Cyber Security : India’s New Man-made Mountains

  •   Thu, Aug 19 2010
  •   by Bert Naik

Aug 21, 2010

It has been reported in the media that the Indian Government has given an ultimatum to Research In Motion (RIM), the maker of the ubiquitous Blackberry phones, that, unless RIM complies by the rules, it risks being banned in India.

And the ban is imminent.

At the outset, the concerns of the Indian Government seem reasonable enough. India does not want a technology that could give an advantage to the militants.

Media also reports that RIM does not want to give a special treatment to India.

Before agreeing with one or the other party, one needs to understand the basic principles of cyber security.
The principles of cyber security are not complex to understand.

There are essentially three of them.

• The environment must be able to prevent disruption to the availability of services
• The integrity of the information must be guaranteed
• The confidentiality of the information must be assured

The issue between the Indian Government and RIM is on Confidentiality. Confidentiality here would mean the level of encryption applied, and that the security apparatus in India needs to have access to that information – with the hope that it could be decrypted whenever needed.

Encryption is done using various methods. Essentially it comes down to the algorithms used, the key length employed, and the safeguarding of the key – that will determine if someone other than the intended recipient can access the original information.

The Indian Government’s rules require that no Internet Service Provider (ISP) supports encryption using a key-length of greater than 40 bits without seeking the prior approval of the Government.

India’s Home Ministry, tasked with providing internal security, expects that RIM make the encrypted data available to the relevant security agencies.

Regardless of what the rules state and the expectations of the Government might be, it is not possible for RIM to comply with such expectations!

One might wonder why?

The essence of encryption being what it is, in today’s world, the level and complexity of encryption is controlled significantly by the users. And not by the ISPs or the manufacturers of gadgets.
The users of Internet and systems today have the means of acquiring solutions that provide extremely secure communications.

The security of such communication is so strong that only one person in the entire world - the recipient of the information alone – is able to decrypt that information. This is achieved through the usage of the Private Key in the Public Key Infrastructure that is ubiquitous in today’s world.

Possession of copy of that Private Key by another party, including a Government, would defeat the whole notion of cyber security.

But why can’t a Government get hold of the Private Key in the event that they have indeed caught a suspected militant, and want to read all the encrypted information that was exchanged between the suspected militant and his accomplices?

A natural question indeed.

The answer is simple: if the Private Key is still retained by the suspected militant and he is happy to hand it over to the security agencies.

The ISPs and the manufacturers of gadgets unfortunately cannot help. They were not in possession of the Private Key in the first place!

Mere storage of mountains of encrypted data will be of no benefit to the security agencies. Other than, of course, creating an opportunity for some to hire thousands of new workers to manage those mountains.
A far more sensible approach for the Indian Government would be to invest time and effort to understand how it could take advantage of features available in Internet Protocol (IP) version 6 (IPv6) to help with its future cyber security.

But that requires some real hard work. Why would the official babu machinery look for hard work – when there are far simpler, albeit meaningless, solutions around?

It may be fair to assume that, so long as the Indian Government is concerned, IPv6 is at least 20 years away.
by Bert Naik
Bert Naik, certified in cyber security, is the National B2B Manager of an essential service in Australia. The service routes giga-bytes of data securely each day.
To submit your article / poem / short story to Daijiworld, please email it to news@daijiworld.com mentioning 'Article/poem submission for daijiworld' in the subject line. Please note the following:

