technology comesainstrument id trust etransactions datasec

8/12/2019 Technology COMESAInstrument Id Trust Etransactions DataSec

1/18

COMESA Meeting/2 ND ICT SUMMUT ON Cyber Security25 th 28 th Nov 2013 Safari Park Hotel, NAIROBI, KENYA

STUDY: PKI for CIIPCOMESA Member states Preparedness

PKI Technology identity, trustetransaction, data security

MOTSIM ABUSIN


2/18

WHAT IS PKI?A 1000 feet view

Public Key Infrastructure (PKI) is a term to describe:

Legal and Technical Framework , made of policies, procedures, standards,Hardware and software. PKI can be used to Control , Regulate &

Secure information Exchange , and Transactions and to ProtectCritical Informational Infrastructure .

PKI relies on two small elements known as the Public and Private Keys that areused in conjunction with cryptography software and hardware.


3/18

PKI TECHNOLOGY AND APPLICATIONS

PKI BASICS

Do you know Alice and Bob


4/18

ALICE AND BOB Alice and Bob could be persons, websites, servers, valves control switch, pump

pressure gage, or any other subject.

To use PKI, Bob and Alice each has a digital certificate [made of a private & Public Key].

Each uses the others public key to send him/it an encrypted message. And uses his private key to sign the message. Signature is a hash made of the message content encrypted with the senders private key.

The recipient uses his private key to decrypt the message. Senders public key to verify the senders signature and integrity of the message.


5/18

ENROLLMENTHow to obtain a digital certificate.

Same process, different subjects and relying parties


6/18


7/18

USEWhere to use digital certificates?

different ways, different goals, same concept


8/18

POTENTIAL USES

OF PKI COMESA


9/18


10/18

Internet identity and Trust Ultimate Goal in Implementing a

PKI Project.Help organization's members obtain digital IDs and become part of a

trust network


11/18

Ultimate business and technical goal for any public PKI setup is to publish its root certificate in publicly available browsers.


12/18

Government Primary Root

CA

Gov Int CA1Ministry of

Finance

Gov Int CA11

Tax filing

Gov Int CA12

Pension Funds

Gov Int CA2Ministry of

Interior

Gov Int CA21National ID

Gov Int CA21Employees

Gov Int CA2Forign Affairs

Model for Government CA Hierarchy


13/18

Consideration of the PKI regulations andinstruments developed

Challenges countries might when trying to publish their certificates to the browsers certificate stores. $$$$$

COMESA countries are encouraged to share one published RCA, otherwise countries might need to publish their own RCA.

Alternatives to publishing are available to discuss as well. However it is a challenge with SSL certificates in particular.


14/18

COMESA ROOT CA CONCEPTUAL MODEL


15/18

Digital Investigation Initiated:Environment where the crime took place .

Is the environment equipped to keep logs and track incidents? How well equipped ? Is the environment still valid to use to collect evidence? Is it monitored by a passive system? PKI?

Digital Crime

Occurs

Evidence collection:1 What constitues an

evidence?

2 How to preserve it

Present evidence to the

court of law:Why should court accepts

or rejects it?

The right PKI deployment should help governments fight digital crime by being able to provide the proper evidence that is acceptable in the court of law.


16/18

The right PKI platform and partner selection enables governments to:

1. Comply with standards.

2. Protect their investments in PKI.

3. Scale the platform as their needs grow.

4. Consolidate all identity programs to use a single PKI platform.


17/18

Cont. The right PKI platform and partner selection enables governments to:

5. Tap into a broad ecosystem of supporting technology vendors and integrators.

6. Support non government organizations PKI efforts.

7. Minimize the costs of PKI deployment.


18/18

Comments, questions?Motsim [email protected]+97455083920

technology comesainstrument id trust etransactions datasec

Documents