Bringing together open source and security
It was released 12 years ago, and had not evolved in the meantime. However, researchers report hacking the algorithm, and the overall security of the Mifare Classic chip was easier than expected.
As a reaction, researchers at Radboud University in Nijmegen are now planning to develop an open source contactless card. They say, an open source contactless card will be a better guarantee for privacy rights, as everyone will be able to understand how information is managed in the card, and what information is transmitted at each transaction. But then, comes the question: how can an open source card be secure? Generally, open source software is openly distributed, so that everyone can check that it is not malicious, and it is also open to modification by everyone willing to use it and adapt it to different purposes.
In our secure smart card world, issuers rely on certification processes by recognized authorities to ensure the compatibility and the security of the products they use. Certified products also allow issuers to build customer trust.
Before the whole industry jumps on the open source bandwagon, we should build a certification process that will support these new products and bring the expected level of security and trust.
Also in the mobile communication environment, Google Android is based on the open source model, and Nokia just acquired Symbian to make the operating system organization evolve towards an open source model. As handsets are bound to become transaction devices, the industry must come up with means to ensure we deserve customer trust.