Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application

A vision on a national Electronic A vision on a national Electronic Authentication InfrastructureAuthentication Infrastructure

MINISTRY OF INFORMATION AND COMMUNICATIONSSymposium on buiding an Electronic Authentication Infrastructure for the deployment of online public services and administration reform

NCDSANCDSA

ROOTCA

2

Introduction of an effort of Viet Nam in building a nation-wide infrastructure for effectively securing electronic transactions

Agenda 1. Introduction2. Electronic transactions trend3. Business requirements for an electronic

Authentication Framework4. Outline an Electronic Authentication system5. Conclusion

AgendaAgenda

NCDSANCDSA

ROOTCA

3

Demand for electronic Demand for electronic transactionstransactions

Increasing trend of electronic transactions Communication channel between state agencies and society E-commerce and commercial support activitiesInternational agreements

Effort of Viet Nam in e-government developmentVietnam’s rank in terms of the e-gov readiness index improvedE-government: …where Internet and related technologies has the potential to transform the structures and operation of government (UN). Transactions between the administration and its citizens, private sector going to be online

NCDSANCDSA

ROOTCA

4

The information security requirements for electronic transactions

Confidential/PrivacyAuthenticationIntegrityNon-repudiation

Without information security measures: PAIN

Modern ways to secure electronic transactions

Information security for electronic transactions

NCDSANCDSA

ROOTCA

5

Some major PKI projects: Toward e-government development

Ongoing PKI projectsE-Tax, E-custom: MOFE-Banking: VSBE-Certificate of Origin, Chemistry registration: MOITE-Intellectual Property: MOSTE-Procurement: MPI

Others projects in the IT application plan 2010Integrated E-mail systemDocument sharing

NCDSANCDSA

ROOTCA

6

Multi Factor Tokenc

Very High

High

Average

StandardLow

A mouse click

Knowledge- based

Pin/Password

-

PKI

Cost

Level of authentication

Levels of Authentication

Information security requirement: case by case

High: Payment in a commercial dealLow: Transportation fee paymentBanking electronic transactionsc

Not every transaction requires all PKI properties

The common requirement is authenticationCriteria to select appropriate measures

NCDSANCDSA

ROOTCA

7

Lesson from abroad

The reference countries USAAustraliaSingaporeOther countries

The concepts: Authentication principles and the mechanism to facilitate these principlesElectronic Authentication Framework (NeAF) and Infrastructure to facilitate the framework (NeAS)

NCDSANCDSA

ROOTCA

8

Toward a nation-wide electronic authentication framework

GoalsProtect investmentFacilitate simple solutions for applications encompassing authentication functionsEasy the technology upgrade

ScopeScope: Concentrate on the government activities

NCDSANCDSA

ROOTCA

9

NeAF: Project

In the framework of WB Project: Consultancy on a PKI scheme to support e-Government development and on a Proposal for the National e-Authentication Framework

With cooperation of leading international and regional Information security vendors

Tentative finish date: 2011

NCDSANCDSA

ROOTCA

10

NeAF: Project organization

Supporting team work leaded by NCDSA (AITA, MIC)

Our mission:Determine appropriate objectivesSupport and assistantTechnology and knowledge transfer (to action)Monitor the quality

NCDSANCDSA

ROOTCA

11

NeAF: Objectives

Develop a proposal for the national e-Authentication framework that consists of:

Principles and methodologiesTechnologies, policies, procedures, and assessment framework for electronic transactions in e-Government development and socio-economic development. Architecture, main technical specification of authentication service components, and their interface specifications.

Develop the capacity to build up expertise for e-Authentication.

NCDSANCDSA

ROOTCA

12

NeAF: Issues

Manage the risks associated with the online transactions in the future e-Government of Vietnam and e-Commerce

Considering all authentication risk factorsHelp determine the appropriate authentication methods for each electronic transaction type

Deliver an outline design for the electronic authentication system based on the framework

For futute investment proposal

NCDSANCDSA

ROOTCA

13

NeAF: Reference

Address most issues that have occurred in authorizing electronic transactions in IT advanced countries

The reference countries are USA, Canada, Australia and Singapore.The international experience from the work being conducted under the STORK and PEPPOL projects relating to adoption of PKI in electronic IDs and public procurement processes in the EU will be specially interested in.

The designs’ reference countries are USA, Canada, and Australia.

NCDSANCDSA

ROOTCA

14

NeAF: Feature requirements

Main Issues for National e-Authentication Framework and electronic Authentication system

Risk ManagementSecurityPrivacyDisclosure RequirementsComplaints HandlingStandards

NCDSANCDSA

ROOTCA

15

NeAF: Feature requirements (cont.)

Main Issues for National e-Authentication Framework and electronic Authentication system

ScalabilityBalancePrinciplesAuthentication assurance levelsApproachCost- EffectivenessIntegration

NCDSANCDSA

ROOTCA

16

Implementation: Model and components

National Electronic Authentication System: Provide authentication services to agencies and public electronic transactions.Federated Authentication Model: With multiple types of credentials Components

Application Service Providers Credential Service Providers: Support 3rd partiesEnd Users

Authentication scenarioassertion-basedcertificate-based

NCDSANCDSA

ROOTCA

17

CSP(s)Ministry A

Website

Branh B

Portal

Operation Model of NecAS

User(s)

Select the level of authentication based on business requirements

Credential type A

Credential type B

NCDSANCDSA

ROOTCA

18

Provide user authentication services to state agencies’ public websites, focus on:

Key agencies Only administrative public services

Performance requirements for the 1st phase

Able to serve around concurrent 100 authentication requests.

Not every access needs authentication.

National Authentication Systems (Phase I)

NCDSANCDSA

ROOTCA

19

To extend in the future to cover all public services

Promote PPP

Extending capabilities and integrated technologies

Implement multiple types of credentialImproving performance

National Authentication Systems (Phase II)

NCDSANCDSA

ROOTCA

20

Conclusion

Data sharing requires information security and authentication

NeAF and NeAS help efficient development of e-gov applications that need authentication

Firm infrastructure invested by government and PPP are needed

Thank you very much!Thank you very much!Thank you very much!Thank you very much!National Centre of Digital Signature Authentication (AITA, MIC)E-mail: dinhkha@mic.gov.vn Tel: 0983 264 287