Slashdot Mirror

← Back to Stories (view on slashdot.org)

Estonia Is Enhancing the Security of Its Digital Identities (medium.com)

Posted by msmash on from the time-for-an-upgrade dept.

Estonia is upgrading the security of ID cards and digital IDs used by citizens, residents and e-residents. A new certificates update has been developed based on advanced elliptic-curve cryptography, which is more secure and faster than the SSL certificates previously used. From a report: This certificate update will protect users from a potential security vulnerability that the Estonian government announced last month had been identified by a group of security researchers. It has now been confirmed that the vulnerability is contained in software that had previously been installed on the embedded chip used in ID cards around the world, including those issued by Estonia between 16 October 2014 and 25 October 2017. Although the problem is international, minimising the risk and developing a solution has been a top priority for Estonia since the government was informed. However, there has still been no reported incidents of any Estonian digital ID or ID card being misused in the way described by the researchers. Considerable resources and expertise would be required for this so the risk for most people affected has always been low.

36 comments

  1. Impressed by EndlessNameless · · Score: 4, Interesting

    That is a remarkably fast response to a systematic vulnerability by the government.

    Assuming this is related to the recently disclosed Infineon vulnerability, less than a month has lapsed between public disclosure of the vulnerability and a formal announcement of their affected assets and remediation process.

    I have seen places that would take twice as long just to figure out what is affected in the first place.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    1. Re:Impressed by Entrope · · Score: 4, Informative

      The Estonian government was informed of the breach by August 30: http://estonianworld.com/techn...

      Still, it's good that they moved reasonably quickly to use a more secure algorithm.

    2. Re:Impressed by erapert · · Score: 1

      That is a remarkably fast response to a systematic vulnerability by the government.

      Agreed.
      This tells me that they probably planned for exactly this to happen and made sure that all they had to do was upgrade a little piece of software and everything else would still be good.
      But, as you pointed out, this is exactly the sort of planning and foresight one wouldn't expect from a government.

    3. Re: Impressed by Anonymous Coward · · Score: 0

      Islam in Estonia:

      Estonia has one of the smallest Muslim communities in Europe. According to the census of 2011, the number of people who profess Islam was 1,508 in Estonia. The number of practicing Muslims is small and, in the absence of a mosque, the Turath Islamic Cultural Center serves as a center of worship.

      Are you afraid of Jedi and Pastafarians too?

    4. Re:Impressed by Anonymous Coward · · Score: 0

      As a center of oil technology, Estonia has long now had issues with Russia, which wants to control it again. Judging from many of the posts here, Russians are all over this thread, too.

    5. Re:Impressed by Anonymous Coward · · Score: 2, Interesting

      That is a remarkably fast response to a systematic vulnerability by the government.

      The response is very fast, but the execution of this update is not very well done. First they announced of the vulnerability and that the government is working on a fix, but basically claimed this is not serious enough to affect their digital plans. Then after two months of complete silence they suddenly sent an email (on October 31st) saying that people need to renew their private keys ASAP and all certificates will be revoked "early November", meaning the card most likely will stop working on an unspecified date very soon, just a few days after the notice.

      This would all be fine, except that since October 31st their key renewal server has been continuously down under too heavy load and it has practically been impossible to renew the private keys. This is no wonder, since they put pressure on people to do this update ASAP and even those who would otherwise not be hurried are now trying to update. This means that if they stick with their plan it is quite likely that many people will be denied access to many government services, all just because their systems cannot take the load.

      In addition to all this, the new ECC certificates do not work on Mac OS X except using Firefox, and they say some December 15th update of Firefox will break them on Firefox as well. The official response is to download the current Firefox and keep it outdated during December to be able to access the systems on Mac, which is not very good idea considering there can be other exploits out there. There are no technical details of what exactly is causing the Firefox regression or why the ECC certificates do not work, therefore even capable people cannot look into this and create own builds of Firefox that would continue to work.

      In general, it seems Estonian government is able to move really fast with their electronic services, but it is partly because the solutions they put out seem a bit half-assed. I guess this is all because they have an election coming, and all you need to vote is one of these electronic ID cards and its PIN codes. Russian intelligence is surely very interested to affect the Estonian election (check the map if you are interested in why), and people at the Estonian government must have been crapping their pants this one or two months.

