Security
Dutch launch open-source smart card software project
A Dutch charity is funding an open-source project to design smart card software that offers stronger protection of personal data in light of security vulnerabilities found with cards used today in the U.S., U.K. and Netherlands.
Related links
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
NLnet Foundation will give €150,000 ($234,000) to Radboud University in Nijmegen, Netherlands, for the project, which will run through 2010, said Valer Mischenko, the foundation's general director.
The research and the code will be published for peer review, an open-source development model that can offer a stronger security model than undocumented, proprietary systems that dominate the smart-card market, Mischenko said. Companies will be able to use the software in future products, as it will be licensed under the GNU General Public License.
The need for more secure systems is clear. Researchers revealed last year security vulnerabilities in the Mifare Classic RFID (radio frequency identification) chip, which is used in up to 2 billion smart cards used for building access and public transportation systems worldwide.
The researchers figured out how the Mifare Classic's encryption algorithm worked, allowing them to obtain the 48-bit encryption keys the cards used. With that information, it's possible to create a clone of the card or, in some cases, add money to the card for public transport systems, said Bart Jacobs, information security professor at Radboud University.
The Mifare card chips "are from the 90s," Jacobs said. "At the time when they were developed, there was little computing power on those chips."
Using more complex encryption algorithms requires more computing power, which potentially means that a person could have to stand at a turnstile longer during a transaction. One of the aims of the new research is to strengthen that encryption but still have the transaction take a second or less, Jacobs said.
"You don't want to stand before a gate 10 seconds before it opens," Jacobs said.
Another aim is increased privacy. London's transport agency, Transport for London (TFL), uses Mifare chips in its contactless payment system known as the Oyster card. Customers have a couple of options when getting the card: they can register it with TFL, which offers benefits such as free replacement if the card lost, or buy an unregistered one.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.