Centrelink issues $500k unbreakable code for free
- 29 April, 2009 10:59
- Comments 6
Centrelink will release its $560,000 smart card identification protocol for free in an attempt to buy-back security systems based on the technology.
The welfare agency claims the Protocol for Lightweight Authentication of ID (PLAID) has withstood three years of design and testing by Centrelink, the Australian Defence Signals Directorate and the US National Institute of Standards and Technology without fault.
Centrelink, which has one of the country's most advanced physical and logical converged security systems, will use the protocol in its incoming fleet of contactless smartcards currently under trial by staff. These will replace the existing identity cards that operate on PKI encryption. The agency designed its converged security system with Novell to allow staff to access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments.
Minister for Human Services senator Joe Ludwig said the PLAID will fill vulnerabilities in Centrelink's converged security which have previously been vulnerable to hackers. “Until now, existing technology in this field has been at risk of breach by hackers,” Ludwig said in a statement. “But PLAID will prevent the cracking of authentication systems and foil the cloning of smartcards and other system-access devices.” Centrelink hopes the protocol will be adopted across government.
The agency has about 26,000 employees and administers more than $70 billion in payments and services to some 6.5 million customers each year.
Centrelink documents reported the hackers cannot break the PLAID protocol because it uses two cryptographic algorithms in its scrambling process in rapid succession — typically less than a quarter of a second — whereas other systems use a single algorithm.
“PLACID is the only system that preserves the privacy of the cardholder from ID leakage. Other systems 'talk' from card to mainframe using easily captured personal information and unique identifiers in the ID-authentication process,” the documents reported. Centrelink claims hackers cannot read query data between the terminals and smartcards even if it is intercepted because of the scrambling feature.
The protocol will be available on www.govdex.gov.au.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
-
Jailbreak of Apple iOS 5.1.1 due 'in days'
-
Nokia launches new Windows Phones
-
Nokia Lumia 900, 610 heading Down Under
-
Consider desktops in the cloud for BYOD
-
Samsung Apps store hits 100 million downloads
-
Office 2007 for Dummies
-
Microsoft Office
-
Windows 7 for Dummies® Dvd+book Bundle
-
Computers for Seniors for Dummies, 2nd Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Teach Yourself Visually Windows 7
-
Office 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Dummies®
-
Windows 7 for Seniors for Dummies®
Comments
Anonymous
PLACID?
Is the system called PLACID or PLAID?
There's seems to be a typographical error in the article.
Darren
Much appreciated
Rob
No crypto algorithm is unbreakable
It's simply how much computing power and time you want have available. Brute force attack can always decipher any given plaintext, but at a significant cost. If the time/cost is > the value of the information then the cipher is good, if not, its bad.
Happy hacking.
Rob
Anonymous
Waste of tax payers money!!!
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this???
Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say its a COTS solutions. Who do they think they are?
Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I dont believe Centerlink has any reason what so ever for smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification.
Even if there were really requirements for such a secure protocol for contactless smartcards, then there are a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities.
...just another example of agencies with not enough accountability overstepping the mark of responsibility
Anonymous
(No subject)
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this??? Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say it’s a COTS solution. Who do they think they are? They have no understanding of the commercial realities of vendors who provide these solutions. No mention of who is actually going to implement this protocol to provide the return on the investment made by the tax payer, and which they have decided to give away for free! Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I don’t believe Centerlink has any reason what so ever to be developing smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification. Even if there were really requirements for such a secure protocol for contactless smartcards, then there s a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities. ...just another example of agencies with not enough accountability overstepping the mark of responsibility
oswald Brugemans
Centerlink smart card
Smart Card! the smarter the carts or technoligy the dummer the people becomes. and the more political misuse of sutch , take my case , I imbarist MR Philip rudock years ago, he use Centerlink and other departments to discredit me . to the fact they call me a criminal, dipriving me of perchase priflages , with acusation of aperently you been arestested , weeks later I optained a national police clearens of no such thing . is this a smart card or a way to avodt acountability. even today , Centerlink stated it is fare to asume , based on such asumbtions took away my pention , and stole 114 000. of the panick sale of my house , garnished !
I have now my money back, but what dit it cost me , !?
do you think Centerlink apoligized for there fare to asume statmend . they have no idear what they coused me and my family , should such athoritive provlages be misused by these criminals ??
Post new comment