Centrelink
Smart Card Technical Issues Starter Kit
Chapter 4

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 8 April 1998

© Xamax Consultancy Pty Ltd, 1998

This document was prepared for Centrelink. Its purpose was to support the consultation process between Centrelink and privacy advocates, during a project that was intended to lay the foundations for a variety of projects for Centrelink's client agencies that it was anticipated would involve smart cards

This is chapter 4 of an 8-part document whose contents-page is at http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html


4. Data Transmission Security

This section addresses a particular segment of the more general area of the security of computer-based systems and the data stored in them, which is relevant to the application of smart cards. It focuses on the security of data while it is being transmitted.

This section comprises revised excerpts from:

Clarke R. (1996) 'Data Transmission Security Risks', May 1996

Clarke R. (1996) 'Data Transmission Security (or 'Cryptography in Plain Text')' Privacy Law & Policy Reporter 3, 2 (May 1996), pp. 24-27


4.1 Data Transmission Security Risks

When a message is sent from one person or organisation to another, over a communications link, the following risks exist:

  1. non-receipt of a message by the intended recipient, which may be:
  2. access by an unintended person or organisation, which may be to:
  3. change to the contents while in transit, whose cause may be:
  4. receipt of a false message, by which is meant a message that purports to come from a particular sender, but which that person or organisation did not in fact send. The cause may be:
  5. wrongful denial or repudiation, which may be an act by:

4.2 Requirements for Data Transmission Security

To address the risks identified above, a security regime must satisfy the following requirements:

  1. 'confidentiality', or message transmission security. This comprises two separate requirements, that, during a message's transit from sender to receiver:
  2. integrity of data content. This requires that the recipient can be sure that, whether accidentally, or because of an action by any party:
  3. authentication of the sender and recipient. This requires that:
  4. non-repudiation by the sender and recipient. This requires that:

4.3 A Data Transmission Security Regime

A complete protection regime to ensure that these requirements are satisfied comprises many measures, dealing with:

Protections cost money and time; and in many circumstances people and organisations accept relatively low levels of confidence in return for lower cost or higher speed. In particular, different levels of security regime quality are likely to be applied to defence communications, funds transfers, normal business communications, and social communications.


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 14 July 1998

Last Amended: 14 July 1998


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916