Upload
oscar-gaines
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Cartão de Cidadão
Security and authentication
Bruno Duarte – ei07136Pedro Barbosa – ei08036Rúben Veloso – ei11001
The "cartão de cidadão"
Physical and digital document that identifies citizens
Simplify usage of public services via telephone or internet
Objective
What is it?
- SmartCard:
- Incorporated microprocessor;
- Allows cryptographic processing;
- Allows storage;
- Fulfill international standards.
Official Applications
Similar application on Windows and Linux
Cards Architecture
Authentication
eID PT PKCS#11- Library to develop applications for “cartão do cidadão”;
- Simpler interface;
- Available for Java and .NET;
- Developed above PKCS#11.
- Appropriated for smartcards;
- Cryptography patterns(RSA Laboratories);
- Support for most used cryptographic methods (RSA, X.509, ...);
- Low Level interaction.
SOD Files• PTEID_GetCertificates();
• PTEID_GetADDR();
• PTEID_GetPins();
• PTEID_SetSOCAs() – define certificates location;
• PTEID_SetSODCheckin() – defines usage of above function.
Basic security principles
Developed examples
- Java Application using
eidPT;
- Application .NET C#
Using eidPT;
- Microsoft Office signature
method test
.NET C#
- Data read;
- Address read and
validation;
- SWatcher.
Java
- Data read;
- Data read and
validation;
Possibles failures
Vulnerabilities:
- key loggers;
- Applications not using official library;
- Trojans;
- No evident failures with the system;
- The reported error was not reproduced (PKCS#11);
Conclusions
- Manual vs Digital signatures;
- System is generally well conceived;
- People need to be aware of vulnerabilities and try to avoid it