×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Australian Gov't Offers $560k Cryptographic Protocol For Free

Soulskill posted more than 4 years ago | from the as-in-beer dept.

Security 163

mask.of.sanity writes "Australia's national welfare agency will release its 'unbreakable' AU$560,000 smart card identification protocol for free. The government agency wants other departments and commercial businesses to adopt the Protocol for Lightweight Authentication of ID (PLAID), which withstood three years of design and testing by Australian and American security agencies. The agency has one of Australia's most advanced physical and logical converged security systems: staff can access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments. PLAID, which will be available soon, is to be used in the agency's incoming fleet of contact-less smartcards that are currently under trial by staff. It will replace existing identity cards that operate on PKI encryption."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

163 comments

Surprisingly sedate acronym (3, Insightful)

Sockatume (732728) | more than 4 years ago | (#27759017)

Somehow that makes it more sinister than calling it "RAZORBAK" or "AOK JINGOSIM".

Re:Surprisingly sedate acronym (2, Funny)

Sockatume (732728) | more than 4 years ago | (#27759031)

(I'm not saying that the encryption is sinister, just that after so many contrived fist-pumping acronyms in the past decade, it's creepy.)

So when it gets replaced (5, Funny)

courtjester801 (1415457) | more than 4 years ago | (#27759035)

Can it be referred to as the Former Lightweight Authentication of ID, or FLACID?

Re:So when it gets replaced (1)

navyjeff (900138) | more than 4 years ago | (#27759783)

Can it be referred to as the Former Lightweight Authentication of Centrally Controlled ID, or FLACCID?

A little more info (4, Informative)

explosivejared (1186049) | more than 4 years ago | (#27759037)

Here is a briefing [74.125.47.132] on the PLAID 6 protocol with more specifics on the actual algorithms and cryptography in general involved. PDF link [secureidnews.com] if the first one doesn't work for you.

Re:A little more info (4, Informative)

TechyImmigrant (175943) | more than 4 years ago | (#27759461)

The protocol looks unremarkable. They pass some entropy and IDs back and forth, using conventional standards based encryption and hash algorithms.

Their problem is keeping the cards secure and they state clearly that they are using commercially available smart cards.

There are secrets in the cards, an RSA private key and an AES master key. The bigger problem is keeping these secrets in the cards and distributing the keys to cards. The PLAID protocol has no bearing on these matters.

Re:A little more info (5, Informative)

swillden (191260) | more than 4 years ago | (#27759863)

There are secrets in the cards, an RSA private key and an AES master key. The bigger problem is keeping these secrets in the cards and distributing the keys to cards. The PLAID protocol has no bearing on these matters.

Which is fine, because those problems are easily solved.

Commercially-available smart cards provide a rather high degree of security. Extracting keys from them isn't impossible (nothing is), but it is very difficult and expensive. I design high security systems for a living, and we have no concerns about the security of the cards themselves, because experience shows it's just not an issue.

What we do focus on is the security of the issuance process, because that's where those keys get injected. That problem is also solvable, mainly by performing the key injection in secure facilities using highly secure devices (FIPS 140-2 level 4 certified hardware security modules). It's expensive and complex (from a management and process perspective, not a technical perspective), but a high degree of security is achievable.

The protocol looks unremarkable. They pass some entropy and IDs back and forth, using conventional standards based encryption and hash algorithms.

It is unremarkable, which is one of its most significant strengths. It's just a lighter-weight approach to the problem, one that can be implemented efficiently on current-generation hardware. Previously, PK authentication on smart cards was considered too slow to use for physical access control and other applications where sub-second authentication was required. Faster smart cards coupled with a lightweight authentication protocol mean that PK authentication can be completed reliably in as little as 200 ms. That's fast enough to use it for transit applications.

Re:A little more info (2, Insightful)

oldhack (1037484) | more than 4 years ago | (#27760885)

If it's so unremarkable, what makes it worth half million Australian dollars, then? Unremarkable patent, perhaps?

Re:A little more info (1)

thsths (31372) | more than 4 years ago | (#27760153)

> Their problem is keeping the cards secure and they state clearly that they are using commercially available smart cards.

The other problem is the use of an RFID interface. Unless you have a metal wallet, your card would be vulnerable to third party use as long as they can get close enough to your wallet. The normal readers can only bridge a few centimeters, but there is no reason why with proper signal amplification it should not work over a meter or more. Suddenly new attack scenarios become feasible that are completely unnecessary.

RFID may be nice, but the card needs an off switch to be safe.

Re:A little more info (1)

TechyImmigrant (175943) | more than 4 years ago | (#27760789)

You missed the bit about it performing strong mutual authentication. What third party attacks are you concerned about?

Re:A little more info (2, Informative)

profplump (309017) | more than 4 years ago | (#27761077)

"Completely unnecessary" is a stretch at best -- contact-less interfaces have real benefits. The most obvious is a lack of contamination and corrosion, both on the card and the reader. Another is decreased read times, which allows you to use the cards in more places without increasing the level of annoyance.

