Centrelink
Smart Card Technical Issues Starter Kit
Chapter 4

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 8 April 1998

© Xamax Consultancy Pty Ltd, 1998

This document was prepared for Centrelink. Its purpose was to support the consultation process between Centrelink and privacy advocates, during a project that was intended to lay the foundations for a variety of projects for Centrelink's client agencies that it was anticipated would involve smart cards

This is chapter 4 of an 8-part document whose contents-page is at http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html

4. Data Transmission Security

This section addresses a particular segment of the more general area of the security of computer-based systems and the data stored in them, which is relevant to the application of smart cards. It focuses on the security of data while it is being transmitted.

This section comprises revised excerpts from:

Clarke R. (1996) 'Data Transmission Security Risks', May 1996

Clarke R. (1996) 'Data Transmission Security (or 'Cryptography in Plain Text')' Privacy Law & Policy Reporter 3, 2 (May 1996), pp. 24-27

4.1 Data Transmission Security Risks

When a message is sent from one person or organisation to another, over a communications link, the following risks exist:

1. non-receipt of a message by the intended recipient, which may be:
   • accidental (e.g. through mis-addressing of the message, or loss in transit); or
   • intentional (e.g. through interception and non-re-transmission by a third party, delivery to an imposter instead of the intended recipient, or non-transmission by a message-carrier);
2. access by an unintended person or organisation, which may be to:
   • the contents of the data; or
   • just to the fact that a message passed between that particular sender and that particular receiver.
   • and whose cause may be:
     • accidental (e.g. through mis-addressing of a message); or
     • intentional (e.g. through interception in transit, delivery to an imposter, or unauthorised access by a message-carrier);
3. change to the contents while in transit, whose cause may be:
   • accidental (e.g. through corruption in transit, or misinterpretation by the sender's or the receiver's software); or
   • intentional (e.g. through interception, change and re-transmission by some other party, including the message-carrier);
4. receipt of a false message, by which is meant a message that purports to come from a particular sender, but which that person or organisation did not in fact send. The cause may be:
   • accidental (e.g. re-transmission of a duplicate message); or
   • intentional (e.g. creation of a message by an imposter. This is commonly referred to as 'spoofing');
5. wrongful denial or repudiation, which may be an act by:
   • a message-sender claiming that they did not do send it; or
   • a message-recipient claiming that they did not receive it.

4.2 Requirements for Data Transmission Security

To address the risks identified above, a security regime must satisfy the following requirements:

1. 'confidentiality', or message transmission security. This comprises two separate requirements, that, during a message's transit from sender to receiver:
   • no observer can access the contents of the data; and
   • no observer can identify the sender and receiver.
2. integrity of data content. This requires that the recipient can be sure that, whether accidentally, or because of an action by any party:
   • the data has not been changed or lost during transmission;
   • a message has not been prevented from reaching the recipient; and
   • a message has not reached the recipient twice;
3. authentication of the sender and recipient. This requires that:
   • the sender can be sure that the message reaches the intended recipient, and only the intended recipient; and
   • the recipient can be sure that the message came from the sender and not an imposter. The act by an imposter of sending such a message is referred to as 'spoofing';
4. non-repudiation by the sender and recipient. This requires that:
   • the sender cannot credibly deny that the message was sent by them; and
   • the recipient cannot credibly deny that the message was received by them.

4.3 A Data Transmission Security Regime

A complete protection regime to ensure that these requirements are satisfied comprises many measures, dealing with:

• communications channels;
• the computers and software used by the sender, the receiver and communications services providers; and
• organisational arrangements and procedures.

Protections cost money and time; and in many circumstances people and organisations accept relatively low levels of confidence in return for lower cost or higher speed. In particular, different levels of security regime quality are likely to be applied to defence communications, funds transfers, normal business communications, and social communications.

Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 14 July 1998

Last Amended: 14 July 1998

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).