Australian Gov't Offers $560k Cryptographic Protocol For Free

mask.of.sanity writes "Australia's national welfare agency will release its 'unbreakable' AU$560,000 smart card identification protocol for free. The government agency wants other departments and commercial businesses to adopt the Protocol for Lightweight Authentication of ID (PLAID), which withstood three years of design and testing by Australian and American security agencies. The agency has one of Australia's most advanced physical and logical converged security systems: staff can access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments. PLAID, which will be available soon, is to be used in the agency's incoming fleet of contact-less smartcards that are currently under trial by staff. It will replace existing identity cards that operate on PKI encryption."

Surprisingly sedate acronym

[Sockatume]

Somehow that makes it more sinister than calling it "RAZORBAK" or "AOK JINGOSIM".

Yeah Right...

[Frosty Piss]

Given Australian government's views on privacy, I wonder when the back door will be discouvered? Or is looking for it agianst the law?

Mmmh

[Britz]

"Here, have my lock and key. Nobody will be able to get into your home. Except, maybe, me :-)"

I laugh ...

[Morphine007]

... when an organization claims that they're going to provide something that's unbreakable [securityfocus.com]

The claim is usually an open invitation to reduce the "unbreakable" object to ashes.

Re:contactless smart cards are the way to go

[Anonymous Coward]

Especially if I find your wallet after you lose it.

Re:Mmmh

[MobyDisk]

They aren't giving a way the lock and key. They are giving away a design for locks and keys.

Re:I laugh ...

[Confuse Ed]

3.The source and destination then compute Ys and Yd, respectively, such that their own X*Y is congruent to 1 mod (A*B). They do not share this information.

Should that be 1 mod ((A-1)*(B-1))?

I'm not that convinced that relying on the discrete logarithm problem (at the cost of 4x as much network communication) rather than directly on the factoring problem (like more commonly discussed PK based systems) has any additional security : aren't the 2 problems of identical complexity?

Re:A little more info

[oldhack]

If it's so unremarkable, what makes it worth half million Australian dollars, then? Unremarkable patent, perhaps?

Re:contactless smart cards are the way to go

[profplump]

The government never issued SSN with the intent of being a universal identifier.

Re:A little more info

[swillden]

If it's so unremarkable, what makes it worth half million Australian dollars, then? Unremarkable patent, perhaps?

How do you define the "worth" of a protocol?

Secure protocols are hard to design because there are a lot of subtle errors that can be made. It takes a lot of work by a lot of smart people to make sure that none have been -- and it's even harder if the protocol breaks new ground.

I suspect that the half-million figure is an estimate of how much has been put into the design and verification of the protocol. That's a goodly amount of work. Had the protocol been extremely novel, verifying it to the world's satisfaction would have been *much* more expensive that 0.5M AUD.

Re:A little more info

[PitaBred]

Hell, if you're really worried, make an "airlock" gate, where the outside door is free to open, but it is built like a faraday cage for the frequencies uses, and the reader is inside that.

Re:You are correct

[MobyDisk]

From the summary:

which withstood three years of design and testing by Australian and American security agencies.

I took that to mean the crypto-community had a long hard look at it.