Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITU Telecommunication Development Bureau (BDT)

Published byKari Askeland Modified over 5 years ago

Similar presentations

Presentation on theme: "ITU Telecommunication Development Bureau (BDT)"— Presentation transcript:

1 ITU Telecommunication Development Bureau (BDT)
Strategies and Technologies for Building Trust and Security in e-Applications ITU/BDT Arab Regional Workshop on “e-Services Policies” Damascus, Syria April 2004 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau (BDT)

2 Agenda for Presentation
Main Security Threats Technology Framework Industry Solutions Technology Strategies

3 Typical transaction-based e-government infrastructure But how do we get governments, businesses and citizens to conduct critical government transactions online? When we examine various security solutions, it is clear that if we have to address authentication, confidentiality, data integrity and non-repudiation, agreed by most experts as key requirements for cyber security, we must look at technologies that address all these issues. Without wagging a technology war, public key infrastructure appears to address cyber security in a comprehensive manner.

4 Receiving online submissions to renew national identity cards.
As many countries embark on the e-government bandwagon, governments, citizens and businesses are asking many questions – Can we trust these systems? Receiving online submissions to renew national identity cards. G: Am I dealing with the owner of the identity card? C: How do I know this really a government web site? Submitting confidential bids for government procurements. G: Is the bid from a registered company? B: Can my competitors see my bid? Transmitting sensitive government documents online. G: Can an unauthorized person view the document? G: How can access control be ensured?

5 Issuing birth certificates and land certificates via the Internet.
As many countries embark on the e-government bandwagon, governments, citizens and businesses are asking many questions – Can we trust these systems? Issuing birth certificates and land certificates via the Internet. G: Can a citizen modify his or her date of birth? G: What if a citizen changes and size of his or her land? Conducting elections via the Internet – e-voting C: Can someone know whom I voted for? G: How do we guarantee that a citizen votes only once? G: Is this vote from a registered voter?

6 It is all about TRUST Having firm integrity in something or somebody
An entity A, can be said to trust another entity B when A makes the assumption that B will behave exactly as A expects. And knowing whom you are dealing with vital for building trust.

7 Strong Authentication Non-repudiation Infrastructure of trust
Technology Framework for Online Trust and Security for Critical Government Applications Data Confidentiality Information accessed only by those authorized. Data Integrity No information added, changed, or taken out. Strong Authentication Parties are who they pretend to be. Non-repudiation Originator cannot deny origin or transaction. Infrastructure of trust Automating the checking and verification of digital credentials. We see here some of the solutions provided by PKI

8 Used to determine if document has changed.
Technology Framework for Online Trust 1. Data Integrity Message Digest Digest Plaintext 160, 256, 384 or 512 bit representation of document Hash Algorithm Used to determine if document has changed. Currently based on FIPS approved algorithms (SHA-1, SHA-256, SHA-384 and SHA-512). Produces 160, 256, 284 or 512 bit “digests”. Infeasible to produce a document matching a digest A one bit change in the document affects about half the bits in the digest.

9 Same key is used to both encrypt and decrypt data
Technology Framework for Online Trust 2. Data Confidentiality  Symmetric Encryption system Same key is used to both encrypt and decrypt data Examples of encryption systems: DES, 3DES, RC2, RC4, RC5, RC6, AES DES: Data Encryption Standard, US Gov 1977, developed at IBM now being replaced by NIST approved AES Rijndael encryption algorithm for Symmetric Encryption.

10 Recipient’s Public Key Recipient’s Private Key
Technology Framework for Online Trust Key Exchange  Public Key Encryption System Recipient’s Public Key Recipient’s Private Key Each user has 2 keys: what one key encrypts, only the other key in the pair can decrypt. Public key can be sent in the open. Private key is never transmitted or shared.

