© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
The Managing Authority –Keystone of the Control System
© ITU Telecommunication Development Bureau (BDT) page - 1 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau Seminar.
International Telecommunication Union Workshop on Standardization in E-health Geneva, May 2003 Europe: TM-Alliance, facilitating e-Health Interoperability.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Internet Protocol Security (IP Sec)
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
EMS Checklist (ISO model)
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
United Nations Economic Commission for Europe Transport Division United Nations Economic Commission for Europe Transport Division ITU - Inland Transport.
Registry system data exchange General design requirements Pre-sessional Consultations on Registries 19 October 2002 New Delhi, India UNFCCC secretariat.
© ITU Telecommunication Development Bureau (BDT) – E-Strategies Unit.. Page - 1 Building Trust and Security for E-government Dubai, United Arab.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Public Key Infrastructure Ammar Hasayen ….
© ITU Telecommunication Development Bureau (BDT) E-Strategies. Page - 1 ICTs – Challenges and Opportunities for Africa Alexander NTOKO Chief,
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Trust and Confidence for Critical E-government Services.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Cryptography, Authentication and Digital Signatures
Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
Digital Signatures, Message Digest and Authentication Week-9.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Cryptography: Digital Signatures Message Digests Authentication
DIGITAL SIGNATURE.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Digital Signatures and Digital Certificates Monil Adhikari.
Slide 1 EC-DC © ITU Telecommunication Development Bureau (BDT). All Rights Reserved. AFRINET2000 The Africa Internet Summit & Exhibition Abuja,
Slide 1 EC-DC © ITU Telecommunication Development Bureau (BDT). All Rights Reserved. AFRINET2000 The Africa Internet Summit & Exhibition Abuja,
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
TAG Presentation 18th May 2004 Paul Butler
In relation to WSIS Plan of Action – Internet Governance
Public Key Infrastructure (PKI)
TAG Presentation 18th May 2004 Paul Butler
Digital Signature.
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Pooja programmer,cse department
E-Commerce for Developing Countries (EC-DC)
ITU Telecommunication Development Bureau (BDT)
Presentation transcript:

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on Challenges, Perspectives and Standardization Issues in E-government Geneva, 5-6 June 2003 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau (BDT)

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 2 But Why? A Holistic Approach to Building Confidence is A Key Driver for E-government.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 3 …Because the challenges for DCs are not just limited to technology and access Security plays a central role in building user confidence for e- government services

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 4 Security concerns for e-applications are quite high in the priorities of Developing Countries Results of ITU-D Survey (March 2003) on Challenges to E-Transactions. WTDC02 IsAP Programme3 - Security

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 5 An entity A, can be said to trust another entity B when A makes the assumption that B will behave exactly as A expects. Its about having confidence in government services provided via Telecommunications/ICTs. What is TRUST?

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 6 …but in e-government, it is important to Know if you are dealing with a dog. Knowing who you are dealing with remains a major concern

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 7 What are some of the security concerns? 1. Identity Interception: The observation of identities of communicating parties for misuse. 2. Data Interception: The observation of user data during a communication by an unauthorized user. 3. Manipulation: The interception and modification of information in a private communication. 4. Masquerade: Pretending to be another user to access information or to acquire additional privileges. 5. Replay: The recording and subsequent replay of a communication at some later date. 6. Repudiation: The denial by a user of having participated in part or all of a communication. 7. Denial of Service: The prevention or interruption of a communication or the delay of time-critical operations. 8. Traffic Analysis: The unauthorized analysis and observation of information (e.g. frequency, sequence, type, amount, etc.).