Not to mention the "new attack scenarios" do not include simple copying of the card UUID, so radio-based attacks would need to be interactive:
1. Attacker camps out at door with radio equipment
2. Attacker points antenna at employee coming towards door
3. Attacker is able to authenticate to the door as approaching employee

While that's certainly a technically feasible attack it's not terribly practical in execution, even if you setup an out-of-band comm system to isolate the card under attack from the person entering the building.

Plus you really could just issue a foil-lined holder if you were worried about such attacks. Or make authentication two-factor and require the entry of a PIN or somesuch in addition to the card scan.

It is the fastest protocol (3, Funny)

Anonymous Coward | more than 4 years ago | (#27759581)

While some crypto protocols are capable of ludicrous speed, this protocol can go plaid.

PLACID (4, Funny)

ajlitt (19055) | more than 4 years ago | (#27759051)

That's a much better acronym than the originally proposed Protocol for Automated National Identification and Control.

Re:PLACID (5, Funny)

Java Pimp (98454) | more than 4 years ago | (#27759113)

That's a much better acronym than the originally proposed Protocol for Automated National Identification and Control.

Or the lesser known Protocol for Enhanced Network and Internet Security.

Re:PLACID (4, Funny)

Red Flayer (890720) | more than 4 years ago | (#27760517)

But any of us with good fashion sense would prefer the Protocol for Authenticating Identification Systems with Latent Encryption Yobs over the original PLAID anyway.

Re:PLACID (0, Redundant)

Morphine007 (207082) | more than 4 years ago | (#27759205)

Wasn't the UK working on something similar to this? I believe it was something along the lines of Popular Encrypted National Identity Scheme...

It scares me when ... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#27759089)

... they tell you it's "unbreakable" or "uncrackable". In related news, the emperor's new clothes are unstainable, and waterboarding is untorturable.

I laugh ... (4, Insightful)

Morphine007 (207082) | more than 4 years ago | (#27759187)

... when an organization claims that they're going to provide something that's unbreakable [securityfocus.com]

The claim is usually an open invitation to reduce the "unbreakable" object to ashes.

Re:I laugh ... (1)

PetriBORG (518266) | more than 4 years ago | (#27759287)

Of course it will be broken in some ways, but this does sound like it would be an improvement over the current set of problematic ID systems. I mean if an ID with protection in depth that was actually cryptographically secure could be created... Well lets just say I would feel a lot better using it in a more wide spread area (think credit cards / money transfers, or more creative things).

Re:I laugh ... (1)

Morphine007 (207082) | more than 4 years ago | (#27759301)

Possibly. If nothing else, claiming that it's unbreakable will be a good way of getting droves of cryptographers to do everything in their power to rip the algorithms and protocols to shreds. Then at least, if v1.0 is crap, v2.0 might be better.

Re:I laugh ... (1)

drinkypoo (153816) | more than 4 years ago | (#27759323)

The claim is usually an open invitation to reduce the "unbreakable" object to ashes.

Unbreakable, not unburnable...

Inflammable Means Flammable? What A Country!

Here's the relevant snippet from TFA [computerworld.com.au]:

Centrelink documents reported the hackers cannot break the PLAID protocol because it uses two cryptographic algorithms in its scrambling process in rapid succession -- typically less than a quarter of a second -- whereas other systems use a single algorithm.

"PLACID is the only system that preserves the privacy of the cardholder from ID leakage. Other systems 'talk' from card to mainframe using easily captured personal information and unique identifiers in the ID-authentication process," the documents reported. Centrelink claims hackers cannot read query data between the terminals and smartcards even if it is intercepted because of the scrambling feature.

Does anyone know enough about PLACID and double encryption to know if double encryption is being used meaningfully here, or if it is still vulnerable to a MITM attack?

Re:I laugh ... (1)

Morphine007 (207082) | more than 4 years ago | (#27759429)

Someone posted a link to a briefing above. It's using SHA1, RSA and AES. Those are typically fairly solid algorithms (though there's a theoretical weakness in SHA1, but no exploit for it that I'm aware of). So the use of a fast symmetric cipher (AES) to handle comms after a slow asymmetric cipher (RSA) is used to handle password negotiation is known to be solid. However, the devil, as always, is in the details, and the powerpoint presentation is fairly thin on those.

Oracle Breakable After All (1)

tepples (727027) | more than 4 years ago | (#27759451)

... when an organization claims that they're going to provide something that's unbreakable [securityfocus.com]

So I guess [slashdot.org] neither Oracle nor Slashdot moderation is unbreakable.