11 Technology Framework for Online Trust Non-Repudiation  Digital Signature
Signer’s Private Key Encrypted Digest Digest Signed Document Hash Algorithm

12 Technology Framework for Online Trust Digital Envelope
One time encryption Key “Digital Envelope” Recipient’s Public Key Combines the high speed of symmetric encryption and the key management convenience of RSA (public key encryption)

13 Technology Framework for Online Trust Establishing Digital Credentials Digital Certificates
ITU-T X.509 creates the framework for establishing digital identities – A key component for establishing security and trust for ICT applications in public networks (such as the Internet)

14 Industry Solutions for Online Trust and Security
When we examine various security solutions, it is clear that if we have to address authentication, confidentiality, data integrity and non-repudiation, agreed by most experts as key requirements for cyber security, we must look at technologies that address all these issues. Without wagging a technology war, public key infrastructure appears to address cyber security in a comprehensive manner.

15 Why Public Key Infrastructure (PKI)?
It’s Not about waging a technology war. The Issue is about providing comprehensive solutions. UNPAN - highly rated e-government countries have PKI as an important component of their e-government policy. PKI is not just about technologies. It is in most part policies.

16 Digital Signature Guarantees:
Integrity of document One bit change in document changes the digest Authentication of sender Signer’s public key decrypts digest sent and decrypted digest matches computed digest Non-repudiation Only signer’s private key can encrypt digest that is decrypted by his/her public key and matches the computed digest. Non-repudiation prevents reneging on an agreement by denying a transaction.

17 Building Online Trust For E-Government Digital Signature – Issues and Challenges
Acceptance of Digital Signatures Across Multi-Jurisdictional PKI Domains (National, Regional and Global). Adopting Policies for Generic Identity Certificates (PKI) and Attribute Certificates (PMI). Elaborating Harmonized and Technology Neutral E-Legislative Framework and Enforcement Mechanisms. Using identity management as a strategy for building trust and Confidence also raises some challenges. There are policy and Technology level interoperability. We need to clearly distinguish the roles Played by Attribute Authorities versus Certification Authorities and the Link between generic identities versus privileges. Governments have an Important role to play as they do today, in establishing national Ids and Passports used by citizens to acquire other privileges.

18 Strategy for E-Signatures and CAs Online Trust and Security for e-Government Needs to be part of a comprehensive policy framework dealing with e-applications/services A role-based and holistic framework for cyber security Will enable the elaboration of comprehensive policies and the Development of a generic security infrastructure on which various sectors can build secure applications and services. Cyber security Is a concern for all sectors. The common requirements for these Sectors have to be identified and addressed and the roles to be played By the various stakeholders including governments and other authorities Have to be well-defined.

19 What could be the Role of Governments?
National/Regional Policies for the Management of IP Resources. Internet Protocol Addresses Domain Names (under ccTLDs) Enabling Environment for E-Applications. Accreditation of Certification Authorities Control and Enforcement Mechanisms (e.g., Spam,Spim and Data privacy). Central Role in Generic Digital Credentials. Harmonized Regional Framework E-Legislation Governments can and should play an important role in cyber security. Policies for the managements of Internet Protocol Addresses and country code Top Level Domain names need to be elaborated at the national and regional levels. The national framework for the management of digital identities need to be established to enable a clear definition of roles and proper management of identities. Governments, today, are already responsible for issuing identities (passports and national Ids). In the e-society, this role needs to be maintained so that identity managements becomes a horizontal service for various vertical sectors.

20 For e-government to move from simple web-based information dissemination systems to transaction-based services for critical applications, citizens, governments and businesses must all have TRUST in the solutions. When we examine various security solutions, it is clear that if we have to address authentication, confidentiality, data integrity and non-repudiation, agreed by most experts as key requirements for cyber security, we must look at technologies that address all these issues. Without wagging a technology war, public key infrastructure appears to address cyber security in a comprehensive manner.

21 For further information:
Thank You for your attention For further information: Web:

Download ppt "ITU Telecommunication Development Bureau (BDT)"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
© 1998-2004 ITU Telecommunication Development Bureau (BDT) – E-Strategies Unit.. Page - 1 Building Trust and Security for E-government Dubai, United Arab.

© ITU Telecommunication Development Bureau (BDT) – E-Strategies Unit.. Page - 1 Building Trust and Security for E-government Dubai, United Arab.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Similar presentations

Ads by Google