 Could you please briefly explain what TÜBITAK UEKAE is and what it does?
TÜBITAK’s UEKAE (National Research Institute of Electronics and Cryptology) began operating in 1972 within the Marmara Research Centre (MAM) as a research group called the Electronic Research Unit. In 1995 the unit separated from MAM to become an independent institute directly reporting to the Presidency of TÜBITAK. With around 80% of its staff comprised of researchers, UEKAE is one of Turkey’s largest R&D structures operating under a single umbrella.
TÜBITAK UEKAE’s main field of operation is data security and advanced electronic applications. Maintaining its principle of applied R&D, today, UEKAE is the major player enabling technological independency to Turkey in the field of data security. Dating back to 1980, our work in the area of data security and cryptology and our many different products have enabled Turkey to become one of the few countries that can protect critical data using its own capabilities and technologies.
While cryptology is our main field of operation, it is not our only specialty. We are also specialised in electronics and communication applications in general. Accordingly, we also work on hi-tech products such as various communications technologies and radars.
On the other hand, especially in recent years, we have been more focused on developing and commissioning specific projects aimed at serving the needs of the public sector. To give some examples, there is the ongoing pilot project for SGK (Social Security Administration) in Bolu or the Information System Development project developed for EPDK (Energy Market Regulatory Authority) and the Digital Log, Archive and Analysis System developed for RTÜK (Radio and Television Supreme Council).
As an international centre of science, technology and production pioneering in the field of data security, communications and advanced electronics could you briefly summarise what technological developments we are to expect in the future?
In the communications area, for instance, technology is developing day by day. As for the world of electronics, we are heading towards a near future where all systems will be communicating with each other. Along these lines, together with several developed countries Turkey has speeded up its efforts in the field of network-based capabilities. As is the case in many other technologies, the military plays a leading role in technologies where systems and units are in continuous communication and controlled centrally. NATO, in particular, is investing heavily in this area. As TÜBITAK UEKAE, while working on our own projects we are also keeping close track of NATO and providing guidance to Turkey accordingly.
Today, in addition to conventional encryption technologies we are talking about quantum cryptology. We also have work in progress on this technology, which can be defined as a combination of quantum physics and cryptology.
Another example is from the world of radars. Currently, phased array radar technologies are monopolised by a few countries. As TÜBITAK UEKAE we also have investments in this area. Similar to all our previously developed products we are working on developing phased array radar products using 100% Turkish engineering and products.
In all of our fields of operation at present we are working on future technologies using the brainpower of 100% Turkish engineering, without compromising our philosophy built on Turkey’s technological independence.
Could you elaborate a bit on data security? Why was the National Data Security Portal established?
In data production, transmission, storage and deletion, namely in all of its phases, the critical objectives of data security are ensuring strictly authorised access to data and maintaining data integrity. Another objective of data security is to ensure that the relevant individuals or systems can access data at the required quality.
The widespread use of information systems in our daily lives has not only magnified the amount of data but has also widened its roaming area. In this case, ensuring the security of data becomes all the more important because in this wide roaming area there is a multitude of security threats. While these threats may come from conscious hackers, unconscious users may also pose an important security threat. Natural disasters and environmental factors also threaten data security.
Any measures taken to ensure data security must encompass all the phases that involve data. As data security measures may limit the usability of data it is crucial to determine the balance of data security and usability in line with the needs. The most efficient way to protect this balance is to use a risk-based approach. The main objective should be to provide more protection for data under greater potential security threats.
Article 88 of the “Knowledge Society Strategy”, published by the State Planning Organisation (DPT), lays down the National Information Systems Security Programme and assigns the responsibility of implementing this programme to TÜBITAK’s National Research Institute of Electronics and Cryptology. One of the most important objectives of this programme is to increase public awareness on data security and eliminate any lack of knowledge in this regard.
The National Data Security Portal, designed and operated in a way that allows all Turkish individuals and organisations knowledgeable in the field of data security to contribute to the portal, offers several guidelines and technical articles on various areas related to data security. Updated security bulletins can be accessed from the portal. The “Security for Everyone” section published in the portal aims to enlighten ordinary end-users about data security. Furthermore, the portal also contains information about events taking place in Turkey related to data security.
What do the security bulletins contain?