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 8 Lets Map some of the Security/Trust Issues to Possible Solutions… Identity Interception: Confidentiality (Strong Encryption). Data Interception: Confidentiality (Strong Encryption). Manipulation: Data Integrity (Digital Signatures). Masquerade: Authentication (Digital Certificates) Replay: Digital Signatures + with Time Stamp. Repudiation: Digital Signatures. Denial of Service: Authentication and Access Control. Traffic Analysis: Strong Encryption.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 9 …It is clear that identity verification/management plays a crucial role in addressing many of these problems…

Digital Signatures are central to the Solution Signers Private Key Signed Document Encrypted Digest Hash Algorithm Digest

Verifying the Digital Signature for Authentication and Data Integrity Hash Algorithm Digest ? ? Signers Public Key Integrity: One bit change in the content changes the digest

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 12 What Solutions do Digital Signatures provide? Guarantees: o Integrity of document One bit change in document changes the digest o Authentication of sender Signers public key decrypts digest sent and decrypted digest matches computed digest o Non-repudiation Only signers private key can encrypt digest that is decrypted by his/her public key and matches the computed digest. Non-repudiation prevents reneging on an agreement by denying a transaction.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 13 How do different Technologies Address the main Security Challenges for E-government?

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 14 Growing Demand for Security and Trust

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 15 Reflected in growth projections for PKI

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 16 But Why PKI? o Its Not about Waging a Technology War. o The Issue is about Providing Solutions.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 17 PKI Addresses Many Security and Trust Issues for Building Confidence in E-government: o Data Confidentiality Information accessed only by those authorized o Data Integrity No information added, changed, or taken out o Strong Authentication Parties are who they pretend to be o Non-repudiation Originator cannot deny origin o Infrastructure of trust Automating the checking of identities o Mechanism to prevent Replay Digital signature combined with Time Stamp

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 18 But To Assist DCs we must Learn from the Experiences of Industrialized Countries: 1. What are the issues facing industrialized countries with PKIs? 2. Can developing countries avoid these pitfalls?

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 19 Some PKI Challenges faced by Industrialized Countries? 1. Technology-Level Non Interoperability Between Different PKI Vendors. 2. Different Approaches to Address CA-CA Interoperability Challenges. 3. Sector-Specific Strategies for Identity Certificates Leading to Non-interoperability of Digital Signatures Across PKI Domains (e.g., for Health, Finance and Business). 4. Recognition of Certificates across Geographical Boundaries. National Identities or National Passports?

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 20 Some Possible Approaches to Build Confidence in e-government for Developing Countries? o Generic Identity Certificates Public Key Infrastructure (PKI) for Generic Identity Certificates (digital ID cards). Comprehensive Certificate Policies for CA-CA Interoperability. o Attribute or Privilege Certificates Establishment of Privilege Management Infrastructures (PMI) for Sector Specific Needs. Establishment of Frame work for Relationship between AA and CAs o Technology Level Interoperability CA-CA and CA-RA Interoperability

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 21 Build Trust Where is Exists! Generic Identity Framework for All Sectors

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 22 …But DCs still face many challenges: …Just to list a few of them… o Low Level of Awareness on Security/Trust Technologies and their role as a key driver for e- government. o Human and Financial Resources to Establish PKI. o Appropriate Business Models for Sustainability and Investments in PKI. o Standards and/or Profiles to ensure for Multi-Vendor Interoperability. o Policy-Level Interoperability for PKI Domains and Jurisdictions. o Dealing with Liabilities, Risks, Insurance, Legal and Policy Framework for PKI Services.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 23 How is ITU-D Assisting DCs in e-government? o ITU-D Istanbul Action Plan (IsAP) Policies: Assistance in Addressing National/Regional e-applications Policies Projects: Projects on E-government Infrastructure and Applications/Services. Training: Building Human Capacity and Awareness on e-Security and E-government. Environment: Assistance in Legal Issues for E- Applications and Conducive Environment. Guidelines: ITU-D Study Group Questions to Provide guidelines on E-Applications (including e- government).

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 24 Conclusion – Is there Any Hope for e-government services in Developing Countries? o Telecommunications and ICTs can enhance government services by creating efficiencies and reaching the population in remote areas. o E-government can stimulate the development of ICTs and telecommunication infrastructure in DCs. o But for this to happen, decision-makers and users must have confidence in the use of this new channel for the delivery of government services.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 25 Thank You for Your Attention For further information Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.