Centrelink issues $500k unbreakable code for free
- 29 April, 2009 10:59
- Comments 4
Centrelink will release its $560,000 smart card identification protocol for free in an attempt to buy-back security systems based on the technology.
The welfare agency claims the Protocol for Lightweight Authentication of ID (PLAID) has withstood three years of design and testing by Centrelink, the Australian Defence Signals Directorate and the US National Institute of Standards and Technology without fault.
Centrelink, which has one of the country's most advanced physical and logical converged security systems, will use the protocol in its incoming fleet of contactless smartcards currently under trial by staff. These will replace the existing identity cards that operate on PKI encryption. The agency designed its converged security system with Novell to allow staff to access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments.
Minister for Human Services senator Joe Ludwig said the PLAID will fill vulnerabilities in Centrelink's converged security which have previously been vulnerable to hackers. “Until now, existing technology in this field has been at risk of breach by hackers,” Ludwig said in a statement. “But PLAID will prevent the cracking of authentication systems and foil the cloning of smartcards and other system-access devices.” Centrelink hopes the protocol will be adopted across government.
The agency has about 26,000 employees and administers more than $70 billion in payments and services to some 6.5 million customers each year.
Centrelink documents reported the hackers cannot break the PLAID protocol because it uses two cryptographic algorithms in its scrambling process in rapid succession — typically less than a quarter of a second — whereas other systems use a single algorithm.
“PLACID is the only system that preserves the privacy of the cardholder from ID leakage. Other systems 'talk' from card to mainframe using easily captured personal information and unique identifiers in the ID-authentication process,” the documents reported. Centrelink claims hackers cannot read query data between the terminals and smartcards even if it is intercepted because of the scrambling feature.
The protocol will be available on www.govdex.gov.au.
Come socialise with us! Facebook | LinkedIn
- Bookmark this page
- Share this article
- Got more on this story? Email ARN
- Follow ARN on twitter
- Churchtown Primary School UK Primary School Chooses Aerohive's Reliable, Manageable, Scalable and Economical Controller-less Wireless LAN Architecture
- Aberdeen Group: Building Business Resilience Through Active Archive
- What is Wireless 2.0
- Market Potential-Strategy Guide to the Active Archive Market
- Red Light In the Control Centre Saves Hours of Chaos
-
REVIEW: Is the Samsung Galaxy Tab 10.1 the new king of Android tablets?
-
MySpace: The next hot social network?
-
Datacom joins AFP, Microsoft and ninemsn to support ThinkUKnow
-
Lenovo awarded NSW DET netbook contract
-
Telstra-NBN Co wholesale broadband agreement “imminent”
Get exclusive access to ARN's news, research and invitation only events. 
Comments
Anonymous
Waste of tax payers money
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this??? Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say it’s a COTS solution. Who do they think they are? Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I don’t believe Centerlink has any reason what so ever for smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification. Even if there were really requirements for such a secure protocol for contactless smartcards, then there s a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities. ...just another example of agencies with not enough accountability overstepping the mark of responsibility
Anonymous
Waste of tax payers money!!!
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this??? Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say it’s a COTS solution. Who do they think they are? They have no understanding of the commercial realities of vendors who provide these solutions. No mention of who is actually going to implement this protocol to provide the return on the investment made by the tax payer, and which they have decided to give away for free! Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I don’t believe Centerlink has any reason what so ever to be developing smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification. Even if there were really requirements for such a secure protocol for contactless smartcards, then there s a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities. ...just another example of agencies with not enough accountability overstepping the mark of responsibility!
Anonymous
waste of money
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this??? Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say it’s a COTS solution. Who do they think they are? They have no understanding of the commercial realities of vendors who provide these solutions. No mention of who is actually going to implement this protocol to provide the return on the investment made by the tax payer, and which they have decided to give away for free! Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I don’t believe Centerlink has any reason what so ever to be developing smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification. Even if there were really requirements for such a secure protocol for contactless smartcards, then there s a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities. ...just another example of agencies with not enough accountability overstepping the mark of responsibility
Anonymous
waste of money
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this??? Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say it’s a COTS solution. Who do they think they are? They have no understanding of the commercial realities of vendors who provide these solutions. No mention of who is actually going to implement this protocol to provide the return on the investment made by the tax payer, and which they have decided to give away for free! Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I don’t believe Centerlink has any reason what so ever to be developing smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification. Even if there were really requirements for such a secure protocol for contactless smartcards, then there s a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities. ...just another example of agencies with not enough accountability overstepping the mark of responsibility
Post new comment