pki industry growth in bangladesh
TRANSCRIPT
PKI Industry Growth in Bangladesh
Al Faruq Ibna Nazim
Computer Services Ltd.
AGENDA
• PKI Glossary
• PKI Necessity
• PKI Basics
• PKI Services
• PKI in Bangladesh
• PKI Business in Bangladesh
• Advantages of Local PKI
• Limitation
PKI GLOSSARY
• Public Key Crypto – key pairs used to encrypt/decrypt or sign/verify
• Certificate – a digital method of binding a key pair or pairs to a specific identity
• Certificate Authority – the system that securely creates the certificates
• Public Key Infrastructure – the whole system of creating, issuing, managing, utilizing and revoking certificates
PKI NECESSITY
Homer and Marge want to exchange data in a digital world.
There are Confidence and Trust Issues …
InternetIntranetExtranet
Homer Marge
PKI NECESSITY – CONFIDENCE & TRUST ISSUE
• In the Identity of an Individual or Application
AUTHENTICATION
• That the information will be kept Private
CONFIDENTIALITY
• That information cannot be Manipulated
INTEGRITY
• That information cannot be Disowned
NON-REPUDIATION
InternetIntranetExtranet
Homer Marge
PKI BASICS – OPERATION
Cryptography
It is the science of making the cost of acquiring or altering data greater than the potential value gained.
Cryptosystem
It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form.
Plaintext Encryption Decryption PlaintextCiphertext
Key KeyHello World &$*£(“!273 Hello World
PKI BASICS – ALGORITHM
All cryptosystems are based only on three Cryptographic Algorithms:
MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)
- Maps variable length plaintext into fixed length cipher text
- No key usage, computationally infeasible to recover the plaintext
SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
- Encrypt and decrypt messages by using the same Secret Key
PUBLIC KEY (DSA, RSA, …)
- Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)
PKI BASICS - Algorithms based on Private Key
Pros
• Efficient and fast Algorithm
• Simple model
- Provides Integrity, Confidentiality
Cons
• The same secret key must be shared by all the entities involved in the data exchange
• High risk
• It doesn’t scale (proliferation of secrets)
- No Authentication, Non-Repudiation
Plaintext Encryption Decryption PlaintextCiphertext
Private Key Private Key
PKI BASICS - Algorithms based on Public Key
Pros
• Private key is only known by the owner: less risk
• The algorithm ensures Integrity and Confidentiality by encrypting with the Receiver’s Public key
InternetIntranetExtranet
Homer Marge
Plaintext Encryption Decryption PlaintextCiphertext
Homer’s Public Key Marge’s Private Key
PKI BASICS - Algorithms based on Public Key
Pros
• The algorithm ensures Non-Repudiation by encrypting with the Sender’s Private key
InternetIntranetExtranet
Homer Marge
Plaintext Encryption Decryption PlaintextCiphertext
Homer’s Private Key Marge’s Public Key
PKI BASICS - Algorithms based on Public KeyCons
• Algorithms are 100 – 1000 times slower than secret key ones
They are initially used in an initial phase of communication and then secrets keys are generated to deal with encryptions
• How are Public keys made available to the other people?
• There is still a problem of Authentication!!!
Who ensures that the owner of a key pair is really the person whose real life name is “Marge”?
InternetIntranetExtranet
Homer Marge
PKI BASICS – CERTIFICATE SIGNING & VERIFICATION
PKI SERVICES
• Secure Email – sign and/or encrypt messages
• Secure browsing – SSL – authentication and encryption
• Secure code – Authenticode
• Secure wireless – PEAP & EAP-TLS
• Secure documents – Rights Management
• Secure networks – segmentation via IPSEC, RPKI
• Secure files – Encrypted File System(EFS)
PKI IN BANGLADESH – ROOT CAPKI service is regulated by the government body as
Office of the Controller of Certifying Authorities (CCA)
www.cca.gov.bd
Objectives• Paperless Government Correspondence• e-Government• e-Procurement• e-Commerce• Electronic Document Signing• Internet Banking using digital signature• Device and Server Signing• Preventing Cyber Crimes
Activities• Controlling Activities of Certifying Authority (CA)• Issuing, suspending and repealing CA license according to ICT Act 2006
(Amendment 2013) and ICT (CA) Rules 2010.• Leading and Maintaining of Public Key Infrastructure (PKI) activities.• Making Rules, guideline and regulation for PKI and controlling its
standard.• Submitting investigation report before the Cyber Tribunal after
investigating Cyber crimes under ICT Act, 2006. • Constituting Audit firm for auditing IT.• Prescribing rate of Digital Signature Certificate according to IT (CA)
rules, 2010.
PKI IN BANGLADESH – MODEL
Issued by Sub-CA
Issued by Licensed CA
Accredited by CCA
Office of the CCA Root CA
Licensed CAs (Public/Private)
Sub CA
(Internal/External)
Subscribers
PKI IN BANGLADESH – Licensed CAs
Mango Teleservices Ltd. (www.mangoca.com)
Dohatec New Media. (www.dohatec-ca.com.bd)
Data Edge Ltd. (www.dataedgeid.com)
Banglaphone Ltd. (www.banglaphone.net.bd)
Computer Services Ltd. (www.ca.computerservicesltd.com)
Bangladesh Computer Council. (www.bcc.gov.bd)
PKI BUSINESS IN BANGLADESH
PKI BUSINESS IN BANGLADESH
Service Provided:
• SSL certificate for TT service & Foreign Remittance
• Class 2 certificates
Purpose:
• Multifactor login from a dedicated system of distant branch. Secure communication channel between server & branch.
PKI BUSINESS IN BANGLADESH
Service Provided:
• SSL certificate
Purpose:
• To Secure communication channel between server & client.
PKI BUSINESS IN BANGLADESH
Service Provided:
• SSL certificate
Purpose:
• Secure communication channel between server & client.
PKI BUSINESS IN BANGLADESH
Service Provided:
• Class 2 certificates
Purpose
• Secure communication among 4 personnel of finance team.
PKI BUSINESS IN BANGLADESH
Service Provided:
• Class 1 certificate
• Class 2 certificate
• Class 3 certificate
Purpose:
• Issuing digitally signed registration cards & admit cards.
PKI BUSINESS IN BANGLADESH
Service Provided:
• Class 2 certificate
• Cryptographic hardware token
Purpose:
• Document authorization, to use in e-file management system.
PKI BUSINESS IN BANGLADESH
Service Provided:
• Class 2 certificate
• SSL certificate
• Cryptographic hardware token
Purpose:
• Send & receive encrypted document within a secure channel.
PKI BUSINESS IN BANGLADESH
Service Provide:
Class 2 certificate
SSL Certificate for JBGC
Cryptographic hardware token
Purpose:
Document authorization & secure communication channel between server & client.
PKI BUSINESS IN BANGLADESH
ADVANTAGES OF LOCAL PKI
• Local regulatory authorized.
• Local law governed for legal assistance.
• Accountability for service.
• Local currency exchange and remittance.
• Regulatory earning for government.
LIMITATION
The only limitation so far is Bangladesh is not recognized internationally to PKI registry.
Internet Explorer, Chrome, Firefox, Opera etc. browsers recognition is required.
International PKI forum association is required.
CONCLUSION
• For such technology progressive country we need data transaction security & authenticity.
• For such services regulatory observation is highly required.
• Accountability for local organizations will allow client trust & flexibility.
• Local financial transaction will allow local revenue earning & government revenue.
Gratitude Declaration
Computer Services Ltd.Data Edge Ltd.Controller of Certifying Authority