شكراً على الإشادة وحيد و أوافقك نماماًً بما تطرقت إليه بالنسبة للخصوصيات المهدورة و عدم وجود آلية و قوانين تردع الذين تسول لهم أنفسهم المريضة بحشر أنوفهم بما لا يعنيهم من دون أي رخصة من صاحب الشأن. فأنا أعتقد أن البطاقة “الذكيّة” - و هو فعلاً إسم على غير مسمّى - ما هي إلّا ما فرزه بائع ممتاز على زبون لا يتمتع بقوى عقلية كاملة!

عدد الأنظمة التي تحتويه هذه البطاقة لا مبرر لها أبداً خصوصاً لعدم وجود آليات لحجم المعلومات المحتواه فقط لذوي الإختصاص حصرياً. فهنا لا كلمة سر تنفع و لا جهاز مبرمج لقرائة هذه البطاقات فيه فائدة إذا لم يكن هناك وعي وطني بإحترام الخصوصيّات مدعوم بقوانين صارمة تردع المتطفلين و المجرمين من إستغلال تلك المعلومات من غير وجه حق.

كلنا نعرف هشاشة النظم المتبعة في وزارات و مؤسسات الدولة، فإن لا تعلم ذلك كل ما عليك هو دخول أي قسم و مشاهدة شاشات العرض فسترى كلمات السر مكتوبة على تلك الشاشة أو إذا كان المستخدم يستحي قليلاً فكتب الكلمة على ملسق بوست إت و لسقها على أطراف الشاشة! أما إذا لم يعملوا ذلك فيختارون كلمات سر بسيطة جداً يمكن لطفل في السادسة من عمره تخمينها. فالسؤال هو هل توجد أي معايير في الحكومة تلزم إستخدام كلمات سر محصّنة؟ طبعاً لا، فإذهب مثلاً لأي مستشفى حكومي و أن أردت الدخول للموقف الخاص و هناك لائحة رقمية فإضغط

أخي حسن، شكرا جزيلا على حسن كتابتك وأدبك الجم وأحترم وجهة بل وأوافقك عليه أن البطاقة الذكية مبنية بطريقة هيكلية تجعل كل جهاز قارئ في أي إدارة حكومية متخصصة في قراءة ما يعنيها فقط.

ولكني شخصيا، ويشاركني الكثيرون، غير واثقين من قدرة وكفاءة الجهاز المركزي للمعلومات في البحرين من إدارة البطاقة الذكية والحفاظ على خصوصية المواطنين ومعلوماتهم الحساسة من خلالها.

فلم يثبت الجهاز حتى يومنا هذا كفاءته في المشاريع التي تبناها والسرية منتهكة ومخترقة سواء على شبكة الإنترنت من حيث سهولة اختراق المواقع الحكومية أم من حيث الأوراق السرية التي تخرج للعامة وتوزع عليهم من خلال الخبابيز أو غيرهم دون رادع.

ولدي معلومات أكيدة أن نصف عدد العاملين في مشروع البطاقة الذكية غير مؤهلين فنيا للعمل في مشروع كهذا، لذلك يصعب عليهم تطبيقه بشكل صحيح.

وأخيرا أود أن أقول لك أخي حسن بأنني لم أكن لأتردد في استخدام البطاقة الذكية لو كنت موقنا بكفاءة القائمين عليها وبوجود القوانين الحازمة والصارمة والشاملة لتقنين وحماية معلوماتي.

وشكرا لك مع ودي واحترامي

I read your posts and I would like to present my point of view related to Smart ID Cards. Recently, I made a thorough study named “Smart ID Cards based schemes and related projects”. This was a case study that aims to address security concerns with Smart Identities (Smart ID cards and Smart/Biometrics Passports). It focuses on the smart identities enrolment process as it is considered among the most critical phase during e-identity issuance. This study is based on the Kingdom of Bahrain and the United Kingdom experiences in this field. The main objective was to analyse the ‘Registration and Issuance’ system in the National Identification Scheme in both the countries and to take into account various relevant security considerations and other pioneer countries experiences. It concludes with the recommendations and suggestions that could help further and support improving these schemes.

The Smart Card’s chip is considered to be a temper-resistance module. It offers both physical and logical protection against attempts to compromise the card’s credentials. Smart Cards can ensure high security for stored information. However, considering Smart Cards as temper-proof is technically unachievable, since the card can be physically attacked.

Standard security goals such as authentication, confidentiality, integrity, non-repudiation and availability can be provided to some extent using Smart Cards. A good example is authenticating a ‘Subscriber Identity Module’ or SIM card to a ‘Global System for Mobile communication’ i.e. GSM network. Also, the confidentiality of a key on a pay-per-view T.V. card and integrity of a cardholder’s account balance on a MasterCard. Smart Cards generally keep a log file as evidence of non-repudiations. Furthermore, Smart cards can help to ensure systems’ availability, by allowing offline transactions. However, ‘Denial of Service’ attacks against Smart Cards are relatively easier [12].

