Drew Wagar's Weblog.

All | Astronomy | Automotive | Identity | Industry | Miscellaneous | Technology | Whinge of the week

« Previous day (Oct 12, 2005) | Main | Next day (Oct 13, 2005) »
20051013 Thursday October 13, 2005

 Interlude on Digital Signatures

Geraint's comment on my previous post was rather revealing (thanks for that Geraint). I wasn't aware that the government had specifically ruled out digital certificates for inclusion on the ID card. Hands up, red face. Doh! :-(

This is apparently to reduce the projected cost of the cards... How much does a digital cert cost? About £25 today. If we're going to have to have ID cards, I'd rather pay the extra thanks.

Apparently, other than biometrics, the only other two factor identification component being suggested is the good old PIN number, making the ID Card about as secure as a credit card for online transactions. Not much of a step forward. I am assuming that the Government doesn't intend to issue all 60 million of us with a personal biometric scanner ;-)

Ok, the government has said that the card wasn't designed for e-commerce (real opportunity missed for reduction in fraud, spamming, phishing etc), but it leaves another big problem. With no digital credential aboard, duplicating a card is going to be, if not easy, not nearly so difficult. It's not easy to guarantee uniqueness without a PKI.

Having thought about it for a while, I can't see a way around it. If you're going to create a system like this you might as well do it properly. I think the government will do a u-turn on this once the detail comes out after the public consultation is over. (What Sir Humphrey called the 'Janet and John Bit' ;-) Kind of interesting that the government has been looking at ways to make PKI affordable, yet hasn't tied this up with the ID Card. Atleast not yet.

Aren't government departments supposed to talk to each other? ;-)

( Oct 19 2005, 05:05:17 PM BST / Oct 13 2005, 05:05:20 PM BST ) Permalink Comments [2]
Trackback: http://blogs.sun.com/Drew/entry/interlude_on_digital_signatures

 The Swizz of the Cards...

Another piece of excellent eclectech animation for you on the subject of ID Cards...

The 'Swizz of the Cards' - No, you're not in Kansas anymore... Lots of fun. ;-)

There are a few of serious points in this that do bear examining though.

The author of this little ditty calls into question how well the registration process for the card will work (ably illustrated by straw man handing over a fistful of readies). He/She/They are correct in pointing out that registration is the point at which fraud is most likely, a problem we're working on right now... sorry can't give out the details at this stage, but you'll like it.

Secondly, there is a glaring mistake on the use of the ID Card to verify somebody elses transaction. In the animation the card is stolen and inserted into a 'PC' to verify a fraudulent transaction. Because it is a valid ID card the transaction goes through.

The author has missed the point that the card needs to be valid and somehow authenticated with the individual using it before it's accepted (two factor authentication). Just pinching somebodies ID card won't work, atleast, not digitally. (Might do as photo ID though). A bit of scare mongering going on there m'thinks.

How is this authentication done? Well biometrics is one answer (and yes, we all know about those problems), but there are other answers too. We're also working on how you might be able to 'switch off'/invalidate a card without the card being physically anywhere near a 'terminal'... can't tell you about that either, but you'll like it. ;-)

The point that you don't need to have multiple identities to commit fraud is a good one though. Most benefit fraud is due to false claim reporting, not multiple identities.

Still, a good piece of animation, looking forward to more!

( Oct 13 2005, 02:22:23 PM BST / Oct 13 2005, 01:37:32 PM BST ) Permalink Comments [1]
Trackback: http://blogs.sun.com/Drew/entry/the_swizz_of_the_cards

 ID Cards and the NIR Part 3 - Some thoughts on scale

Scale matters.

Now we get to muck about with some figures. Back of a envelope figures admittedly, but it does allow us to analyse this a little.

There are approximately 60 million people in the UK, and about 3/4 of these are entitled to an Identity Card. So let's say 45 million.

The Government wants to store 51 pieces of personal information on us. This, to me, looks like about 10k's worth of textual data, not counting how much it takes to store biometrics, images and so on. Biometric data seems to vary from hardly anything to 1000's of bytes so lets say another 10k for that. How big is a decent quality jpeg of yours truely? Well I reckon you could get away about 30-50k. Plus we need to add say 20% for encryption wrapping etc. So lets, for sake of easy calculation, say a given user profile starts at 100k per individual. Doesn't sound too bad.

So how much data storage are we talking about? 45,000,000 times 100k = 4,500,000,000k or 4,500,000megs or 4,500Gigabytes. Sounds a lot but it's only 4.5 terabytes and that wont cause much of a problem for a decent storage provider. That will probably fit on my PC in a couple of years time!

What about network bandwidth? This begs the question, how often are you going to use your ID Card? Lets start off working from where we are today. How often do you need to prove your identity to a high level of certainty? Open a bank account? Apply for a credit card? Maybe 3-4 times a year, probably less.

Ok, lets assume the whole card population uses their card 4 times a year. That is 180,000,000 card accesses per year, which is 493,150 per day, which is 20,547 per hour, which is 342 per minute, which is 5.7 per second. A fair old whack, but nothing that will scare the worlds greatest directory product (which, btw, has been benchmarked easily over 10,000 reads per second in a multi server environment, and even a single cpu server can support 1,000 reads per second.)