Re:I laugh ... (4, Interesting)

mark-t (151149) | more than 4 years ago | (#27759529)

Meh.... unbreakable encryption is easy, or so close to it that the difference is largely irrellevant:
  1. Find any two nice and large prime numbers and publish them. Call them A and B. Call their product C. Let n = one less than the number of bits in C.
  2. Both the source and destination can pick any number that is coprime to (A-1)*(B-1), call them Xs and Xd. They do not share this information.
  3. The source and destination then compute Ys and Yd, respectively, such that their own X*Y is congruent to 1 mod (A*B). They do not share this information.
  4. The source takes n bits from the data, D, and applies the following transform: D = D ^ Xs mod C. This data is transmitted.
  5. The destination then applies the transform D = D ^ Xd mod C and transmits that back to the source.
  6. The source applies the transform D = D ^ Ys mod C and transmits that to the destination
  7. The destination finally applies D = D ^ Yd mod C, and in this final transform retrieves the unencrypted data.

This allows one to completely securely transmit up to n bits of data from a source stream, and because the source and destination can pick new X and Y values with every transmission, and unencrypted data is never found on any transmitted data stream. The likelihood of breaking it is genuinely 1 in 2^n and can only be broken by brute force attack. Factoring methods will not break the encryption because what would normally be associated as a public/private key pair (X,Y) in some other encryption protocols is never shared with the other party.

Re:I laugh ... (5, Informative)

smallfries (601545) | more than 4 years ago | (#27759781)

That looks familiar but I can't remember the name, what scheme is it?

The likelihood of breaking it is genuinely 1 in 2^n and can only be broken by brute force attack.

That's not strictly true. Although the discrete log problem is hard it is still a computational assumption. Proving that 2^n is a lower bound would be a significant achievement. This scheme is only "unbreakable" in the sense that RSA is - breaking it requires solving a problem that we suspect, but are unable to prove, is very hard.

Re:I laugh ... (1)

SloppyElvis (450156) | more than 4 years ago | (#27760519)

The likelihood of breaking it is genuinely 1 in 2^n and can only be broken by brute force attack.

That's not strictly true. Although the discrete log problem is hard it is still a computational assumption. Proving that 2^n is a lower bound would be a significant achievement. This scheme is only "unbreakable" in the sense that RSA is - breaking it requires solving a problem that we suspect, but are unable to prove, is very hard.

Unless I am mistaken...

  1. MIN(A,B) <= SQRT(C)
  2. SQRT(C) < 2^n for all cases where n>1

...that can still leave a huge brute force search space of course.

Computational Workload (1)

Cassini2 (956052) | more than 4 years ago | (#27761375)

The likelihood of breaking it is genuinely 1 in 2^n and can only be broken by brute force attack.

That's not strictly true. Although the discrete log problem is hard it is still a computational assumption. Proving that 2^n is a lower bound would be a significant achievement. This scheme is only "unbreakable" in the sense that RSA is - breaking it requires solving a problem that we suspect, but are unable to prove, is very hard.

Unless I am mistaken ... [Proof that search space is much smaller than 2^n] ... that can still leave a huge brute force search space of course.

Additionally, there are a few additional reasons why the lower bound must be smaller than 2^n.
1. The requirement of Xs, Ys, and Xd, Yd to be coprimes significantly reduces computational workload.
2. It is statistically possible to "get lucky", and randomly guess the right results, so the strict lower bound must be 1.
3. Even if using a bench mark like the "average time to break the code", the lower bound must still be much less than 2^n. One only needs to guess on average 1/2 of the possibilities to finish in the mean amount of time.
4. The requirement that A and B are primes must somehow limit the number of guesses considerably, especially if n is large, because the density of primes decreases with increasing n. It just might not be obvious how to make use of this information.
5. The algorithm requires random number generators for A, B, Xs, and Xd. It is very difficult to make "good" random number generators with computers. These algorithms are notorious for being easy to break. Bad seeds were the cause of the recent ssh bug.

Re:I laugh ... (2, Insightful)

Confuse Ed (59383) | more than 4 years ago | (#27760385)

3.The source and destination then compute Ys and Yd, respectively, such that their own X*Y is congruent to 1 mod (A*B). They do not share this information.

Should that be 1 mod ((A-1)*(B-1))?

I'm not that convinced that relying on the discrete logarithm problem (at the cost of 4x as much network communication) rather than directly on the factoring problem (like more commonly discussed PK based systems) has any additional security : aren't the 2 problems of identical complexity?

Re:I laugh ... (1)

Stratocastr (1234756) | more than 4 years ago | (#27760977)

Should that be 1 mod ((A-1)*(B-1))?

I'm not that convinced that relying on the discrete logarithm problem (at the cost of 4x as much network communication) rather than directly on the factoring problem (like more commonly discussed PK based systems) has any additional security : aren't the 2 problems of identical complexity?

This is the RSA algorithm. It hasn't been broken in the last 30 years by the smartest people. Either that, or the govt.(NSA) knows how to break it and is keeping it under wraps.

Re:I laugh ... (1)

Confuse Ed (59383) | more than 4 years ago | (#27761245)

This is the RSA algorithm. It hasn't been broken in the last 30 years by the smartest people. Either that, or the govt.(NSA) knows how to break it and is keeping it under wraps.

