Raul Kaidro

 

Martin Paljak

 

Hillar Aarelaid

@[O meu nome é Spartacus Че́хов, raisk]

Tristeza e alegria na vida das girafas

de Tiago Rodrigues

 

"Tristeza e alegria na vida das girafas" é a história duma menina de 9 anos que atravessa a cidade de Lisboa em busca da única pessoa que pode ajudá-la: o primeiro ministro Pedro Passos Coelho.

negative moduli
on Estonian ID-card

 

"just estonishing"

 

 

RSA public key

 

For the purposes of this document, an RSA public key consists of two components:

n - the RSA modulus, a positive integer

e - the RSA public exponent, a positive integer

https://www.ietf.org/rfc/rfc3447.txt

 

ID-card is a mandatory identity document for citizens of Estonia. In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for giving one's digital signature. Within the European Union, an ID-card can be used by the citizens of Estonia as a travel document.

https://www.politsei.ee/en/teenused/isikut-toendavad-dokumendid/

https://en.wikipedia.org/wiki/Estonian_ID_card

https://www.riigiteataja.ee/en/eli/511042016001/consolide#para9b4

Identity Documents Act

 

The issuer of the document shall issue a certificate that enables digital identification and a certificate that enables digital signing that are entered in a document.

 

The certificate that enables digital identification and the certificate that enables digital signing are connected to the personal data of the holder of the certificate and are publicly verifiable through the personal identification code.

 

The issuer of a document may, on the basis of a contract, transfer the technological creation of the certificate that enables digital signing entered in a document, to a service provider competent therein.

January 28,  2002

The first ID-cards issued to citizens

October 2005

Estonia became the first country to offer Internet voting

March 2015

Parliamentary Elections, Internet voting accounted for 30,5 percent of the votes cast.

[2005,2006...2016]

 

98% of banking transactions are conducted via the internet

https://idcredit.olerex.ee

Olerexi eraisiku krediitkaart on ID-kaardi põhine kuumaksu- ja intressivaba maksevahend.

Кредитная карточка частного клиента Olerex – это базирующееся на использовании ID-карты платежное средство без ежемесячной платы и процентной ставки.

Credit card Olerex private customer - it is based on the use of the ID-card payment means no monthly fees and interest rates .

 

Today We Have

1 269 241 Active Cards

~700K Electronic Users

290 400 771 Digital Signatures

443 843 413 Strong Authentications

Statistics from http://id.ee

Steps to reproduce the problem:

1. Chrome 46

2. Estonian ID-card 3.5 version

3. Try to authenticate to web site

4. Authentication fails: certificate selection dialog is displayed but after that it fails without pin entry with error ERR_SSL_PROTOCOL_ERROR

https://bugs.chromium.org/p/chromium/issues/detail?id=532048

Sep 15, 2015

Aargh. Supporting incorrect encodings of things would likely mean bleeding this tolerance of broken things all the way into very low-level function RSAPublicKey parsing function. That's kind of ugly.

 

The other Estonian ID card bug was not in such a low-level function.

It is far from nice, indeed. Answers to your questions:

>Which Estonian ID cards are broken like this?

actually it is not a “broken card”, it is the certificate(s) on the card

>Is it all of them or just ones from a particular vendor or time period?

the ones issued from Sep 2014 till yesterday

>Are at least the new ones going forward functional?

yes

> What's the lifetime of one?

5 years

...

 

Work around broken Estonian smart cards. Again.

...

 

Sep 17, 2015

 

6 months seems like a realistic target.

Sep 22, 2015

https://bugs.chromium.org/p/chromium/issues/detail?id=534766

Steps to reproduce the problem:

1. Chrome 46

2. Estonian ID-card

3. Try to authenticate to web site

4. Authentication fails: certificate selection dialog is displayed but after that it fails without pin entry with error ERR_SSL_PROTOCOL_ERROR

5. Boringssl internal error is BAD_ENCODING.

...

 

Sorry TPMs, there's another one of these. :-( Apparently Estonian IDs managed to screw something else up too, so we have to work around this bug as well. And, of course, it was only reported the day after I'd already merged the other workaround.

shit hits the fan

 

http://www.ohtuleht.ee/696298/sajad-tuhanded-uued-kuid-vigased-id-kaardid-vajavad-parandust

 

http://tehnika.postimees.ee/3342861/eestis-on-kaibel-sadu-tuhandeid-tarkvaraveaga-id-kaarte

 

https://cybersec.ee/2015/09/25/hundred-thousand-id-card-certificates-issued-with-invalid-public-key-encoding/

 

 

+

#eResidency

 

(Country as a service: Estonia’s new model)

&

Sept 1, 2015

 

wrong user e-mail in certificate

 

https://sk.ee/uudised/neljal-tuhandel-dokumendil-tuleb-uuendada-eestiee-meiliaadressi/

Dec 8, 2000

 

https://github.com/openssl/openssl/blob/a7e974c7be90e2c9673e2ce6215a70f734eb8ad4/crypto/asn1/x_bignum.c#L66

 

/*
 Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a BIGNUM directly. Currently it ignores the sign which isn't a problem since all BIGNUMs used are non negative and anything that looks negative is normally due to an encoding error.
 */

 

 

Jul 10,  2012

 

https://joinup.ec.europa.eu/svn/mocca/trunk/smcc/src/main/java/at/gv/egiz/smcc/EstEIDCard.java

 

/*
This class implements support for EstEID card v1.0, v1.1 and v3.0. Note that signatures created with c3.0 cards cannot be verified by MOA-SP due to wrong encoding of the signer certificate (public key modulus is negative) 
*/

 

so we had:

shit in the fan

nearly half of a population 

and 6 months to fix

+ sha1 deprecation

 

bikeshedding

&

STEHAUFKREISEL

Constraints

We just can't afford to replace the cards

Remote Execution

Simple enough for a dumbuser to complete from home

Fail Safe

Resumable in every stage of the way

Fallback

For challenged cards and persons

Limitations

Technical

Two Generations

Gen2 updating/replacing certificates

Gen3 replacing everything

Secure Connection

GlobalPlatform

Using the middlware as the proxy

Updating Certificates

for Gen2 is easy; we've done it before, sort of ..

Replacing the Applet

on Gen3 - no one has done anything like this before
... in the real world

Challenges

Security

PIN Codes

We cannot extract the keys nor PINs
from the original applet

Personal Data Integrity

Everything on card will be replaced

Attack Models

What if I get a card with just PIN1?

Solution

A bit more technical

a) build a platform

b) build a point solution

Establish link​

https://github.com/martinpaljak/apdu4j

Talk to application

https://github.com/martinpaljak/esteidhacker

Global Platform

https://github.com/martinpaljak/GlobalPlatformPro

Sounds like Fun?

negative moduli

By Hillar Aarelaid

Made with Slides.com

negative moduli

  • 1,832

More from Hillar Aarelaid