STORK Work Item 3.2.5 Eid OSS Middleware

STORK Work Item 3.2.5 Eid OSS Middleware

STORK Work Item 3.2.5 eID OSS Middleware Status Final Author(s): M. Preliteiro (PT-MULTICERT), T. Zefferer (AT_TUG) Partner(s) contributing: AT-TUG, PT-MULTICERT Abstract: Within this work item, a minimal-footprint open source and open specification middleware approach has been developed, implemented, and analysed. Therefore, several relevant technologies have been investigated first in order to find a solution that satisfies the requirements of a minimal-footprint middleware approach. Based on the results of these investigations an appropriate middleware architecture has been developed that mainly relies on the Java Applet technology. In order to proof the functionality of the proposed architecture, a demonstrator has been implemented that follows the developed design. Finally, a security analysis of the implemented demonstrator has been carried out in order to evaluate the level of security that can be provided by the proposed middleware architecture. It turned out that the Java Applet based approach is capable to provide a comparable level of security as installation-based middleware solutions. Project funded by the European Community under the ICT Policy Support Programme Copyright by the STORK-eID Consortium Work Item 3.2.5: eID OSS Middleware 09 November 2009 Table of Contents ABBREVIATIONS .......................................................................................................................... 4 1 INTRODUCTION .................................................................................................................... 5 1.1 OBJECTIVES ............................................................................................................................ 5 1.2 DESCRIPTION OF WORK.......................................................................................................... 5 2 INVESTIGATION OF POSSIBLE MIDDLEWARE ARCHITECTURES ............................ 6 2.1 INTRODUCTION ....................................................................................................................... 6 2.2 INVESTIGATION OF RELEVANT TECHNOLOGIES ..................................................................... 6 2.2.1 TECHNOLOGIES OVERVIEW............................................................................................... 6 2.2.1.1 CRYPTOGRAPHIC SERVICE PROVIDERS (CSP) ........................................................ 6 2.2.1.2 CRYPTOGRAPHY API: NEXT GENERATION (CNG) ................................................. 7 2.2.1.3 PKCS#11 ................................................................................................................ 7 2.2.1.4 PC/SC ..................................................................................................................... 8 2.2.1.5 ACTIVEX ................................................................................................................. 9 2.2.1.6 JAVA APPLETS....................................................................................................... 10 2.2.1.7 JAVASCRIPT .......................................................................................................... 10 2.2.1.8 ADOBE FLASH ....................................................................................................... 11 2.2.1.9 MICROSOFT SILVERLIGHT..................................................................................... 12 2.2.1.10 .NET...................................................................................................................... 13 2.2.1.11 OPENSC ................................................................................................................ 14 2.2.2 COMPARISON OF COMPETING TECHNOLOGIES ............................................................... 14 2.2.2.1 SMART-CARD ABSTRACTION TECHNOLOGIES...................................................... 15 2.2.2.2 BROWSER-BASED TECHNOLOGIES ........................................................................ 15 2.2.3 TECHNOLOGICAL SYNERGIES AND ARCHITECTURAL SOLUTIONS .................................. 16 2.2.3.1 ACTIVEX AND CSP/CNG ...................................................................................... 16 2.2.3.2 ACTIVEX / JAVASCRIPT AND PKCS#11 ............................................................... 17 2.2.3.3 ACTIVEX/JAVASCRIPT AND OPENSC ................................................................... 18 2.2.3.4 ACTIVEX ............................................................................................................... 18 2.2.3.5 JAVA APPLET AND CSP/CNG ............................................................................... 18 2.2.3.6 JAVA APPLET AND PKCS#11 ................................................................................ 