Integrating the Belgian e-ID into Android - Gauthier Van Damme - droidcon.be 2011
-
Upload
tcs-digital-world -
Category
Technology
-
view
1.458 -
download
1
Transcript of Integrating the Belgian e-ID into Android - Gauthier Van Damme - droidcon.be 2011
Integrating the Belgian e-ID into Android
Gauthier Van Damme Karel Wouters Danny De CockDries Schellekens
Katholieke Universiteit LeuvenESAT/SCD/IBBT-COSIC
Droidcon, 2011
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 1 / 14
Outline
1 The Belgian e-ID cardThe Belgian e-ID cardThe open source Belgian e-ID card
2 Building a secure application on AndroidSecure Elements in Mobile PhonesWorking with Secure Elements in Android
3 Belgian e-ID for AndroidBelgian e-ID for AndroidOpportunities & pittfalls for mobile e-ID
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 2 / 14
Outline
1 The Belgian e-ID cardThe Belgian e-ID cardThe open source Belgian e-ID card
2 Building a secure application on AndroidSecure Elements in Mobile PhonesWorking with Secure Elements in Android
3 Belgian e-ID for AndroidBelgian e-ID for AndroidOpportunities & pittfalls for mobile e-ID
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 3 / 14
The Belgian e-ID card
March 31st, 2003: �rst Belgian e-ID cards issued
Today: almost 10 million cards active
Printed information provide for normal citizen identi�cation
Java Card application for secure data & key storage:I PKI based on X.509 v3 certi�catesI Two key pairs per citizen are de�ned inside this PKI
F Authentication key pair for client authenticationF Non-Repudiation key pair for �le signature
I Key usage is PIN protected
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 4 / 14
The e-ID Quick Key Toolset
Belgian e-ID application is closed source and rigid ⇒Open Source version developed for innovation & security purposes
Can be written on any Java Card
Enables creation of e-ID clones
Cryptographic keys of course di�erent
See: http://code.google.com/p/eid-quick-key-toolset/
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 5 / 14
Outline
1 The Belgian e-ID cardThe Belgian e-ID cardThe open source Belgian e-ID card
2 Building a secure application on AndroidSecure Elements in Mobile PhonesWorking with Secure Elements in Android
3 Belgian e-ID for AndroidBelgian e-ID for AndroidOpportunities & pittfalls for mobile e-ID
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 6 / 14
Secure Elements in Mobile Phones
Mid-1990s: idea of Secure Element (SE) accessible by mobile phoneapplications→ Securely store data and keys
Mostly Java Cards as compatible platform
Applications managed by one entity
3 Secure Element versions found today:I In SIM, controlled by MNOI Embedded in phone, controlled by OEMI On microSD card, controlled by card distributor
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 7 / 14
Java Card 2.2.x as Secure Element
Compliant to the ISO 7816 standard:I Communication done through APDUsI Prede�ned �le types & structureI De�nes an extensible set of card commands
Primitive subset of the Java environment:I Data types: boolean, short, string, arraysI Packages, classes, interfaces, and exceptionsI Dedicated libraries for cryptographic operationsI No garbage collectionI No multithreading
Class �les converted to `cap' �les, loaded on Java Card→ According to Global Platform speci�cations for card management→ Each applet unique AID on card
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 8 / 14
Working with Java Cards in Android
1. Develop your Java Card applet & load it into the SEI Load it into your SE using program of your choice (e.g. GPShell)I It will respond to APDUs coming from your mobile phoneI e.g. Verify PIN, Sign Data, Encrypt Data, etc.
2. Have a smart card driver installed on the phone
3. Develop your android applicationI Need library to access driverI Have a SmartCardClient to initialise a smart card connection
I Initialise your SmartCardClient
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 9 / 14
Working with Java Cards in Android (2)
I Connect to your application on the smart cardI Start communicating with your application
I Don't forget to clean up smart card connection
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 10 / 14
Outline
1 The Belgian e-ID cardThe Belgian e-ID cardThe open source Belgian e-ID card
2 Building a secure application on AndroidSecure Elements in Mobile PhonesWorking with Secure Elements in Android
3 Belgian e-ID for AndroidBelgian e-ID for AndroidOpportunities & pittfalls for mobile e-ID
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 11 / 14
Belgian e-ID for Android
Used Giesecke & Devrient secure microSD card as Java Card
Used open source Smart Card driver & library
Source code & further info found at:http://code.google.com/p/seek-for-android/
Contains:I Full e-ID clone on microSD cardI Read functionalitiesI Data & �le signingI Data loading and veri�ctation
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 12 / 14
Opportunities & pittfalls for mobile e-ID
Authenticated cryptographic primitives & ID could enable:
+ Signing documents & mails easily & everywhere
+ Secure authentication to web and other servers
+ Visual citizen identi�cation: visual/NFC/...
+ Direct picture or video watermarking
+ Setting up encrypted communication channels (e.g. in VoIP)
Unfortunately:
- No visual security measures can be implemented
- In case of malware on phone: security & card blocking risk→ `Always-on' connection!
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 13 / 14
Future Work
Current & Future work:
Extend e-ID for anonymous petition signing on mobile phone
Use e-ID in mobile banking application
Questions?
Acknowledgment:
Giesecke & Devrient for their support
Belgian Government (FEDICT) for the close collaboration
ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 14 / 14