmap ● Complete Features ● Dispatcher, Recognition and Event Engine, GUI ● Almost Complete Features ● IFD, SAL, CardInfo support ● Milestone 1.0.0-pre1 ● Feature development of EAC and TLS protocols ● Milestone 1.0.0-pre2 ● Documentation and T esting ● Release 1.0.0 ● Finish Rich Client, Applet and Android app

  32. Participate ● Source will be on GitHub ● What can you do? ● Explore the code and find bugs ● Activation Request Dispatcher ● PKCS12 module ● Nice Qt/GTK GUI ● smart-card Inspector ● … or become part of our team and work on the beefy stuff

  33. Agenda  Introduction  Identity Management  eCard-API-Framework  SkIDentity  Open eCard App  Summary

  34. Summary ● Using Hardware-T okens ● prevents most common attacks ● increases privacy ● With a free OSS App, anybody can ● find and report bugs ● create custom applications ● SkIDentity + Open eCard App ● makes strong identities usable

  35. Thank you for your kind attention!

Recommend

Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar ,

Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar ,

9/14/18 Swiss Startup Day 25 Septem ber 2018 - Bern Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar , Partner remo.schmid@ch.pwc.com karim.maizar@kellerhals-carrrard.ch +41 58 792 46 08 +41 58 200

520 views • 36 slides
BTRG Offerings Doug Schm idt Solutions Architect The Business & Technology Resource Group

BTRG Offerings Doug Schm idt Solutions Architect The Business & Technology Resource Group

BTRG Offerings Doug Schm idt Solutions Architect The Business & Technology Resource Group (BTRG) Proprietary & Confidential A com prehensive 1 w eek pre-upgrade assessm ent for organizations considering the latest version of PeopleSoft.

696 views • 30 slides
Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm

Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm

Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm hmid id, Anja Feldmann November, 2012 Optimizing Long-Lived CloudNets with Migrations Gregor Schaffrath, St Stefa fan n Sc Schm hmid id, Anja

426 views • 30 slides
Creating accessible fixed layout EPUB3 for schools and colleges Dr Gerald Schm idt Pearson

Creating accessible fixed layout EPUB3 for schools and colleges Dr Gerald Schm idt Pearson

Creating accessible fixed layout EPUB3 for schools and colleges Dr Gerald Schm idt Pearson Schools and Colleges, UK Com plexity cancels accessibility as w ell as ubiquity Over the past year and a half, we have dropped a range of

483 views • 20 slides
CIS 330: Applied Database Systems Lecture 8: SQL Johannes Gehrke johannes@cs.cornell.edu

CIS 330: Applied Database Systems Lecture 8: SQL Johannes Gehrke johannes@cs.cornell.edu

CIS 330: Applied Database Systems Lecture 8: SQL Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Logistics Get a CD while you can DeZign for Databases The SQL Query Language Developed by IBM (system

898 views • 26 slides
PHP 5.3 Johannes Schlter PHP Roadmap Johannes Schlter 2 PHP 4 Photo: Patricia Hecht

PHP 5.3 Johannes Schlter PHP Roadmap Johannes Schlter 2 PHP 4 Photo: Patricia Hecht

PHP 5.3 Johannes Schlter PHP Roadmap Johannes Schlter 2 PHP 4 Photo: Patricia Hecht Johannes Schlter 3 PHP 5.2 Photo: Gabriele Kantel Johannes Schlter 4 PHP 5.3 Photo: Jamie Sanford Johannes Schlter 5 PHP 6 Photo: G4Glenno

1.11k views • 70 slides
CS330 September 14 and 16, 2005 Enterprise Architectures Johannes Gehrke

CS330 September 14 and 16, 2005 Enterprise Architectures Johannes Gehrke

CS330 September 14 and 16, 2005 Enterprise Architectures Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes (Some of the slides are courtesy of Gustavo Alonso, Fabio Casati, Harumi Kuno, Vijay Machiraju and Ethan

597 views • 26 slides
Three subject asymmetries in Limbum Johannes Hein johannes.hein@uni-potsdam.de ACAL 50

Three subject asymmetries in Limbum Johannes Hein johannes.hein@uni-potsdam.de ACAL 50

Three subject asymmetries in Limbum Johannes Hein johannes.hein@uni-potsdam.de ACAL 50 Vancouver, 2225 May 2019 Funded by the Deutsche Forschungsgemeinschaf (DFG), Collaborative Research Centre SFB 1287, Project C05. J. Hein Subject

540 views • 52 slides
Enterprise Data Analysis and Design Lecture 2: Enterprise Architectures Johannes Gehrke

Enterprise Data Analysis and Design Lecture 2: Enterprise Architectures Johannes Gehrke

Enterprise Data Analysis and Design Lecture 2: Enterprise Architectures Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes (Some of the slides are courtesy of Gustavo Alonso, Fabio Casati, Harumi Kuno, and Vijay

549 views • 23 slides
Urgency Based Scheduler IEEE802.1 Motion Preparation Johannes Specht johannes.specht AT

Urgency Based Scheduler IEEE802.1 Motion Preparation Johannes Specht johannes.specht AT

Urgency Based Scheduler IEEE802.1 Motion Preparation Johannes Specht johannes.specht AT uni-due.de Univ. of Duisburg-Essen Soheil Samii soheil.samii AT gm.com General Motors IEEE 802 November 2015 Plenary, Dallas 1 Purpose of this Slide Set

346 views • 6 slides
Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Dynamic IPv6 Prefix Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes Weber Network Security Consultant @ TV Rheinland i-sec GmbH Firewall VPN/Crypto Routing/Switching Mail