The algorithm in mark-t's post is not the one described on http://en.wikipedia.org/wiki/RSA [wikipedia.org] : I read it as a varient that (using the wikipedia page's notation) is making {p,q} public instead of {n,e}, with a corresponding adjustment to the messages that need to be exchanged.

this relies on the discrete logarithm of (d6=d5^Ys mod C) being difficult to solve from step-6 (with d6,d5 and C being known to an eavesdropper : Ys being what you need to figure out to break the encryption) - compared to the wikipedia articles RSA algorithm that more directly relies on factorising n being the difficult step.

Re:I laugh ... (1)

Confuse Ed (59383) | more than 4 years ago | (#27761329)

oops - I should have read more closely...

because the source and destination can pick new X and Y values with every transmission

I see now that _that_ is what you gain for the additional bandwidth cost

Re:I laugh ... (1)

TubeSteak (669689) | more than 4 years ago | (#27760643)

Meh.... unbreakable encryption is easy, or so close to it that the difference is largely irrellevant:
...
4. The source takes n bits from the data, D, and applies the following transform: D = D ^ Xs mod C. This data is transmitted.
5. The destination then applies the transform D = D ^ Xd mod C and transmits that back to the source.
6. The source applies the transform D = D ^ Ys mod C and transmits that to the destination
7. The destination finally applies D = D ^ Yd mod C, and in this final transform retrieves the unencrypted data.

Tripling the bandwidth requirements doesn't seem like a very efficient solution.
Unbreakable encryption is pointless if it isn't practical.

Re:I laugh ... (3, Interesting)

swillden (191260) | more than 4 years ago | (#27759891)

... when an organization claims that they're going to provide something that's unbreakable [securityfocus.com] The claim is usually an open invitation to reduce the "unbreakable" object to ashes.

This one has already been under discussion and review by the cryptologic community for several years now. It has received a lot of attention by the top academic cryptographers, as well as by government organizations like the NSA.

Never say never, and I'm sure the "unbreakable" word came from management or from news agencies, not the authors of the protocol, but I'll be very surprised if this is broken.

Re:It scares me when ... (2, Interesting)

Anonymous Coward | more than 4 years ago | (#27759189)

I guess it's perfectly OK. It withstood 3 years of in-agency cracking. Now they want to see whether it will survive in the wild. What better method than to claim it is unbreakable? If it has vulnerabilities known to modern cryptoanalysis, all the tech news will laugh and point at them - quite an easy event to spot. Some people are not afraid to be laughed at if they get what they need...

Re:It scares me when ... (1)

plover (150551) | more than 4 years ago | (#27759853)

Consider the source. You've got a manager telling you it's unbreakable. Perhaps his cryptographers said to him "it's a good protocol, fixes the weakness in this previous protocol, and FOR ALL YOU KNOW it's unbreakable." They maybe didn't say those capitalized words out loud, because they figured their boss wouldn't know the difference anyway. But they forgot their boss might blab it on to someone else that way.

My point is this is the kind of phrasing that comes out of the mouths of higher-ups who don't know that "unbreakable" has a lot of negative connotations in the cryptographic community, and is usually associated with naïve or unscrupulous snake-oil salesmen.

Hmm (0)

Anonymous Coward | more than 4 years ago | (#27759143)

I'm guessing that the publicity around this will soon result in dePLACID.

Yeah Right... (4, Insightful)

Frosty Piss (770223) | more than 4 years ago | (#27759175)

Given Australian government's views on privacy, I wonder when the back door will be discouvered? Or is looking for it agianst the law?

Re:Yeah Right... (0)

Anonymous Coward | more than 4 years ago | (#27759313)

Given Australian government's views on privacy, I wonder when the back door will be discouvered? Or is looking for it agianst the law?

The back door was already discovered. That's why they are encouraging everyone to use it for free now...

Re:Yeah Right... (0)

Anonymous Coward | more than 4 years ago | (#27759573)

which are? (with references)

Re:Yeah Right... (3, Informative)

swillden (191260) | more than 4 years ago | (#27759915)

Given Australian government's views on privacy, I wonder when the back door will be discouvered? Or is looking for it agianst the law?

Look at the protocol. It's so simple that there's virtually no way for a back door to exist.

Implementations can have back doors, of course, but that's a separate issue.

Re:Yeah Right... (1)

snarfies (115214) | more than 4 years ago | (#27760403)

I wounder when you'll discouver you doun't need to insert extra "u"'s after every "o".

Re:Yeah Right... (0)

Anonymous Coward | more than 4 years ago | (#27760689)

I'll bet your desk, keyboard, and monitor are covered in dried cum.

Mmmh (5, Insightful)

Britz (170620) | more than 4 years ago | (#27759179)

"Here, have my lock and key. Nobody will be able to get into your home. Except, maybe, me :-)"

Re:Mmmh (2, Insightful)

MobyDisk (75490) | more than 4 years ago | (#27759963)

They aren't giving a way the lock and key. They are giving away a design for locks and keys.

