egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

Similar documents
CIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1

CIS-331 Fall 2013 Exam 1 Name: Total of 120 Points Version 1

CIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1

4. Specifications and Additional Information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Acquirer JCB EMV Test Card Set

CIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1

Triple DES and AES 192/256 Implementation Notes

Gateway Ascii Command Protocol

The cache is 4-way set associative, with 4-byte blocks, and 16 total lines

Key Management and Distribution

CIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1

Chapter 9: Key Management

Overview. SSL Cryptography Overview CHAPTER 1

PKI Credentialing Handbook

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Acquirer JCB Dual Interface EMV Test Card Set

CIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1

Scan Results - ( Essentials - Onsharp )

ZN-DN312XE-M Quick User Guide

APPLESHARE PC UPDATE INTERNATIONAL SUPPORT IN APPLESHARE PC

Key Management and Distribution

The Match On Card Technology

First Data DCC Test Card Set. Version 1.30

First Data Dual Interface EMV Test Card Set. Version 1.20

CIS-331 Final Exam Spring 2015 Total of 115 Points. Version 1

First Data EMV Test Card Set. Version 1.30

Certificate. Certificate number: Certified by EY CertifyPoint since: July 10, 2018

CSE 565 Computer Security Fall 2018

How to Digital Sign a PDF document With Nexus Personal software

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

First Data EMV Test Card Set. Version 2.00

Fundamentals of Cryptography

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:

Digital Certificates Demystified

Cryptography and Network Security Chapter 14

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Dissecting NIST Digital Identity Guidelines

Stream Ciphers and Block Ciphers

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

DECISION OF THE EUROPEAN CENTRAL BANK

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Diffie-Hellman. Part 1 Cryptography 136

TLS 1.2 Protocol Execution Transcript

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

CT30A8800 Secured communications

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

External Supplier Control Obligations. Cyber Security

Digital Lighting Systems, Inc.

Comodo Certificate Manager

ECHO Process Instrumentation, Inc. Modbus RS485 Module. Operating Instructions. Version 1.0 June 2010

Enhanced Play Fair Cipher

CERN Certification Authority

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Pass, No Record: An Android Password Manager

Configuring SSL CHAPTER

Certification Authority

QUALIFYING ATTESTATION LETTER

CPSC 467b: Cryptography and Computer Security

July Registration of a Cyrillic Character Set. Status of this Memo

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

ECA Trusted Agent Handbook

CS 425 / ECE 428 Distributed Systems Fall 2017

Measuring Authentication: NIST and Vectors of Trust

UELMA Exploring Authentication Options Nov 4, 2011

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

DBK24. Isolated Digital Output Chassis. Overview

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Most Common Security Threats (cont.)

CERTIFICATE POLICY CIGNA PKI Certificates

But where'd that extra "s" come from, and what does it mean?

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Configuring SSL. SSL Overview CHAPTER

About & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017

WHITEPAPER. Vulnerability Analysis of Certificate Validation Systems

WHITE PAPER. Secure communication. - Security functions of i-pro system s

PROVING WHO YOU ARE TLS & THE PKI

What is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Information Security CS 526

Intel and Symantec: Improving performance, security, manageability and data protection

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Lecture Notes 14 : Public-Key Infrastructure

Public Key Infrastructure

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

6. Specifications & Additional Information

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Security Digital Certificate Manager

Public-Key Infrastructure NETS E2008

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Digital Lighting Systems, Inc. CD400-DMX DMX512 Four Channel Dimmer and Switch module

6.1 Combinational Circuits. George Boole ( ) Claude Shannon ( )

IBM. Security Digital Certificate Manager. IBM i 7.1

AIT 682: Network and Systems Security

CDR File Information. Comments Direct PCM

Transcription:

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index

National ID & Digital Signature Estonian Prime Minister Andrus Ansip signs an e-services agreement. (Estonian government) Estonia and Finland become first in the world to digitally sign international agreement December 10 2013 Japanese Prime Minister becomes Estonian e-resident Announced April 9 2015 Japan is the first large country who is going to implement a digital personal identification card, following Estonia s example Announced October 23 2015 Page 3

Information needs of Gov Services (and almost every business) Information Availability Make Information available for designated users Receive Information Allow Citizens and business to provide information (Fill forms), request and apply for services and perform transactions Processing and Decisions Data Integrity Allow employees and decision makers to process the requests and transactions, and record their decisions proofs to hold citizens, employees and decision makers accountable for the information they provide and the transactions they perform Protect the integrity of information from tampering both in motion and at rest Authorized Access Allow information access to authorized citizens and employees and deny access to anyone else Unified Identity Allow Citizens to use a unified way to prove their identities for various government organizations Data Exchange Exchange data between organizations Page 4

Ministry 2 Ministry 1 Manual paper based services Information Availability Authorized Access Document Verification Decisions Process requests Request a Service Provide Information Data Exchange Unified Identity Page 5

Ministry 2 Ministry 1 Business Transformation Information Availability Authorized Access Validation Decisions Process requests Request a Service Provide Information Data Exchange Page 6

Is it likely to be under Cyber Attack? 100% 317M 1.36M New Malware created in a year According to Symantec Business networks generate malicious traffic According to Cisco Records stolen every day 31% from Government According to Gemalto Page 7

