©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1

ICT and E-Business Strategies For Development

Geneva, 20-21 October 2003Building Trust and Confidence

For ICT Applications

Krastu MIRSKI

and

Alexander NTOKO

ITU Telecommunication Development Bureau (BDT)

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 2

Agenda for Presentation

1. Barriers to E-Applications2. Technology Framework3. Regional Initiatives4. ITU Activities/Initiatives

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 3

Growing Demand for Online Security

Problems for E-transaction/banking

3835

22 22

0

5

10

15

20

25

30

35

40

Replies 38 35 22 22

Information and network security

Infrastructure Banking system Others

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 4

Knowing whom you are dealing with is central to building online trust

“On the Internet, nobodyknows you’re a dog…”

Identification isthe Challenge

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 5

For Trust in E-Applications, We need at least the Following Features:

o Data Confidentiality• Information accessed only by those authorized

o Data Integrity• No information added, changed, or taken out

o Strong Authentication• Parties are who they pretend to be

o Non-repudiation• Originator cannot deny origin or transaction

o Infrastructure of trust• Automating the checking of identities

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 6

Certificate-Based Identity Verification/Management is a Vital Technology Component for Online Trust

ITU-T X.509 - A key component for establishing trust for e-applications in public networks (such as the Internet).Most B2C e-business solutions are built on HTTPS based on Server-side certificate authentication for security and trust.

Technology Framework - Digital Signature

Signer’s Private Key

SignedDocument

EncryptedDigestHash

Algorithm

Digest

Digital Signature techniques using encryption, message digest and digital certificates are important technology elements for online trust.

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 8

Digital Signature - Solutions

Guarantees:o Data Integrity for E-Application Transactions.o Data Confidentiality when Combined with

Encryption Algorithms.o Non-Replay in Combination with Content

Validation (Time Stamps).o Positive Authentication of Parties.o Content Non-repudiation or Non-deniability

for E-Application Transactions. (How to enforce anti-spam and data privacy laws?)

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 9

Digital Signature – Issues and Challenges

o Acceptance of Digital Signatures Across Multi-Jurisdictional PKI Domains.

o Adopting Policies for Generic Identity Certificates (PKI) and Attribute Certificates (PMI).

o Elaborating Harmonized and Technology Neutral E-Legislative Framework and Enforcement Mechanisms.

o CA-CA Inter-Domain Interoperability Across National Boundaries.

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 10

Strategy for E-Signatures and CAs Trust and Security for e-Business Needs part of a much broader and comprehensive policy framework dealing with e-applications/services

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 11

What could be the Role of Governments?

o National/Regional Policies for the Management of IP Resources.

• Internet Protocol Addresses

• Domain Names (under ccTLDs)

o Enabling Environment for E-Applications.• Accreditation of Certification Authorities

• Control and Enforcement Mechanisms (e.g., Spam, Data privacy).

• Central Role in Generic Digital Credentials.

• Harmonized Regional Framework E-Legislation

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 12

Recent ITU Activities in Europe& CIS Region within the E-Strategies Programme

o Sub-Regional Seminar for ICT Development for the Information Society in Uzbekistan – October 2003.

o Internet Symposium for Europe and CIS States in Russia – September 2003.

o E-agriculture project for a rural community in the Kyrgyz Republic – September 2003.

o National Seminar for E-Business Strategies for Azerbaijan – August 2003.

o E-Government projects in Bulgaria and Georgia using digital certificates, biometrics and public key infrastructure – August 2003.

o Secure E-business infrastructure WTC, Turkey – Q3 2002.

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 13

ITU Activities – Global View

©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 14

Thank You

for Your Attention

For further information:

Web: http://www.itu.int/ITU-D/e-strategy

Email: e-strategy@itu.int