Oh... they use two crypto algorithms (1)

Morphine007 (207082) | more than 4 years ago | (#27759269)

... that must mean it's secure {\sarcasm}

FTFA: Centrelink documents reported the hackers cannot break the PLAID protocol because it uses two cryptographic algorithms in its scrambling process in rapid succession - typically less than a quarter of a second - whereas other systems use a single algorithm.

Re:Oh... they use two crypto algorithms (0)

Anonymous Coward | more than 4 years ago | (#27759493)

yeah. It's like using two virus scanners! Doubly secure!

contactless smart cards are the way to go (2, Interesting)

Lord Ender (156273) | more than 4 years ago | (#27759293)

Imagine government IDs had contactless smart cards with certificates on them keyed to an ID database managed by the government (for revocation purposes and identity information). Now imagine contactless smart card readers were standard equipment in PCs.

You would just need one card in your wallet to log you in to any computer or web site, make purchases, board planes or trains... anything! No more wasted effort on having a hundred weak authentication cards and passwords. You have one strong authentication method that can't be forged, or at least not without fantastically more effort than forging a check or credit card.

Enormous economic and security benefit.

Re:contactless smart cards are the way to go (3, Interesting)

Trikki Nikki! (1516301) | more than 4 years ago | (#27759349)

You would just need one card in your wallet to log you in to any computer or web site, make purchases, board planes or trains... anything! No more wasted effort on having a hundred weak authentication cards and passwords. You have one strong authentication method that can't be forged, or at least not without fantastically more effort than forging a check or credit card.

Enormous economic and security benefit.

Until you lose your wallet and the person who finds it has complete control to ruin every aspect of your life connected to said card... ...

Re:contactless smart cards are the way to go (4, Interesting)

Burkin (1534829) | more than 4 years ago | (#27759393)

Until you lose your wallet and the person who finds it has complete control to ruin every aspect of your life connected to said card... ...

Yes, because clearly they would have no system to revoke lost cards.

Re:contactless smart cards are the way to go (2, Funny)

Anonymous Coward | more than 4 years ago | (#27759437)

"To revoke privileges to your lost card, please validate your identity by presenting your smart card"

Re:contactless smart cards are the way to go (2, Interesting)

leonardluen (211265) | more than 4 years ago | (#27760365)

yes because the govt. has shown such wisdom in the past by making it easy to replace social security numbers

Re:contactless smart cards are the way to go (4, Insightful)

profplump (309017) | more than 4 years ago | (#27761135)

The government never issued SSN with the intent of being a universal identifier.

Re:contactless smart cards are the way to go (0)

Anonymous Coward | more than 4 years ago | (#27760471)

Depends on how fast you can get it revoked. You find out two hours later your wallet is stolen, and it takes another couple hours to make phone calls or go somewhere (which may require the card to get to) to actually disable it. And if it were easy enough to just call, give your name, and the card is disabled... well, then some people might be making some practical jokes by turning off someone else's card. So several hours go by while your bank account is drained and your personal information stolen. Oh, and he's already halfway around the world.

Re:contactless smart cards are the way to go (1)

Burkin (1534829) | more than 4 years ago | (#27761423)

Depends on how fast you can get it revoked...So several hours go by while your bank account is drained and your personal information stolen. Oh, and he's already halfway around the world.

And this is any different than if someone steals your wallet today, how?

Re:contactless smart cards are the way to go (1)

Archangel Michael (180766) | more than 4 years ago | (#27759503)

Until you lose your wallet and the person who finds it has complete control to ruin every aspect of your life connected to said card... ..

That's why we should embed them into peoples arms and if they start cutting those off, use their forehead!

I read about this in some old archaic book somewhere.

Re:contactless smart cards are the way to go (1)

Lord Ender (156273) | more than 4 years ago | (#27759741)

1) PKI systmes have revocation, so you're wrong.

2) A good PKI system would have an online photo database, so you're wrong unless the guy looked like you and you have not had your card revoked

Re:contactless smart cards are the way to go (1, Insightful)

Anonymous Coward | more than 4 years ago | (#27759355)

Especially if I find your wallet after you lose it.

Re:contactless smart cards are the way to go (2, Interesting)

UberOogie (464002) | more than 4 years ago | (#27759371)

And now imagine that the system is compromised, and complete identity theft is available to anyone who can crack that one database.

Re:contactless smart cards are the way to go (1)

Morphine007 (207082) | more than 4 years ago | (#27759481)

And given the level of exposure a system like that could have (especially if it gets used as widely as the GP suggests) and the probability of a compromise gets increasingly large. Especially given how insanely "juicy" it would be, as a target.

Re:contactless smart cards are the way to go (1)

Burkin (1534829) | more than 4 years ago | (#27759483)

Because identity theft is so hard today considering, in the US for example, you can find pretty much all the pertinent information you need from public sources?

