Roger
Clarke
Principal,
Xamax
Consultancy Pty Ltd, Canberra
Visiting Fellow,
Department
of Computer Science,
Australian
National University
Version of 8 April 1998
© Xamax Consultancy Pty Ltd, 1998
This document was prepared for
Centrelink.
Its purpose was to support the consultation process between Centrelink and
privacy advocates, during a project that was intended to lay the foundations
for a variety of projects for Centrelink's client agencies that it was
anticipated would involve smart cards
This is chapter 4 of an 8-part document whose contents-page is at
http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html
This section addresses a particular segment of the more general area of the
security of computer-based systems and the data stored in them, which is
relevant to the application of smart cards. It focuses on the security of data
while it is being transmitted.
This section comprises revised excerpts from:
Clarke R. (1996)
'Data
Transmission Security Risks', May 1996
Clarke R. (1996)
'Data
Transmission Security (or 'Cryptography in Plain Text')' Privacy Law
& Policy Reporter 3, 2 (May 1996), pp. 24-27
When a message is sent from one person or organisation to another, over a
communications link, the following risks exist:
- non-receipt of a message by the intended recipient, which
may be:
- accidental (e.g. through mis-addressing of the message, or loss in
transit); or
- intentional (e.g. through interception and non-re-transmission by a third
party, delivery to an imposter instead of the intended recipient, or
non-transmission by a message-carrier);
- access by an unintended person or organisation, which may
be to:
- the contents of the data; or
- just to the fact that a message passed between that particular sender and
that particular receiver.
- and whose cause may be:
- accidental (e.g. through mis-addressing of a message); or
- intentional (e.g. through interception in transit, delivery to an
imposter, or unauthorised access by a message-carrier);
- change to the contents while in transit, whose cause may
be:
- accidental (e.g. through corruption in transit, or misinterpretation by
the sender's or the receiver's software); or
- intentional (e.g. through interception, change and re-transmission by some
other party, including the message-carrier);
- receipt of a false message, by which is meant a message
that purports to come from a particular sender, but which that person or
organisation did not in fact send. The cause may be:
- accidental (e.g. re-transmission of a duplicate message); or
- intentional (e.g. creation of a message by an imposter. This is commonly
referred to as 'spoofing');
- wrongful denial or repudiation, which may be an act by:
- a message-sender claiming that they did not do send it; or
- a message-recipient claiming that they did not receive it.
To address the risks identified above, a security regime must satisfy the
following requirements:
- 'confidentiality', or message transmission security.
This comprises two separate requirements, that, during a message's transit from
sender to receiver:
- no observer can access the contents of the data; and
- no observer can identify the sender and receiver.
- integrity of data content. This requires that the
recipient can be sure that, whether accidentally, or because of an action by
any party:
- the data has not been changed or lost during transmission;
- a message has not been prevented from reaching the recipient; and
- a message has not reached the recipient twice;
- authentication of the sender and recipient. This
requires that:
- the sender can be sure that the message reaches the intended recipient,
and only the intended recipient; and
- the recipient can be sure that the message came from the sender and not an
imposter. The act by an imposter of sending such a message is referred to as
'spoofing';
- non-repudiation by the sender and recipient. This
requires that:
- the sender cannot credibly deny that the message was sent by them; and
- the recipient cannot credibly deny that the message was received by them.
A complete protection regime to ensure that these requirements are satisfied
comprises many measures, dealing with:
- communications channels;
- the computers and software used by the sender, the receiver and
communications services providers; and
- organisational arrangements and procedures.
Protections cost money and time; and in many circumstances people and
organisations accept relatively low levels of confidence in return for lower
cost or higher speed. In particular, different levels of security regime
quality are likely to be applied to defence communications, funds transfers,
normal business communications, and social communications.
Go to
Roger's
Home Page.
Go to
the
contents-page for this segment.
Send
an email to Roger
Created: 14 July 1998
Last Amended: 14 July 1998
| These community
service pages are a joint offering of the Australian National University (which
provides the infrastructure), and Roger Clarke (who provides the content).
| |