    6. Re:Impressed by mardu · · Score: 2

      In general, it seems Estonian government is able to move really fast with their electronic services, but it is partly because the solutions they put out seem a bit half-assed. I guess this is all because they have an election coming, and all you need to vote is one of these electronic ID cards and its PIN codes. Russian intelligence is surely very interested to affect the Estonian election (check the map if you are interested in why), and people at the Estonian government must have been crapping their pants this one or two months.

      Estonia already had an election right after the first reports of this vulnerability. Currently, nothing is coming for the next two years so this is not the reason of the quick deployment.

    7. Re:Impressed by Anonymous Coward · · Score: 0

      The implementation of the update process is .. plain clusterfuck. I don't know any other word to describe what's currently happening.

    8. Re:Impressed by Anonymous Coward · · Score: 0

      In addition to all this, the new ECC certificates do not work on Mac OS X except using Firefox, and they say some December 15th update of Firefox will break them on Firefox as well.

      ECC certificates work just fine on macOS (10.10 fixed a bug with ECDSA/SHA384). You need to be using SHA2 signatures or better since SHA1 signatures have long been deprecated.

  2. In other words the risk for many was High by xxxJonBoyxxx · · Score: 1

    >> Considerable resources and expertise would be required for this so the risk for most people affected has always been low

    Turning that around for a moment: in many cases (not "the most") the considerable resources and expertise required to exploit the system would have been worth expending to scam certain individuals (probably those with influence, power, a reputation to sully, etc.)

  3. This by batukhan · · Score: 2
    It always amazes me when americans debate electronic voting. Of course it's bad if you use 15 year old servers from the local city council. Now you guys are thinking of creating a biometric identification system? Who comes up with this? Why not have a simple PKI setup and hand out ID cards?
    • A reader costs $10. Everyone has them.
    • No papers, no signatures, no fuzzy biometrics. File taxes in 1 minute.
    • No credit cards, only debit. Authenticate instantly and securely. No credit fraud. No identity theft.
    • Vote from home in 5minutes. Only way to make it more secure is to add a blockchain. Maybe next election?
    1. Re: This by Anonymous Coward · · Score: 0

      And what happens when you lose your ID card or it's stolen? You Europeans really don't think this stuff through, do you?

    2. Re: This by batukhan · · Score: 3, Informative

      Requires PIN1 to identify yourself, PIN2 to sign documents. 3 wrong tries blocks the chip. Go to your local police department to apply for a new card.

    3. Re:This by batukhan · · Score: 1

      Also, i would like to add that for years there has been an even better system. They put the keys on a SIM card and you don't even need your ID card or the reader. It's called mobile-id and it's awesome. Whenever you need to authenticate yourself there's an API call to the central system, which sends you an SMS. A tiny program on the SIM card prompts you for your PIN number and sends back the response. Bank transfer on my mobile is almost as simple as a debit payment at a cash register: enter recipient and amount, enter your PIN. done

    4. Re:This by Shogun37 · · Score: 2

      Can you spell s i g n a l i n t e r c e p t? There is no "perfect" security platform. From Murphy's Laws of Combat. "If the Enemy can't get in, you can't get out." The ONLY way to keep a password, of any type, secure is to never use it. Copied data files, intercepted cell traffic, phishing, or some one writing down a pass phrase. And if it looks like perfect security from your end, it still has to sit on some one's server. Just like a lock on a door shows an honest man his limits and keeps out the lazy, stupid, and unmotivated, if some one wants your data badly enough and is smart they will get it.

    5. Re:This by xxxJonBoyxxx · · Score: 1

      >> Why not have a simple PKI setup and hand out ID cards?

      Have you seen the resistance against requiring even (easy to forge) drivers licenses and other state- and federal-issued IDs? It has nothing to do with the quality of the credential, but the perceived difficulty in obtaining the credential.

    6. Re: This by Anonymous Coward · · Score: 0

      And if I have PUK1 and PUK2 codes then I can unlock blocked PIN1 and PIN2 codes myself.

  4. Meanwhile in the US by liquid_schwartz · · Score: 2

    People call it racist when you require any ID at all. If someone cannot be bothered to even have ID why on Earth would you trust them with voting? It boggles the mind.

    1. Re:Meanwhile in the US by FeelGood314 · · Score: 1

      Because getting ID in the USA is hard. If you don't drive, are poor and can't get credit what piece of ID would you have? There are many parts of the USA that are essentially third world. Voter ID laws mean that people from these places won't be able to vote so their areas can then be further ignored.

