Upload
ict-authority
View
220
Download
0
Embed Size (px)
Citation preview
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
1/18
COMESA Meeting/2 ND ICT SUMMUT ON Cyber Security25 th 28 th Nov 2013 Safari Park Hotel, NAIROBI, KENYA
STUDY: PKI for CIIPCOMESA Member states Preparedness
PKI Technology identity, trustetransaction, data security
MOTSIM ABUSIN
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
2/18
WHAT IS PKI?A 1000 feet view
Public Key Infrastructure (PKI) is a term to describe:
Legal and Technical Framework , made of policies, procedures, standards,Hardware and software. PKI can be used to Control , Regulate &
Secure information Exchange , and Transactions and to ProtectCritical Informational Infrastructure .
PKI relies on two small elements known as the Public and Private Keys that areused in conjunction with cryptography software and hardware.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
3/18
PKI TECHNOLOGY AND APPLICATIONS
PKI BASICS
Do you know Alice and Bob
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
4/18
ALICE AND BOB Alice and Bob could be persons, websites, servers, valves control switch, pump
pressure gage, or any other subject.
To use PKI, Bob and Alice each has a digital certificate [made of a private & Public Key].
Each uses the others public key to send him/it an encrypted message. And uses his private key to sign the message. Signature is a hash made of the message content encrypted with the senders private key.
The recipient uses his private key to decrypt the message. Senders public key to verify the senders signature and integrity of the message.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
5/18
ENROLLMENTHow to obtain a digital certificate.
Same process, different subjects and relying parties
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
6/18
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
7/18
USEWhere to use digital certificates?
different ways, different goals, same concept
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
8/18
POTENTIAL USES
OF PKI COMESA
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
9/18
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
10/18
Internet identity and Trust Ultimate Goal in Implementing a
PKI Project.Help organization's members obtain digital IDs and become part of a
trust network
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
11/18
Ultimate business and technical goal for any public PKI setup is to publish its root certificate in publicly available browsers.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
12/18
Government Primary Root
CA
Gov Int CA1Ministry of
Finance
Gov Int CA11
Tax filing
Gov Int CA12
Pension Funds
Gov Int CA2Ministry of
Interior
Gov Int CA21National ID
Gov Int CA21Employees
Gov Int CA2Forign Affairs
Model for Government CA Hierarchy
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
13/18
Consideration of the PKI regulations andinstruments developed
Challenges countries might when trying to publish their certificates to the browsers certificate stores. $$$$$
COMESA countries are encouraged to share one published RCA, otherwise countries might need to publish their own RCA.
Alternatives to publishing are available to discuss as well. However it is a challenge with SSL certificates in particular.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
14/18
COMESA ROOT CA CONCEPTUAL MODEL
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
15/18
Digital Investigation Initiated:Environment where the crime took place .
Is the environment equipped to keep logs and track incidents? How well equipped ? Is the environment still valid to use to collect evidence? Is it monitored by a passive system? PKI?
Digital Crime
Occurs
Evidence collection:1 What constitues an
evidence?
2 How to preserve it
Present evidence to the
court of law:Why should court accepts
or rejects it?
The right PKI deployment should help governments fight digital crime by being able to provide the proper evidence that is acceptable in the court of law.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
16/18
The right PKI platform and partner selection enables governments to:
1. Comply with standards.
2. Protect their investments in PKI.
3. Scale the platform as their needs grow.
4. Consolidate all identity programs to use a single PKI platform.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
17/18
Cont. The right PKI platform and partner selection enables governments to:
5. Tap into a broad ecosystem of supporting technology vendors and integrators.
6. Support non government organizations PKI efforts.
7. Minimize the costs of PKI deployment.
8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec
18/18
Comments, questions?Motsim [email protected]+97455083920