There are different types of attacks through which a Smart Card can be compromised. These attacks can be classified into physical, logical, and ‘side channel’ attacks. Physical attacks are changing the analysis and/or modifications of a Smart Card’s hardware. This can be achieved by, for example probing the circuit, changing a track, changing the power or changing the voltage. Furthermore, it can be accomplished by causing the program to malfunction to exploit further disruption. This will enforce the Smart Card to reveal its credentials and allow unauthorized permissions to access its stored information.

Countermeasures can be used to enhance the card’s security and to prevent it from such attacks. Different attacks have different safeguards. For physical attacks, a proactive layer that carries protection signals can be placed. If any interruption occurs, the memory will be erased, and the chip halts. Furthermore, sensors on the chip can be added to measure any varying changes surrounding the chip such as light, temperature, power supply or clock frequency. The reaction will cause the chip to be disabled. Another way is to scramble the databus communications between the different parts of the chip.

On the other hand, logical attacks target the Smart Card’s communications. This leads the Smart Card to leak confidential data or allow data modification. Therefore, buffer overflow, unauthorized file access and malicious applets can succeed using logical-attack techniques.

Logical attacks depend on finding bugs within the Smart Card software. Therefore, the software design is rather important in building secure applications in Smart Cards. Whenever the software complexity increases, the number of possible weaknesses and loopholes that could be compromised dramatically rise. At the same time, popularity of evaluation labs affects the overall testing of the card’s security and its functionality, and it guarantees compliance with international standards that reflect as interoperability issues.

The third type is the ‘side channel’ attack. It can occur by observing or disturbing the behavior of an electronic circuit in the Smart Card’s chip in order to establish an attack. ‘Side channel’ attacks can be applied by measuring the power consumption of the card, and observing its behavior. This type of attack can also interrupt the power supply, which might result in crashing a running application or resetting the chip’s circuit. In addition, it can directly analyze recorded power data to determine actions and, thus, reveal the card credentials.

Finally, ‘side channel’ attacks countermeasures depend on three levels of defenses. They depend on hardware, software, and application security. Hardware countermeasures do not eliminate vulnerabilities completely, but reduce them. Software countermeasures can obfuscate leakage of data even if they are running on weak hardware. However, they are very expensive, and hard to maintain [13].

Protecting privacy deals with how data is collected, stored, transmitted, and used for a Smart Card application. It means to protect the individual’s rights against identity theft. At the same time, it prevents users from fraudulent crimes. A Smart Card has security properties which allow it to protect personal data privacy. Moreover, it has authentication and authorization capabilities that allow only required data to be accessed and exchanged. Firewalls are implemented in Smart Cards to help protect individual information from being accessed by different applications residing inside the same the same card; which, in turn, ensures that information can only be processed by an authorized application. Smart Cards also make sure that readers are not able to reveal its chip’s credentials or exchange them during a card verification process. Furthermore, the Smart Card’s temper-resistant characteristic makes it almost the best smart token technology to deal with identity protection [14].

A part of my conclusion was:

The ‘Registration procedure’ in the Registration and Issuance system should have stronger security rules. Proving once identity is not an easy job especially if someone provides a fake identity when it is registered within official records as a genuine. This might cost the country an unacceptable loss. Maintaining security in this system still does not provide the level of security that is expected from an Identification scheme.

Identification Schemes require lots of money to be paid for developing the required technology, paying for experts, maintenance, training and education programs for the staff and other things. The big question that arises with these: is the budget allocated for issuing and running the scheme enough to maintain the scheme forever? Are governments and citizens ready for such a great shift?

Countries applying for an identification scheme should be prepared for any sort of disasters. They must have at least a contingency plan in case of wars and natural disasters to protect users’ information. Some questions need to find clear answers before implementing the scheme. How and where the information is going to be transferred? How the scheme’s operations are going to be managed? How applications’ functions are going to be accomplished? How users will be authenticated and authorized to use services? Is every thing in future will be fully dependent on the smart identities and their reading devices?

Since all the information will be recorded in a central database, how backups are going to be taken? Where these backups are going to be kept? What are measures would be considered while deciding the place where backups are going to be stored? How many times the backups are going to be recorded? Who is responsible to do the backups? How laws can support regulating backups operations?

It is observed that most counties issue the smart identities before passing these new identities laws. This put users and the whole country’s scheme into legal risks. Laws related to these schemes, their smart identities and their applications should be stated and made clear before taking decisions to start implementing the scheme.

Even if most of these security vulnerabilities have been taken care of, what about managing the security of the: Network infrastructures, client hosts, servers, security perimeters (e.g. firewalls, IDS), and gateways?

In a final word; many questions should be attended and carefully studied before any decision taken or applied to move to smart identities. ID Cards, Smart Passports and Biometrics are advance technologies and they either could shift the country to a new bright era or could destruct its main resources leaving it naked with destroyed reputation.

Mona Mohammed

BSc. Computer Science

Msc. Information Security

Royal Holloway, University of London