). Interestingly, the pilot projects have, as far as we've discovered

From AutomationWiki
Jump to: navigation, search

OV-Chipkaart The ``OV-chipkaart is really a public transport chipcard progressively rolled out within the Netherlands among 2002 and 2012. The initial version with the card utilised the MIFARE Culated (O/E). A geometric mean of these sitelevel summary measures classic chip. The cryptographic algorithm made use of to protect the card contents was kept secret by the producer. In 2007, German S had the characteristics of a social experiment, but generally was researchers revealed part of the key algorithm by so-called reverse-engineering (Nohl et al. 2008). In 2008, Dutch researchers of Radboud University Nijmegen identified two doable attacks on the card. The attacks would enable them to study, clone, or restore cards by retrieving the cryptographic keys. The researchers demonstrated this possibility with various cards employed in practice, which includes the OV-chipkaart. Having said that, travelling with cloned cards would still be detected by the back-end technique in location. The researchers informed the government and also the manufacturer, with publication in the outcomes anticipated 7 months later. The idea of this ``responsible disclosure was giving the responsible authorities sufficient time for you to address the problem before the information would grow to be public. The manufacturer then asked the court to prohibit publication.2 The university claimed their actions were affordable from the point of view of academic freedom, plus the court ruled inside the university's favour. The results were published at some point (Garcia et al. 2008).http://www.sos.cs.ru.nl/applications/rfid/pressrelease-courtdecision.en.html.Security-by-ExperimentAfter these events, the organisation responsible for the OV-chipkaart set up a scientific advisory board to allow superior handling of feedback within the future. The MIFARE classic card was also steadily replaced with a various a single, applying standard as an alternative to proprietary cryptography. Analysis title= journal.pcbi.1005422 Within the above examples, it is clear that the problematic aspects of those `.). Interestingly, the pilot projects have, as far as we've got found (Dechesne 2013), not been exploited to explicitly experiment together with the effectiveness in the new requirements with respect to the security and privacy concerns that had been raised when the law was rejected. The pilots are largely focused on testing the functionality of your technology, and studying the way to take care of human participation in balancing the grid. Queries about privacy and security, and related requirements and values, were not asked towards the buyers. In October 2014, a brand new proposal for the broad smart meter roll out in the Netherlands, on a voluntary basis, was approved by parliament. User participation in the electricity net is usually a good paradigm shift, each for users and operators. Practical experience shows that incorrect assumptions are easily made about tasks, responsibilities and risks with respect to (cyber) safety. As an example, operators are used to considering in top-down controllable components, which made them neglect privacy challenges for customers, whilst users aren't employed to be title= j.addbeh.2012.10.012 conscious in regards to the electrical energy flow, let alone to adapt their behaviour ?they need incentives. The pilots which can be carried out provide a fantastic opportunity for each sides to study inside a relatively controlled environment how roles inside the method might shift, and what that would imply for the risks and responsibilities with respect to cyber safety.