How to respond to information security threats? Many techniques, protocols, mechanisms and products beyond the presentation scope Public key Infrastructure (PKI) utilization is a common factor in most if not all information security solutions - SSL/TLS certificates, SSH, IPSEC, S/MIME - epassport - Code signing - PAdES for PDF digital signature - XAdES for XML digital signature Page 8

PKI Overview What s PKI? PKI Definition - An approach for protecting data - A set of hardware, software, technical mechanisms, people, policies and procedures that collectively provide a framework for addressing the fundamentals of security PKI Role - The cornerstone in information security - Establishes the trust in electronic data and communication PKI basic capabilities - Protecting data confidentiality (encryption) without the need to have a shared secret - Assurance of data authenticity i.e. data source and data integrity Page 9

PKI Fundamentals Key Pair Correlated Randomly Generated Public Key and Private Key - Private Key: - Confidential value not known to anyone - Protected by machine/device and can be only used by its owner - In case of compromise, must be reported immediately to revoke the trust - Public Key: - Not a secret - Shared and published Digital Certificate - Contains the Public Key but not the Private Key - Proof of the certificate holder by a trusted issuing authority - Contains identification attributes of the certificate holder and the issuing authority - Has an expiration date and can be revoked even before its expiration PKI Cryptographic operations - Certificate holder (Private Key): Digital Signature, Decryption - Others (Public key): Verify Digital Signature, Encrypt Page 10

Public Key and Private Key 30 82 01 0a 02 82 01 01 00 84 06 52 99 26 9d a6 ad ab 44 f9 3f 43 e1 41 b3 c8 96 ba 8f 38 88 0c 1f c4 8b db 8a 19 0f a9 5e 40 3c fa ea 2c b9 8a 2e 22 fd 09 34 fa fb 07 51 6e 19 cd 9c 98 bd c1 5e 24 91 2f 60 e4 04 f1 55 f4 75 3e 0a 73 1b b2 1e 7b 43 fe 5b 1b b1 8b 30 6f 6b ac 6c 8f 23 58 a0 c5 0e 55 2f ac c7 ae ba bb b9 b8 80 3c 6d ed 9c ed a9 e9 aa 9d 3a 47 45 1b ba 54 58 1a 7b 81 0b 9f 2d 95 12 52 f1 86 9e d1 dd fa 34 86 81 c0 63 50 26 33 b1 53 66 b9 2d d7 b6 0c 4a bd 28 19 2a 40 6f e6 75 1e 22 fc 18 44 2e 38 99 34 7e ea 80 33 a2 09 e7 a3 5b 35 28 e5 4c 9b f9 6a c3 85 30 1f eb 88 fd e3 d9 04 c1 92 4e 31 65 ec c2 dc 79 4a 5f bc 6b 76 f2 5f e1 4f 09 1d 38 4e 92 32 4a ce c8 7e 73 33 91 e0 4f c0 98 c8 72 1b 5d 06 ee 8b 18 bc d5 1f b1 8e 05 23 ff c6 62 5c 4f 3e d8 19 ce 9e 8a 0e 00 c8 97 02 03 01 00 01 ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## Page 11

How does the certificate look like Page 12

PKI Trust Hierarchy Overview Page 13

Kuwait PKI Trust Hierarchy Kuwait National Root CA Government Root CA Private Root CA Oil Sector Root CA MOF CA PAI CA Diyar United CA ABC Co CA KOC CA KNPC CA Page 14

Why should we trust the root anyway? Page 15

PKI Benefits Email Signature Document Signing Logical Access & VPN SSO Email Encryption File Encryption Secure Web Identity Revocation Page 16

Sample Applications Page 17

Ministry 2 Ministry 1 PKI & Government eservices Information Availability Authorized Access Validation Decisions Process requests Request a Service Fill Information Page 18

Why PKI is essential for Smart Governments? Security is a chain. It s as strong as the weakest link Smart Government is Citizen Centric Information is the most valuable asset PKI is used to protect the systems that serves the citizens and manages the Information Assets It s logical to protect as well user identities and information assets PKI is InfoSec Cornerstone User centric egov Information is the most valuable asset Use PKI to protect user identity and information Page 19

Common questions about PKI If there is a certificate, Should we trust the identity? - The certificate is only trusted if its issuer is trusted - Certificate revocation status must be checked To build a trusted PKI, we need secure PKI HW and SW. Anything else? - A trusted PKI requires as well trustworthy and knowledgeable people, policies, procedures, physical and logical security controls We have a trusted PKI system, Are we secure? - A trusted PKI system provides trusted certificates. It s the well designed and correctly implemented utilization of the certificates to address a specific security threat that adds protection against this specific threat PKI based security is unbreakable. Isn t it? - It s always a race between attackers and defense systems. It s crucial to keep up to date to remain ahead of attackers. - Sometimes, vulnerabilities arise from mistakes in implementing systems that use PKI certificates. It s crucial to remain alert and apply patches and fixes as soon as they are available Does PKI = Smart Card? - A smart card with cryptographic capabilities is one of the secure options to host PKI keys. There are other options If someone gets access to my certificate, can he/she use it to digitally sign documents under my name? - The certificate doesn t contain the Private Key. The signing process requires the possession of the Private Key. The certificate itself is not a secret and it s shared with others to be able to verify the digital signature you create using your Private Key Page 20

Page 21 Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback