Just a silly pun to introduce an old, grave issue: the level of security in smartcard technology.

This particular matter is strongly debated all over the world but just in these days it is a very hot  topic in Australia, where citizens are wondering if Australian health service system will be safer after the introduction of chip technology.

IT experts say it won’t.

Australian government has recently approved the introduction of a digital card that will be compulsory for any Australian who wants to access up to 16 other government health and welfare services. Such card will replace the old Medicare card that was first introduced in 1984...

The new card will be a further development of the project approved in 2004 about the adoption of smartcard technology, which is currently used in mobile SIM cards and credit cards.

This solution was chosen because smart technology is considered as safer than magnetic stripe technology, which is still employed by most Australian financial institutions. However, according to IT experts , just the aspect of security could represent a weak point for similar chips.

Liam Lennon, manager for smartcard products at the Australian firm Keycorp, says that it could take an individual hundreds of years to guess the right key sequence to access data on the card.

But in spite of this he admits that “No cryptographic or security scheme is 100 per cent effective because what one person can build, another person can break."

He gets on saying that chip technology is undoubtedly more difficult to unlock than magnetic stripe technology, and cyber criminals will get on following the easiest path until chips will become so prevalent their only choice will be to attack smartcards.

"If there are magnetic stripe cards in the market and there are smartcards in the market, they'll go for the easiest solution first," he said.

Cold comfort!

Government’s primary concern is about the possibility of forged cards, invasion of privacy and identity theft, and according to Adrian McCullagh, researcher at the Queensland University of Technology's Information Security Institute, it is already possible to identify a vulnerability in smartcard technology.

According to him, the problem is un the fact that the access card will store personal details in two parts of the chip.

One part is designed to file up information such as health alerts, blood type and emergency contact details. Both cardholder and other parties, such health professionals, will be allowed to access this information. The other, more secure part, will be only available to the government, and it will include sensitive data such as the cardholder's digitised signature, the card number, expiry date and personal identification number.

These two parts have to communicate with each other. This link represents a high-risk vulnerability, as Mr. McCullagh said.

"It is possible to exploit the open or non-secure section to get into the secure section,” he declared.

"You would probably start looking at the communications channel between the non-secure and the secure because that's where the vulnerability will be."

Comments Index (Total Messages: 2)

If nothing is secure than what? Written by bobysolo on 2007-02-27 18:22:39

Ok : let me known Written by Guest on 2007-02-28 11:39:57

Powered by a Zone-H(ified) version of AkoComment 3.0!