    2. Re:Meanwhile in the US by liquid_schwartz · · Score: 2, Insightful

      Because getting ID in the USA is hard.

      That's absurd. It's actually easier than just about any other dealing you will have with the government. Moreover any even marginally productive member of society would already have ID. Your statement is false and fatuous.

      If you don't drive, are poor and can't get credit what piece of ID would you have?

      What you are probably unaware of is that states also issue ID. It looks just like a drivers license in California other than it says "Identification" instead of "Drivers License". It's easier to get as it doesn't require a test like a drivers license would.

      There are many parts of the USA that are essentially third world. Voter ID laws mean that people from these places won't be able to vote so their areas can then be further ignored.

      The parts of the US most like a third world are the immigrant heavy portions where all the signs are in a foreign language. They get catered to by us translating all government documents into the language of their choice.

      Lets be adults for a moment. Would you agree that there is a minimum level of participation required to be a citizen? Unless you say no and have no standards then I think we can agree that getting ID is part of that minimum. If someone cannot be bothered to even have ID I have no issue calling that person unqualified to vote. The fact that on average a higher percentage of certain minorities lack ID says more about those groups than anything else. There is no racism stopping them from getting ID, "the man" isn't keeping them from getting ID, only they are keeping themselves from getting ID. If they want to vote, it's a small price to pay.

    3. Re:Meanwhile in the US by DNS-and-BIND · · Score: 1

      If those that demand no Voter Identification were concerned for the poor, they'd facilitate the acquisition of ID, not seek ways to avoid it. After all, what's the best job you ever had where you didn't need to identify yourself? If we only had NGOs to drive people to the DMV and pay the twenty bucks for them. If only...

      Only ONE party disapproves of measures to make our elections secure. Voter ID is NOT some racist bullshit, EVERY COUNTRY THAT'S not a dictatorship has some form of assuring that the person voting is entitled to. EVERY COUNTRY.

      Maxine Waters, an advocate against voter ID, requires an ID to attend her town hall meeting.

      Hillary Clinton's Book Tour. Valid Photo ID Required. Suppressing Minority Turnout.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    4. Re:Meanwhile in the US by Anonymous Coward · · Score: 0

      People call it racist when you require any ID at all.

      I don't call it racist. I call it fascist. And Republicans are the fascist party.

      If someone cannot be bothered to even have ID why on Earth would you trust them with voting?

      Well, ~50% of the population has below average intelligence, so why should we trust them with voting? And the poor, who are obviously bad with money, why should we trust them with voting? And white men, who seem to constantly be losing ground when it comes to the hegemony of their power, why should we them with voting? Oh, right, voting isn't about "trust". It's about the ideology that a person who lives in a region and is subject to the laws of that region (which invariably means being taxed*) should have a say in that law even if it's so small a thing as a vote.

      The real question is, why do you think ID laws are necessary at a more fundamental level? You make it sound like an IQ test or a trust test which, btw, have been made unconstitutional precisely because they were selectively applied to remove some people--blacks, mostly--from the voter pool. Oh, right, maybe *that* is why there's an issue. It's not that ID laws for voting per se are inherently abusive** (regardless of what liberals and Democrats say), but they've been created as a means to facilitate abuse. Honestly, you'd think both major parties would be against them.

      Oh, and as for the claim of fraud? Uh, yea, you make it sound like a person who can so easily get an ID in one area couldn't get an ID in two areas or three or four. Considering how few people do vote? It'd be pretty easy to just make up IDs for a lot of different people, use your face on the card, and vote many places. You'd just need some inside info on who is currently registered vs who could be registered. After all, the complaint is not about a single individual voting twice. It's about systemic abuse which implies systemic cooperation from members of one or both parties.

      It boggles the mind.

      Papers, please.

      * Unless you live in some sanctioned off "wild" area in the borders of a country, directly or indirectly you will pay taxes. "Income" tax is far from the only tax.

      ** In the same way that "taxation without representation" is not inherently abusive. It just tends to be.

    5. Re:Meanwhile in the US by Anonymous Coward · · Score: 0

      If it's easy to get ID, then there's no point in requiring it. There's plenty of folks who are bonefide citizens but have very little paperwork to prove it.

