Thursday, June 11, 2009

Open source for government security

Yubikeys in the EnterpriseCentrelink have developed a Protocol for Lightweight Authentication of Identity (PLAID). This might work well with the Yubikey open source hardware security device. Centrelink are holding free workshops in the USA later in the month, to interest smartcard developers in PLAID. But they may not need to travel that far, as there are Yubikey developers meeting in Canberra, a few kilometres from the Centrelink office on "Yubikeys in the Enterprise":

The next PSIG meeting is June 11th

Bob EdwardsSpeaker
Bob Edwards

Bob will be talking about programming systems to interface with the Yubikey.

During this presentation, Bob will be demonstrating:

  • how a yubikey works
  • how to reprogram a yubikey with your own AES 128-bit key and IDs
  • an open source server he has written in C to authenticate yubikeys
  • how to add yubikey authentication to a web site and to SSH (via PAM)

The yubikey server C code will be examined demonstrating
principles of:

  • connecting to and querying a PostgreSQL database
  • authenticating via Pluggable Authentication Modules (PAM)
  • emulating an LDAP servers bind method
  • performing Secure Socket Layer (SSL) communications
  • other C stuff (logging errors etc., parsing a config file, going into daemon mode, avoiding global variables and gotos - just because, etc.)

All constructive criticism eagerly welcomed... (except for those saying "I could do that in 3 lines of Python...")

Any experts on autoconf/automake configuration especially welcome...
From: Canberra Linux Users Group, CLUG, 2009

1 comment:

Tom Worthington said...

The slides are available from Bob Edwards talk: "Yubikeys in the Enterprise".

Also there is a discussion of security using such devices in the Canberra Lunux Mailing list.