  • The article / poem / short story should be original and previously unpublished in other websites except in the personal blog of the author. We will cross-check the originality of the article, and if found to be copied from another source in whole or in parts without appropriate acknowledgment, the submission will be rejected.
  • The author of the poem / article / short story should include a brief self-introduction limited to 500 characters and his/her recent picture (optional). Pictures relevant to the article may also be sent (optional), provided they are not bound by copyright. Travelogues should be sent along with relevant pictures not sourced from the Internet. Travelogues without relevant pictures will be rejected.
  • In case of a short story / article, the write-up should be at least one-and-a-half pages in word document in Times New Roman font 12 (or, about 700-800 words). Contributors are requested to keep their write-ups limited to a maximum of four pages. Longer write-ups may be sent in parts to publish in installments. Each installment should be sent within a week of the previous installment. A single poem sent for publication should be at least 3/4th of a page in length. Multiple short poems may be submitted for single publication.
  • All submissions should be in Microsoft Word format or text file. Pictures should not be larger than 1000 pixels in width, and of good resolution. Pictures should be attached separately in the mail and may be numbered if the author wants them to be placed in order.
  • Submission of the article / poem / short story does not automatically entail that it would be published. Daijiworld editors will examine each submission and decide on its acceptance/rejection purely based on merit.
  • Daijiworld reserves the right to edit the submission if necessary for grammar and spelling, without compromising on the author's tone and message.
  • Daijiworld reserves the right to reject submissions without prior notice. Mails/calls on the status of the submission will not be entertained. Contributors are requested to be patient.
  • The article / poem / short story should not be targeted directly or indirectly at any individual/group/community. Daijiworld will not assume responsibility for factual errors in the submission.
  • Once accepted, the article / poem / short story will be published as and when we have space. Publication may take up to four weeks from the date of submission of the write-up, depending on the number of submissions we receive. No author will be published twice in succession or twice within a fortnight.
  • Time-bound articles (example, on Mother's Day) should be sent at least a week in advance. Please specify the occasion as well as the date on which you would like it published while sending the write-up.

Comment on this article

  • adshenoy, mangloor

    Mon, Aug 23 2010

    Who are the loosers Indian government or RIM. India is a monsterous market. Is RIM can afford to lose such a gold mine?
    Or lose exclusive corporate users who communicate secretive/ sensitive business data?

  • Panchoo, Udupi

    Sat, Aug 21 2010

    The Government decided to facilitate the use of Internet Protocol Version 6 (IPv6) in the country in June 2009.

    National IPv6 Deployment Roadmap was released in July 2010. Salient features of this roadmap include action plan for telecom service providers, formation of Task Force for implementation of IPv6, formation of Indian IPv6 Centre for Innovation and development of standards and specifications for IPv6 conformance and interoperability etc.
    The steps taken by the Government for transition from Internet Protocol Version 4 (IPv4) to IPv6 by stakeholders include the following.

    i. Telecom Engineering Centre (TEC) in Department of Telecom is coordinating with all stakeholders for transition from (IPv4) to IPv6.

    ii. Central Government Ministries/Departments, State Governments and Telecom operators have been advised to procure IPv6 complaint equipments.

    iii. Five workshops were held in New Delhi, Bangalore, Chennai, Mumbai and Kolkata during 2009-10 for creating awareness and working out methodology for transition from (IPv4) to IPv6.

    iv. IPv6 training program was held in November 2009 in association with Asia Pacific Network Information Centre (APNIC), Australia.

    v. Checklist for facilitating (IPv4) to IPv6 transition has been issued by TEC in December 2009.

    vi. Interactions and meetings are held by TEC with nodal officers from various government organizations and service providers for transition to IPv6.

    vii. It has been decided to form a Task Force on IPv6 implementation with three tier structure having oversight committee, steering committee and nine working groups.

    This information was given by the Minister of State for Communications & Information Technology, Shri Sachin Pilot in written reply to a question in Lok Sabha

  • Tarun Hegde, Manipal

    Sat, Aug 21 2010

    In India all the telecom and internet service providers are required to become IPv6 complaint by December 2011 and offer IPv6 services thereafter.

  • Navin, Manipal/Bahrain

    Sat, Aug 21 2010

    As per Department of telecommunications (DOT),BlackBerry's high-level encryption technology that doesn't allow anybody to break, not even RIM, access to data transmitted over the device, except to end-users. This is the main concern of Indian Govt. Terrorist or some Anti-Social group could use this facility to communicate with each other without problem.

    Also, In BB there is a future called encrypted messaging service , using this future Two or more users can create their own "Master Key"s and communicate them self on their own "VPN" (Virtual Private Network), which even could not traceable or track by RIM itself. They made this for enterprise users to communicate within highly secured BB Enterprise environment.

    Those are the Concerns of DOT.


Leave a Comment

Title: Cyber Security : India’s New Man-made Mountains



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.