Re:contactless smart cards are the way to go (1)

maxume (22995) | more than 4 years ago | (#27759921)

Stop saying identity theft. For one thing, someone obtaining that information isn't the problem, the fact that banks and other institutions pretend that it is sufficient verification of identity is the problem (treating the institutions as if they were complicit to fraud would quickly motivate them to do better).

Building the system in a way that requires the identity card to make transactions would drastically mitigate the problems with database violations (but you need to make sure that insiders are not issuing illegitimate cards).

Re:contactless smart cards are the way to go (0)

Anonymous Coward | more than 4 years ago | (#27760631)

And now imagine that the system is compromised, and complete identity theft is available to anyone who can crack that one database.

And now imagine what happens when a pissed off or paranoid system operator completely revokes access rights to everyone within the base.

Yes, fun times to be had by all!

Re:contactless smart cards are the way to go (3, Interesting)

drinkypoo (153816) | more than 4 years ago | (#27759399)

Enormous economic and security benefit.

Yes, for just $429.95 I will sell you a very nice mask and a programmable contactless identity chip. Enormous economic benefit to me, enormous security benefit to you. Well, it will benefit you in bypassing security, and framing someone for a crime anyway.

You still need at minimum two-factor authentication to be secure, so you're still going to need a PIN for non-trivial uses. However, even non-trivial uses could be enough to get you into plenty of trouble.

It's not hard to consolidate multiple usernames and passwords down to a single username and password. This is done for users through any number of freely available schemes. This is preferable to concentrating them down to a single system which, when corrupted (not "if") will permit virtually unlimited abuse. I do not believe that you are so helpless that you need government to assist you with password management. Therefore I submit that you are trolling. You could call it sarcasm if you had left any clues in your comment. Perhaps you used > rather than &amp; someplace?

Re:contactless smart cards are the way to go (1)

swillden (191260) | more than 4 years ago | (#27759951)

Yes, for just $429.95 I will sell you a very nice mask and a programmable contactless identity chip

That's rather expensive. Programmable contactless chips are available in engineering quantities for less than $10 and large quantities for less than $2.

And what good does it do to have a chip? To fake someone's identity, what you need is their KEY so you can put it in a chip.

Re:contactless smart cards are the way to go (0)

Anonymous Coward | more than 4 years ago | (#27759595)

And how long before using your ID will be mandatory for using any PC?

Re:contactless smart cards are the way to go (1)

marcello_dl (667940) | more than 4 years ago | (#27759649)

what if the host where i log in is compromised? Even if it could not do Man in the middle attack because the session is secured from the smart card to the destination, it could intercept and pilot mouse and keyboard events and screen display so your bank withdrawal becomes 100$ to you and 900$ to the hacker.

The trust put in the system and its centralized nature would turn any security breach into a nightmare.

Besides, how much you trust your government with access to all your money and movement and online activity? Judging from how they make laws pertaining to IT E-voting and even intellectual property, I'd depend from the governments as little as possible.

Re:contactless smart cards are the way to go (1)

Lord Ender (156273) | more than 4 years ago | (#27759705)

I am referring to a strong authentication system. The government would have no control over bank accounts or anything like that. It would simply enable me to prove to my bank that I am me.

None of the security issues you attempt to describe are unique to smartcard-based authentication systems.

Why a single card? (1)

pavon (30274) | more than 4 years ago | (#27759825)

Consolidating this to a single card would be utterly retarded, as it provides both the issuer (the government) and entities that you do business with far more information about you than they need to know, and it greatly increases the consequences when a card is compromised.

On the other hand, having a standard authentication mechanism which was integrated into most computers would be very useful. Then when my bank issued me a pin-and-chip credit card, I would know that it worked with my computer as well as at the grocery store. Your ISP could issue you one which you could use for signing/encrypting email (using S/MIME where they manage the public key repository, and the card has your private key). Same for all these other cards that I carry in my wallet.

No need to get the government involved at all.

Re:Why a single card? (1)

Lord Ender (156273) | more than 4 years ago | (#27759889)

Consolidating this to a single card would be utterly retarded, as it provides both the issuer (the government) and entities that you do business with far more information about you than they need to know,

No, you're wrong. It would provide only identity/authentication information. No more.

Re:Why a single card? (1)

profplump (309017) | more than 4 years ago | (#27761229)

It would be difficult (not necessarily impossible, but hard) to allow verification of ID through government-controlled systems without either also allowing the government to tell when and where you are authenticating or being very difficult to revoke the card.

Bad idea to combine ID with payment (1)

TheLink (130905) | more than 4 years ago | (#27760587)

It is bad "hygiene" to combine ID with payment.

It is better to have at least two types of cards. One for official ID - which should rarely leave my sight.

And one for payment, which I could pass to someone else for a short time.

So if something happens to the payment card or cert (damaged or lost), I can apply for another payment card.

While waiting for a new payment card to be issued, I can still prove I am me, with my ID card.

Putting that all on one card makes that hard.