453 views • 30 slides
Relational Algebra and SQL Johannes Gehrke johannes@cs.cornell.edu

Relational Algebra and SQL Johannes Gehrke johannes@cs.cornell.edu

Relational Algebra and SQL Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Slides from Database Management Systems, 3 rd Edition, Ramakrishnan and Gehrke. Database Management Systems, R. Ramakrishnan and J. Gehrke 1

835 views • 57 slides
CIS 330: Applied Database Systems Lecture 25: XML Schema and XQuery Johannes Gehrke

CIS 330: Applied Database Systems Lecture 25: XML Schema and XQuery Johannes Gehrke

CIS 330: Applied Database Systems Lecture 25: XML Schema and XQuery Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Some slides courtesy of Dan Suciu. Lecture Overview Two topics today: XML Schema

377 views • 17 slides
Enterprise Data Analysis and Design Lecture 1: Introduction to Database Technology Johannes

Enterprise Data Analysis and Design Lecture 1: Introduction to Database Technology Johannes

Enterprise Data Analysis and Design Lecture 1: Introduction to Database Technology Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Course Goals Architectures of modern enterprise information systems

416 views • 23 slides
Q Questions to an expert ti t t Problems related to drying of hardwood Johannes Welling

Q Questions to an expert ti t t Problems related to drying of hardwood Johannes Welling

Q Questions to an expert ti t t Problems related to drying of hardwood Johannes Welling Johannes Welling EDG Seminar in Bled 2009 Johannes Welling Table of content Introduction Why is drying of hardwood so difficult?

314 views • 18 slides
Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife Sciences, Georg-August-Universitt Gttingen Movebank Workshop SCENE 2019-05-02 Johannes Signer ( jsigner@gwdg.de, signer_j, jmsigner) 1/18

338 views • 33 slides
COMPOSER IN DRUPAL WORLD Johannes Haseitl - @derhasi ME Johannes Haseitl @derhasi everywhere

COMPOSER IN DRUPAL WORLD Johannes Haseitl - @derhasi ME Johannes Haseitl @derhasi everywhere

#drupaldevdays / Composer in Drupal World / @derhasi COMPOSER IN DRUPAL WORLD Johannes Haseitl - @derhasi ME Johannes Haseitl @derhasi everywhere Maintainer of Master Search API Override , , ... CEO of undpaul GmbH WHAT IS

820 views • 42 slides
Why Germanic VP-topicalization does not induce verb doubling Johannes Hein

Why Germanic VP-topicalization does not induce verb doubling Johannes Hein

Why Germanic VP-topicalization does not induce verb doubling Johannes Hein johannes.hein@uni-potsdam.de University of Potsdam CGSW 32 Trondheim, 1315 September 2017 Partly funded by the Deutsche Forschungsgemeinschaf (DFG), Collaborative

751 views • 63 slides
CIS 330: Applied Database Systems Lecture 1: Introduction Johannes Gehrke

CIS 330: Applied Database Systems Lecture 1: Introduction Johannes Gehrke

CIS 330: Applied Database Systems Lecture 1: Introduction Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Course Goals Understand the functionality of modern database systems Understand where database

385 views • 21 slides
Introduction to Database Systems CS4320/CS5320 Instructor: Johannes Gehrke

Introduction to Database Systems CS4320/CS5320 Instructor: Johannes Gehrke

Introduction to Database Systems CS4320/CS5320 Instructor: Johannes Gehrke http://www.cs.cornell.edu/johannes johannes@cs.cornell.edu CS4320/CS5320, Fall 2012 1 CS4320/4321: Introduction to Database Systems Three main topics:

528 views • 14 slides
INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke

INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke

INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Introduction to DB Security Secrecy: Users should not be able to see things they are not

271 views • 8 slides
New PHP Exploitation Techniques Johannes Dahse, PHP.RUHR 2018 Dortmund, Germany, 08.11.2018

New PHP Exploitation Techniques Johannes Dahse, PHP.RUHR 2018 Dortmund, Germany, 08.11.2018

New PHP Exploitation Techniques Johannes Dahse, PHP.RUHR 2018 Dortmund, Germany, 08.11.2018 Intro Johannes Dahse Capture The Flag, 5 years Security Consultant, 5 years Developer RIPS open source (2009-2013) Ph.D. Static Code Analysis @

856 views • 36 slides
} m 6 = 0 F 1 , F 2 in large N c limit in SU ( N c ) at 4 - loop F 1 m = 0 [Henn, Smirnov,

} m 6 = 0 F 1 , F 2 in large N c limit in SU ( N c ) at 4 - loop F 1 m = 0 [Henn, Smirnov,

H IGH E NERGY B EHA VIOUR OF F ORM F ACTORS Taushif Ahmed Johannes Gutenberg University Mainz Germany Skype Seminar IIT Hyderabad May 10, 2018 With Johannes Henn & Matthias Steinhauser Ref: JHEP 1706 (2017) 125 G OAL & M OTIV ATION

337 views • 20 slides
Johannes Meyer-Bohe Louis Taubert Skateboarding as a medium to foster cross border cooperation

Johannes Meyer-Bohe Louis Taubert Skateboarding as a medium to foster cross border cooperation

Johannes Meyer-Bohe Louis Taubert Skateboarding as a medium to foster cross border cooperation The Pigeon Plan e.V. Structure Introduction Literature Review Roots in South Africa Regional Level Refugee Home Kiel (Johannes)

717 views • 26 slides

More recommend