Yes, the network topography will be interesting, but that atleast is do-able.

How much traffic would be transferred for each access? Tricky, but at the worst case, assuming we transfer the whole 100k profile for each interaction and we need another 100k for protocol and security, that gives us 36 terabytes per year, 100 gigabytes per day, 4 gigabytes per hour, 1 gigabyte a minute and 17 megabytes per second. That's a nice collection of T1 pipes, no big deal.

So, we're home and dry then? Well, not quite. There are two other things we need to consider. The audit trail and the increase in usage of this system.

Lets take a look at the audit. Everytime you use the card the government wants to know. So your profile is going to get bigger. How big is an audit event? Could be anything from bytes to kbytes. If it is kbytes that storage is going to grow by perhaps a 100% per year, maybe even 300-400%. So we could guesstimate storage requirements at 18 terabytes per year, at the 4 uses per citizen per year rate. No worries, might need a couple of extra Sun boxes, and I haven't mentioned backup and fail over and redundancy obviously.

What about the increase in usage of the card over time? Well, lets say we start tieing the card to bank transactions, tube travel, bus and train tickets, congestion charging and toll booths. How often would you be using your card then? I reckon up to 10 times per day might be about on the money, perhaps even higher. What does that look like now?

Well, rather than 4 times a year the citizen is now using the card 3650 times a year. I won't bore you with more long maths, and assuming we're still auditing everything but based on the estimates above we now need...

Reads = 5200 per second
Network Bandwidth = 15 Gigabytes per second (You'd need 2,666 T3 lines working flat out)
1 Years Audit = 1642.5 Terabytes (assuming an audit event is 10kbytes)

What makes these figures scary? The combination of an audit and the scale. Can't help thinking that this audit is going to be a little on the expensive side.

Hmmm. Just as well we bought StorageTek. Time to buy some shares in Cisco too! ;-)

( Oct 13 2005, 12:31:46 PM BST / Oct 13 2005, 11:13:03 AM BST ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/id_cards_and_the_nir2

 Hope he doesn't mind...

Pinched a few ideas from Robin's blog... I thought I ought to get around to adding a bit of 'sizzle' to this blog.. Copied his stat counter and clustermap ideas. Nice one. I also found this neat little moon phase applet.

As one of my previous colleagues used to say - "Plagarise, plagarise, let no ones work evade your eyes..."

By the way, Robin is one of our top Identity heavyweights. He's the chap who I ask when I get stuck. He also got selected as 'C3PO' in one of our internal, "So which Star Wars character are you then?" emails. :-)

( Oct 13 2005, 09:47:29 AM BST / Oct 13 2005, 09:21:10 AM BST ) Permalink Comments [0]
Trackback: http://blogs.sun.com/Drew/entry/hope_he_doesn_t_mind

 Do you suffer from constant tiredness?

Constantly tired, occasionally moody and irritable, generally a little bit unwell a lot of the time but with no obvious cause? Been to the doctor and testing for various things with nothing amiss? You might be suffering from the effects of this little monster:

Candida Albicans

It's basically a form of yeast which furs up your digestive system and gets all over your body, giving your immune system a constant unrelenting fight and draining your energy. It's a bit controversial, many doctors don't acknowledge it at all (ours hadn't even heard of it)

Check it out for yourself... Symptoms & Causes, and a simple (but a bit gross!) test you can do to find out if you've got it. I had it, and so did my wife - apparently about 80% of the population have it to one degree or another, and it's due to all the crappy processed food we eat.

So what can you do about it? Well, there is a diet which cuts out all yeast (no beer or wine!), all sugar (including fructose from fruit!). Which is a bit drastic.

On the Candida Society Website they do mention somne products which are supposed to help. I took an appropriately skeptical look at these, but my wife wanted to try it out (she's a long term tiredness sufferer) and we thought we'd give the most promising looking one a go - Threelac. I figured it might well be 'snake oil', but it was worth a try.

We both started taking it according to the instructions and to be honest, the first week was awful, the symptoms got a lot worse. This is apparently normal as the 'death' of the yeast dumps a whole bunch of toxins into your system (nice!). As you clear out though, I have to be honest and admit I've felt a lot more energetic. I can get up in the morning without a 'fuzzy' head and my concentration levels having noticeably increased. I passed the test the other morning with no problems. My wife had it worse than me but she is getting better too.

So it worked for us, it might work for you to. Worth checking out if you suffer from unexplained tiredness and generally not feeling 100% for no apparent reason.

( Oct 13 2005, 09:00:35 AM BST / Oct 13 2005, 08:36:54 AM BST ) Permalink Comments [1]
Trackback: http://blogs.sun.com/Drew/entry/do_you_suffer_from_constant


Yep, me.
« October 2005 »
MonTueWedThuFriSatSun
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today



moon phases

Locations of visitors to this page
XML - Get my RSS Feed!

people stopped by, thanks everyone!

My Blog Entries...


Today's Page Hits: 91