Currently, I take out my ID card from my wallet far more rarely than I take out my credit cards. So it's the credit cards that are more likely to get lost or damaged.

A combined ID+payment card would mean the card gets used more often and thus more likely to get lost, damaged or revoked.

Re:contactless smart cards are the way to go (1)

griffinme (930053) | more than 4 years ago | (#27760733)

Yes, giving the government the perfect tool to track everywhere you go, what you do, what you say and what you buy sounds like a great idea. No way that would ever get abused.

Paranoid? Maybe, but then I am amazed how we sheep pay to carry around personal tracking devices(cell phone). Now were did I put that tinfoil hat?

Re:contactless smart cards are the way to go (1)

jonnyt886 (1252670) | more than 4 years ago | (#27761017)

> Enormous economic and security benefit.

Until your central database gets hacked, or those managing it are bribed into submission by some dubious third party for political or commercial gain.

In theory it sounds like a perfect system, but in reality you need decentralisation to get over the fallen nature of humans - the internet is a good example.

Surviving design... (3, Funny)

knifeyspooney (623953) | more than 4 years ago | (#27759353)

...which withstood three years of design and testing by Australian and American security agencies

Anything that withstands three years of attempted government design must be robust indeed.

PLAID 6 Protocol (4, Informative)

Anonymous Coward | more than 4 years ago | (#27759367)

* Uses existing off-the-shelf symmetric and asymmetric crypto algorithms (SHA1, AES 256, RSA 1024, RSA 1984) tied together via the PLAID protocol
- Note - Neither SHA256 nor ECC are used at this time because production cards are either not obtainable from all vendors nor do they achieve the required performance, (in spite of theoretical advantage of ECC)
- Note - RSA 1984 is a trade off between performance and security, and ensuring the transaction fits in one APDU command.
* Fast & simple - less than 1/2 second (400ms) and the Java Card - applet is extremely small (about 4 Kb)
* Not clone-able, re-playable or subject to privacy or identity leakage
* Same protocol can be used for PACS/LACS & contact/contactless
* PIN can be verified when card-not-present by comparing PIN hash
- Saves user having to hold contactless card to reader during typical PKI session
* Mutual authentication Protocol
* Algorithms used are commercially available on virtually all modern smartcards including Java
Card, MULTOS, most SIMs and many proprietary cards
* Algorithms and their selected key lengths have been tested on production cards and devices to ensure speeds are real, not theoretical

* No IP issues - IP was developed solely by the Australian Government by its agency, Centrelink, and will be openly and freely licensed
* Designed to be used either stand-alone or as a bootstrap into other specifications like Australian IMAGE, US PIV, ICAO Passports etc.
* Supports multiple concurrent specs dependant on device request to card
- i.e. Card could supply Weigand number or CHUID or Centrelink CSIC or Passport MRZ etc etc dependant on use case
* Supports multiple (256) key sets dependant on device request to card
- i.e. there might be a "perimeter key set" and a "high security key set" and a "LACS key set" and an "administrative key set" etc etc and the terminal device only requests the one it requires, reducing the possibility of compromise of the others.
- The key sets can be rolled, by loading spare unused key sets (up to 255) in case of compromise (memory is the limitation)
* Optionally provides session keys for higher level specs
* Protocol can be registered and implemented under ISO/IEC 24727-3 and 6, and either used under ISO/IEC 24727or implemented separately

However:
Slightly slower than existing physical access Tag and proprietary solutions (by 0.2 to 0.3 seconds)
- Keys MUST be distributed & managed
* Vendors need to build key management for PLAID into existing or new key management systems. (Centrelink vendor is doing this for LACS)
* PACS using older Weigand technologies need secure SAM devices in the readers
* Newer PACS can utilise back end HSM devices/SAMs on the network or in distribution frames

Withstood? (1)

camperdave (969942) | more than 4 years ago | (#27759411)

...Protocol for Lightweight Authentication of ID (PLACID), which withstood three years of design and testing by...

Withstood three years of design? What the blazes does that mean?

Boss 0: Here is all the material we have on the PLACID system. I want you to design it.
Agent X: Right away, Boss!

... three years later

Agent X: Sorry Boss. Me and my team have been trying for three years. PLACID simply withstands all attemps at being designed.
Boss 0: I was afraid of that. We'll have to release it to the public, and see if those open source people can get it designed. Pity. It looked like a good system.
Agent X: That it did, Boss.
Boss 0:Oh, well. On to your next assignment. I want you to... Hey! What's this wire? It shouldn't be her*&($@#^$ No Carrier.

Re:Withstood? (0)

Anonymous Coward | more than 4 years ago | (#27760331)

I think you've described the basic scheme of all government-funded projects. "First, create a project specification from which nothing can be designed. Then, spend a set timeframe attempting the impossible, and release the results."

FYI: For the smart card unaware (1)

mpapet (761907) | more than 4 years ago | (#27759475)

Stories like this frequently conflate the smart card goings-on with the system functions.