19 2.2.3.7 JAVA APPLET AND OPENSC .................................................................................. 20 2.2.3.8 JAVA APPLET ........................................................................................................ 20 2.3 INVESTIGATION OF POSSIBLE MINIMAL-FOOTPRINT MW-ARCHITECTURES ....................... 21 2.3.1 REQUIREMENTS OF A MINIMAL-FOOTPRINT MIDDLEWARE ARCHITECTURE ................. 21 2.3.1.1 PLATFORM INDEPENDENCY .................................................................................. 21 2.3.1.2 BROWSER INDEPENDENCY .................................................................................... 21 2.3.1.3 NUMBER OF COMPONENTS TO BE INSTALLED ...................................................... 21 2.3.2 EXAMINATION OF POSSIBLE SOLUTIONS ........................................................................ 21 2.3.3 DESIGN OF A MINIMAL-FOOTPRINT MIDDLEWARE ARCHITECTURE ............................... 22 2.4 SUMMARY ............................................................................................................................ 23 STORK-eID Consortium Page 2 of 39 Work Item 3.2.5: eID OSS Middleware 09 November 2009 3 PROOF OF CONCEPT OF A MINIMAL-FOOTPRINT MIDDLEWARE ......................... 25 3.1 INTRODUCTION ..................................................................................................................... 25 3.2 GENERAL ARCHITECTURE OF THE MIDDLEWARE DEMONSTRATOR .................................... 25 3.3 PROVIDED FEATURES OF THE MIDDLEWARE DEMONSTRATOR ........................................... 25 4 SECURITY ANALYSIS OF A MINIMAL-FOOTPRINT MIDDLEWARE ....................... 29 4.1 INTRODUCTION ..................................................................................................................... 29 4.2 ARCHITECTURE OF THE MINIMAL-FOOTPRINT MIDDLEWARE ............................................. 29 4.2.1 GENERAL MIDDLEWARE ARCHITECTURE ....................................................................... 29 4.2.2 PARTICIPATING ENTITIES ................................................................................................ 30 4.2.2.1 USER ..................................................................................................................... 31 4.2.2.2 ONLINE APPLICATION OPERATOR ........................................................................ 31 4.2.2.3 MIDDLEWARE SERVER OPERATOR ....................................................................... 31 4.2.2.4 APPLET PROVIDER ................................................................................................ 31 4.3 SECURITY ANALYSIS OF THE MINIMAL-FOOTPRINT ARCHITECTURE ................................... 32 4.3.1 POSSIBLE ATTACKS ......................................................................................................... 32 4.3.2 OPERATION MODE “VISUALISATION BY APPLET” .......................................................... 32 4.3.3 OPERATION MODE “VISUALISATION BY SERVER”.......................................................... 33 4.3.4 IMPLICATIONS ON THE CURRENT IMPLEMENTATION ...................................................... 34 4.4 COMPARISON TO INSTALLATION-BASED APPROACHES ....................................................... 34 4.5 SUMMARY ............................................................................................................................ 35 5 CONCLUSIONS .................................................................................................................... 37 REFERENCES ............................................................................................................................... 38 STORK-eID Consortium Page 3 of 39 Work Item 3.2.5: eID OSS Middleware 09 November 2009 Abbreviations APDU Application Protocol Data Unit API Application Programming Interface CAPI Cryptographic Application Programming Interface CIL Common Intermediate Language CLR Common Language Runtime CNG Cryptography API: Next Generation COM Component Object Model CSP Cryptographic Service Providers DES Data Encryption Standard DF Directory File DLL Dynamic Link Library DOM Document Object Model EF Elementary File eID Electronic Identity HTML HyperText Markup Language IDE Integrated Development Environment IE Internet Explorer IT Information Technology JRE Java Runtime Environment JVM Java Virtual Machine MS Microsoft NSA National Security Agency OLE Object Linking and Embedding OS Operating System OSS Open Source and Open Specification PC/SC Personal Computer / Smart Card PDF Portable Document Format PHP PHP: Hypertext Preprocessor PKCS Public Key Cryptography Standards RSA Rivest Shamir Adleman RTMP Real Time Messaging Protocol S/MIME Secure / Multipurpose Internet

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    39 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us