      I never gave it much thought till a lot of folk in my town got their homes destroyed in a natural disaster recently; proving who they are was hard even though the local government recognised the problem and made a lot of extra resources available to help. The standard route to getting basically all government-issued ID requires you to already have a different form of government-issued ID; the fall back is taking your original birth certificate and travelling across the country to be interviewed to "prove" that you are you. I know because I had to do it; the whole thing cost me maybe $300 dollars including transport and fees. I'm fortunate that I'd merely lost my documents rather than everything that I owned, so I could take the time and trouble to get it sorted out; there's plenty of people who had to wait and wait and wait for the state government to get it's act together and decide how they were going to securely re-issue documents en-mass.

      Also: birth certificates are really no security at all. Just pick a parish or county whose records office has lost a bunch of records (plenty of well publicised instances) and claim to have been born there. How would they check?

    6. Re:Meanwhile in the US by Anonymous Coward · · Score: 0

      That's absurd. It's actually easier than just about any other dealing you will have with the government.

      Assume you live in your current state. You were born in a neighboring state (pick one). Due to chaotic life events common to the poor, you've lost most of your possessions, including your expired driver's license, birth certificate, and all other forms of ID. You are living in a room you rent (no utility bills), and obviously don't have a vehicle.

      This is not an uncommon circumstance for the poor, btw.

      Now, look up what you would require to get state photo ID.

      Still think it's easy?

    7. Re:Meanwhile in the US by liquid_schwartz · · Score: 1

      That's absurd. It's actually easier than just about any other dealing you will have with the government.

      Assume you live in your current state. You were born in a neighboring state (pick one). Due to chaotic life events common to the poor, you've lost most of your possessions, including your expired driver's license, birth certificate, and all other forms of ID. You are living in a room you rent (no utility bills), and obviously don't have a vehicle.

      This is not an uncommon circumstance for the poor, btw.

      Now, look up what you would require to get state photo ID.

      Still think it's easy?

      I think that if you can't even get ID together then you've shown a *complete* inability to do basic tasks. Why would you advocate for such a person to vote? I take voting seriously enough to consider a minimum standard. While I agree that the minimum standard shouldn't be too high ID easily is met by that. Moreover, how do you suggest preventing fraud? What's to keep me from voting dozens of times? Or volunteering for voting booth duty and then filling in all the unclaimed ballots? Some level of fraud preventing is necessary to prevent things like having 3.5M more registered voters than citizens:

      https://www.investors.com/poli...

  5. Poll tax by Anonymous Coward · · Score: 0

    If you must be a "productive member of society" to vote, that's practically the definition of a poll tax.

    In the US, our Constitution defines birth under specific conditions as the "minimum level of participation required to be a citizen". If you don't like that definition, then jump through the required hoops to change the Constitution and quit asking for a lower hurdle.

    1. Re:Poll tax by liquid_schwartz · · Score: 1

      If you must be a "productive member of society" to vote, that's practically the definition of a poll tax.

      In the US, our Constitution defines birth under specific conditions as the "minimum level of participation required to be a citizen". If you don't like that definition, then jump through the required hoops to change the Constitution and quit asking for a lower hurdle.

      There are simple solutions, like giving away ID cards for free. In truth, I doubt that would placate you as the real issue is elsewhere. I doubt the constitution will be changed as we can't even agree on basic standards - fox example proving you are who you say to vote. What I call common sense you, and others like you, call voter suppression. I'm holding out hope for US 2.0, which with a bit of luck will be a peaceful fragmentation not unlike the Soviet Union breaking up into more manageable countries.

  6. SSL? You mean TLS, don't you? by Anonymous Coward · · Score: 0

    SSL has been deprecated - use TLS instead.

  7. Come again Re: Impressed by Anonymous Coward · · Score: 0

    Eestonia is a centre of what?

  8. recommendable services by Anonymous Coward · · Score: 0

    I recommend botspyATcyberservicesDOTcom for those who need help with hacking; i like to testify that botspyATcyberservicesDOTcom is the best and most professional spy hacker to hire. I have used botspyATcyberservicesDOTcom so many times and has never failed me. botspyATcyberservicesDOTcom is the best hacker i ever employed, competent, skilled and reliable, botspyATcyberservicesDOTcom render services in hacking for various purpose like a Cheating Spouse mobile phone and messages, University grades update, Bank accounts hack, Twitter /Facebook /Instagram /Snapchat / Whatsapp hack, Text message interception hack, email interception hack email accounts hack, crashed Website, Retrieval of lost file/documents, Erase criminal records hack, Databases hack, Untraceable Ip installation, Individual computers hack, including any social media account, Android and iPhone Hack send a mail to botspyATcyberservicesDOTcom