E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Published byModified over 5 years ago
Presentation on theme: "E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean"— Presentation transcript:
e-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean firstname.lastname@example.org
University of the Aegean Review F Do we really need security in the networks of Public Sector? F What security requirements do we have? F What solutions may we propose to cover the requirements?
University of the Aegean The traditional way of communication
University of the Aegean The modern way of communication within the public sector
University of the Aegean Possible problems (1) Confidentiality
University of the Aegean Possible problems (2) Integrity
University of the Aegean Possible problems (3) Availability
University of the Aegean Possible problems (4) I did not send it! I have never received it! Non-repudiation
University of the Aegean Possible problems (5) Secure Timestamping
University of the Aegean Possible problems (6) Authenticity
University of the Aegean We identified the following security requirements: F Confidentiality of the exchanged information F Integrity of the exchanged information F Availability of information and communication F Non-repudiation of (a) origin and (b) receipt F Timestamping of electronic documents F Authenticity of transacting parties
University of the Aegean Satisfy the requirements F Confidentiality: Public key Cryptography F Integrity: Digital signatures F Authenticity: Digital certificates and signatures F Availability: Lower level protocols, such as IPsec F Value-added services: Time-stamping, non- repudiation of origin and receipt, notary, privilege management
University of the Aegean Solutions; F Asymmetric and Symmetric cryptography F Public Key Infrastructure F Smart cards F Relevant Legal framework
University of the Aegean Cryptography F Symmetric (Traditional) cryptography –Same key for data encryption/decryption –Prior key agreement of transacting parties –Problems: protection of key distribution F Symmetric (Public Key) cryptography –Key pair: One private and one public –Data encrypted with on key can only be decrypted with the other –A private key is the property of one only physical entity –A public key is freely distributed
University of the Aegean Certification Services Provision F Basic services –Registration –Certificate management –Cryptographic functions –Directory Services –Data repository F Support –Administration –Audit and Control –Logging –User support
University of the Aegean Value-added Services F A CSP as Time-Stamping Authority F A CSP as Key Distribution Center F A CSP as Privilege Management Authority F A CSP as Notary F A CSP as Evidence Provider
University of the Aegean CSP Requirements in e-gov F Reliability demonstration F Physical security F Publishing of certification policies and practices F Risk analysis F Protection of Personal Data F Long-term repositories of signature verification data F Insurance ? F ISO 9000 certification ?
University of the Aegean Digital Signature F Definition –A Digital Signature is data attached or co- related to an electronic document, that are used to verify its authenticity. F Characteristics –It is uniquely related to the signer –Provides a means to identify the signer –It is created by means under the absolute control of the signer –It is uniquely related to the document –It assures the integrity of the document
University of the Aegean Digital Certificate F A Digital Certificate is a Signed Data Structure that binds a physical entity to a public key that possesses. F The certificate is digitally signed by an Authority (Trusted Third Party) Trusted and Qualified to act as a Certification Services Provider (CSP). F It assures by Technical and Legal means that a public key belongs to a specific entity and consequently that this entity legally possesses the relevant private key.
University of the Aegean Smart Cards F Special Smart Cards with crypto-processor are used in PKI F Ideal solution for private key storage: –Key pairs produced within the card –Digital signature creation is performed within the card –Private key is never exported from the smart card –Mobile –PIN protected –Reliability and Physical durability
University of the Aegean Legal framework F Digital signatures are internationally recognised as equivalent to handwritten signatures and in some cases as stronger F The European Directive EC/93/99 on Digital Signatures is already adopted by the 15 member states F The Directive is adopted in Greece by the Presidential Decree 150/2001 F National Telecommunication Authorities (e.g. EETT) publish regulations for the provision of Qualified Certification Services.
University of the Aegean Do we need something else; F Information Systems Security does not succeed with the simple raising of physical or electronic barriers. F An integrated Security Policy is needed, that will be the basis for the construction of security procedures.
University of the Aegean Summary F Electronic Government is close. F Secure e-Government is still at a distance. F … but it must (and it can) come closer! F The Public Sector must face the ICT Security as a fundamental issue.