The security bulletins contain detailed information on any security gaps identified in frequently used information systems. The bulletin provides information on the severity of the security gap, the time of the announcement, the systems affected, links related to the security gap and applicable solutions to get rid of such gaps.
You developed Turkey’s first e-signature application. Could you talk a bit about the e-signature products developed by UEKAE?
Within the scope of the National Public Key Infrastructure project, which has been implemented by our Institute since 2000, we have developed a wide range of products for e-signatures. The main e-signature products include the ESYA (Electronic Certificate Management Infrastructure) Certification Authority, which issues the electronic certificates needed for e-signatures and the Desktop Signer used to prepare documents with e-signatures. The Time Stamp server, the OCSP (Online Certificate Status Protocol) server, the Kermen Data Security Application, the Signer application development libraries and the AKIS (Smart Card Operating System) smart cards are the other e-signature products developed by our Institute. Out of these products, the ESYA Certification Authority and AKIS smart cards have received Common Criteria EAL4+ certification from the Turkish Standards Institute (TSE). Our products have been developed on a solely national scale and comply with international and leading standards. Since 2004, these products are being used intensely by TÜBITAK UEKAE’s Public Certification Centre and various public agencies. On a final note, TÜBITAK UEKAE’s e-signature products have been used within the scope of the Azerbaijan State Protection Organisation Electronic Certificate Infrastructure Project and the Turkish National Identity Card Project to install and operate electronic certificate infrastructure systems.
Could you explain the objectives and benefits of the pilot project in Bolu related to the electronic identity verification system?
The related IDs have been distributed in Bolu since 2008. Initially, we tested various issuance methods and card types and drew certain lessons and conclusions from these experiences. For instance, we decided that the best way would be to use polycarbonate, a very durable material, for the new identity cards. Similarly, the most secure way to write the identity information was by burning the information using a laser. On the other hand, the Electronic Identity Verification System (EKDS) was integrated with the application software currently used in the healthcare industry and was made available to hospitals and family doctors. The system was also integrated with the e-State Portal. This way, it became possible for citizens to enter and use the e-State Portal with their new ID cards. Additionally, the EKDS system was integrated with the finance industry and commissioned in the Bolu branch of a private bank. The other players in the finance industry are expected to follow suit.
The most important benefit that EKDS offers to organisations and persons receiving services from these organisations is security. The service provider is sure that the service receiver is entitled to such services and can verify his/her identity. As for service receivers, they can be sure that other persons do not use the services to which they are entitled. On the other hand, a single infrastructure for identity verification in e-State and e-trade applications lowers investment costs. As for citizens, they are able to access their daily services by using the single password assigned to their cards. There is no need to enter a separate password for each application. In other words, it provides ease-of-use for services.
This system will prevent any infractions and fraud using stolen identities. Organisations will stop losing reputation due to such incidents. It will also eliminate any improper use of economic resources. It is reported that the level of corruption within the Social Security Administration for medication and treatment expenses is around 10%. The e-signatures on the cards will enable citizens to carry out their transactions by signing the electronic documents. By law, these signatures have equal power as wet signatures therefore citizens can perform a multitude of transactions from home. Another feature of the card is that the Turkish Identity Card can be used as an electronic passport when crossing borders. To this end, the card bears a contactless chip, which complies with the ICAO 9303 standard. The e-State and e-signature applications that use contact interfaced chips are supported with the National Card Operating System (UKIS). As for contactless chips, these chips contain information used by the ICAO and for border crossings. Owing to this feature, using the Milfare protocol, these cards can be used in workplaces for electronic access purposes.
What are your expectations from this year’s Cardist fair and summit?
It is the first time that our Institute has worked on a credit card project. It will be a very innovative product, given its features and application areas. We look forward to this platform that will enable us to offer more detailed information about the project, which we have previously communicated together with the Interbank Card Centre. In particular, we plan to share information about our approach towards international demands for national identity card projects and our capabilities in this domain.
How are you preparing for Cardist 2010? What novelties should we expect to see at Cardist this year from your Institute?
We will have a stand in the fair. In addition, three of our staff members will deliver presentations on the national identity projects and smart cards. We will also share information about our contactless and e-signature based credit card project as well as talk about our national identity management systems in general.
We are in an age where technologies are changing rapidly. How do you think Cardist will contribute to the industry in the future?
We believe that Cardist will bring together companies and customers and strengthen the ties between card manufacturers in Turkey and nearby markets. |