In this case, the newsy bit about the smart card is they apparently have a new protocol for authenticating from the smart card. For those that don't know, there are many kinds of smart cards including ones that have an operating system on-board. Their protocol is probably employed on top of the smart card OS. Yes, you too can write your own authentication protocol and use it on a smart card.

The backend system appears to have new automagical features related to the status of the employee. Don't confuse the two like the summary has.

OT, I have always thought that "the way forward" in infosec was loosely decentralized smart card infrastructure, but the powerful among us like their power optimized and centralized. Too bad two, the only smart card developers left work exclusively for gov't contractors.
Even further OT: A 'fun' OSS project for those inclined would be to port a BSD to one of these low-cost suckers. http://www.st.com/stonline/stappl/productcatalog/app?path=/comp/stcom/PcStComRPNTableView.onClickFromProductTree&primaryheader=Smartcard%20ICs&secondaryheader=ST32%2032-bit%20Smartcard%20ICs%20for%20Mobile&subclassheader=ST32%2C%2032-bit%20Flash%20Microcontrollers&subclassid=1192.0&count=3&producttype= [st.com]

In theory, these have a crypto accelerator: http://www.st.com/stonline/stappl/productcatalog/app?path=/comp/stcom/PcStComRPNTableView.onClickFromProductTree&primaryheader=Smartcard%20ICs&secondaryheader=ST19%20Smartcard%20ICs&subclassheader=ST19%2C%20Crypto-Processor%20Solutions&subclassid=1118.0&count=4&producttype= [st.com]

Spaceballs (3, Funny)

GordonCopestake (941689) | more than 4 years ago | (#27759477)

Dark Helmet: Yes, we're gonna have to go right to ludicrous speed... Lonestar: It's Spaceball 1. Barf: They've gone to plaid! ...

They skipped lightspeed? (0)

Anonymous Coward | more than 4 years ago | (#27759549)

and went straight to PLAID? Are they crazy or just big helmeted!

Worthy of trust? (1)

DoofusOfDeath (636671) | more than 4 years ago | (#27759571)

It seems like the NSA and other intelligence agencies around the world have a real trust problem.

On the one hand, they make some of their living out of breaking codes. And worse, as we saw with the NSA illegal wiretapping, they're not necessarily acting in legal ways or in the interests of the general public.

So for that reason, we citizens have a good reason to distrust anything they say, especially large wooden statues of horses.

On the other hand, the NSA et al also have a desire (we believe) to help the businesses in a country be genuinely secure, to avoid the economic disadvantage the country has when criminals or foreign intelligence agencies crack into the businesses' computers. And the NSA et al would know that if the protocol was crackable by themselves, foreign intelligence agencies might not be far behind. So the NSA et al might really be offering a protocol that they can't currently crack in a reasonable amount of time.

So for that reason, it's plausible that the protocol really is quite secure, even from supposedly friendly security agencies.

I'm not sure how the average business is supposed to figure out which of those things is the case. Or is it a moot point, because at the very least, such a protocol is likely to be resilient to criminals, and as the "blessed" protocol, would provide some legal cover in the case of a data breach?

Getting PLAID (3, Funny)

sakonofie (979872) | more than 4 years ago | (#27759599)

I'm just waiting for the advertisement that says:

I can't wait to get PLAID by the Australian government.

Security requires processing power... (0)

Anonymous Coward | more than 4 years ago | (#27759669)

Strong security requires a lot of processing power. If this secure card can not support a lot of MIPS security is weak. That may just be fine if the secrets one is trying to hide are low value. Otherwise, it ain't good enough.

Good for them (1)

MazzThePianoman (996530) | more than 4 years ago | (#27759715)

It is nice to see a little social responsibility out there. More people should read up and adopt similar business models such as Ben & Jerry's Ice Cream which is proof one can be both successful and socially responsible in business.

Oblig ... (0, Redundant)

krou (1027572) | more than 4 years ago | (#27759841)

Barf: What the hell was that?
Lone Starr: Spaceball One Encryption.
Barf: They've gone to plaid!

Sigh... I give it 6 months once its in the open (1)

RaigetheFury (1000827) | more than 4 years ago | (#27759989)

The problem is some people LIVE for challenges like this and it's an ecryption method based off of other encryption methods. That means there is only 1 piece of the puzzle to figure out.

My concern is that they (the government) suddenly say that all ID's must be tied to this and like several posts above... now someone who knows how to crack this and tag a specific person now has access to everything about them. Banking, health records etc...

Doesn't jibe (1)

moxley (895517) | more than 4 years ago | (#27760271)

Why don't I think the US or Aussie government (especially the Aussies, given their recent track record on civil liberties and disregarding privacy concerns of their citizens) would give away an "unbreakable" form of crypto?

My feeling is that they must have a backdoor into this, and that makes me suspicious.

It seems to me it might be more like "Here, use this, this is great encryption, nobody can crack it." Well, it may be unbreakable - but what if they have a master key or something?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...