1 Current Status of Japanese Government PKI Systems Yasuo Miyakawa+, Takashi Kurokawa, Akihiro Yamamura* and Yasushi Matsumoto+ * National Institute.

Slides:

Advertisements

Similar presentations

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

Lecture 23 Internet Authentication Applications

Auditing of a Certification Authority Patrick Cain, CISA, CISM The Cooper-Cain Group, Inc.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

The U.S. Federal PKI and the Federal Bridge Certification Authority

1 Memorandum for multi-domain PKI interoperability multidomain-pki-00.txt

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Public Key Infrastructure Ammar Hasayen ….

Facilitating Cross Border Trade and Commerce through Mutual Recognition of Digital Signatures/Certifying Authorities Controller of Certifying Authorities(CCA)

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

State of Implementation of ISIC and CPC Isaac K. Ndegwa KENYA NATIONAL BUREAU OF STATISTICS.

Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

CRYPTREC (Cryptography Research and Evaluation Committees) Office of IT Security Policy Ministry of Economy, Trade and Industry Japan.

1 UNECE Capacity Building Workshop on Trade Facilitation Implementation: October 2004 Electronic PostMark (EPM) Security & Authentication for eTrade Documents.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Welcome to the Introduction of Digital Signature Submitted By: Ankit Saxena.

Jimmy C. Tseng Assistant Professor of Electronic Commerce

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.

Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Copyright 東京工業大学大山永昭 C Introduction of new ID number and my portal for checking access logs NICSS: Next generation IC card System Study group Tokyo Institute.

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

TAG Presentation 18th May 2004 Paul Butler

Cryptography and Network Security

TAG Presentation 18th May 2004 Paul Butler

Organized by governmental sector (National Institute　of information )

S/MIME T ANANDHAN.

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

Technical Approach Chris Louden Enspier

Session 1.6a: PRESENTATION

Presentation transcript:

1 Current Status of Japanese Government PKI Systems Yasuo Miyakawa*+, Takashi Kurokawa*, Akihiro Yamamura* and Yasushi Matsumoto+ * National Institute of Information and Communications Technology (NICT), Japan + Information-technology Promotion Agency (IPA), Japan

2 Background There are many e-Government projects around the world Also in Japan –As the main system, Government PKI system was constructed –In about 2000 There may have been similar projects in other countries in those days

3 Abstract 2 characteristics: –I. Bridge Model –II. Signature & non-repudiation centric Current Status

4 Overview Current Status I. Bridge Model 2. Signature & non- repudiation centric Efforts on Interoperability CRYPTREC: “e-Government Recommended Ciphers List” 1. Optimization 2. + Entity Authentication 4. Revise Signature Law 3. Movement in Cryptographic analysis research 5. Migration Plan * Level of Assurance * CP (domain policy) * Smart card data format

5 Our Standpoint We have not assumed the responsibility about the design of Government PKI systems - very complicated systems But, we had been consulted by the contractors, system integrators, and ministries Although it was managed to operate up to now… It will not be easy to cope with …

6 I. Before talking about Bridge CA Model Ministry A Ministry B Our PKI system Our PKI System Vertically Divided Administration –Ministries should have dealt equally No superior –Ministries wished to have flexibility

7 I. Trust Model of Government PKI Systems in Japan

8 PKI System Owners Subject of Certificates Respective Ministry Bridge CAOther CAs GPKI National government employee MIC Administrative Management Bureau MIC Administrative Management Bureau Ministries LGPKI Local government employee MIC Local Administration Bureau LGWAN Administration Council Prefectures JPKI CitizensJPKI Prefectures Council

9 Vertically Divided Administration again Prefectures should be treated equally No superior –Bridge Model is adopted –Actually, identical CPSs and CPs

10 Our efforts regarding Bridge Model In 2002 –There was not Trust Status List Test-suite for Japanese government PKI software –Testing datum for path validation over Bridge CA –IPA’s Contractor

11 Our efforts regarding Bridge Model IETF Internet-Draft: Guidance –“Memorandum for multi-domain Public Key Infrastructure Interoperability” Already cleared – RFC will be published soon multidomain-pki-13.txthttp:// multidomain-pki-13.txt Practical factors –e.g.: ‘Domain Policy Object Identifier’ –Certificate Policy as Domain Policy

12 II. Signature & non-repudiation centric The majority of certificates are for Non- repudiation –keyUsage bit: set in US style –CP: not well utilized, no confusion ? ACT ON ELECTRONIC SIGNATURES AND CERTIFICATION BUSINESS (2001) – With 2 Ministerial Ordinance Discussion has started to revise these legislation –To be explained later

13 FYI: CRYPTREC Cryptography Research and Evaluation Committees – –Cryptographic Technique Monitoring Subcommittee “e-Government Recommended Ciphers List”

14 Recent Undertakings 1.Optimizing GPKI System 2.Concerns for Entity Authentication 3.Estimating the Improvement of Factoring Power 4.Revising ACT ON ELECTRONIC SIGNATURES AND CERTIFICATION BUSINESS and its Ministerial Ordinance 5.Migration Plan about Cryptography which is used in PKI Systems

15 1. Optimizing GPKI System Conducted by MIC Administrative Management Bureau –Planed in March, 2005 –To be completed in FY 2008 –From economic point of view Duplication in issuing function Managing operational practices may be centralized –Centralized CA for GPKI CAs: 14 -> 1 RAs will remain Several exceptions: –commercial register system’s CA

16 2. Concern for Entity Authentication Level of Assurance –Developing Guideline documents Citizen’s Smart Cards Format –Multiple credentials –Open specification is expected Certificate Policy (PKI domain Policy) –Risk to confuse: Signature non-repudiation Other purpose Written in RFC 5280 –MUST be distinguished

17 3. Movement in Cryptographic analysis research Estimating GNFS sieving steps

18 3. Movement in Cryptographic analysis research Estimating collision of SHA-1

19 4. Revising ACT ON ELECTRONIC SIGNATURES AND CERTIFICATION BUSINESS and its Ministerial Ordinance Under discussion We are supporting Technical issues Technical issues are not dealt widely yet Administrative Scheme issue Certifying procedure ： heavy ! CA’s business issue Promotion etc. Technical issues Spend most of the time on Cryptographic issue Dealt independently

20 4. Status of the discussion Technical issue –Based on certifying conforming CAs –As a requirement for certified CA: cryptographic issue is included Although it was the main topic in the first stage… There are many other technical issues Need to get understood by lawyers

21 4. To be discussed Preventing misrecognition on Section 10 –Often considered as Prohibition of other business Serious effect on CA’s business Can be solved by CP description Confusion: signature on certificates vs. signature on digital documents –different level of Risks Actually, Not well utilized –Signature is for Authority person and Professionals

22 5. Migration Plan about Cryptography which is used in PKI Systems RSA-1024 and SHA-1 May be Internationally common issue How we can deal this issue? –Application level discussion may be different from Primitive level discussion –Multi level of risks –Roadmap / Procedure

23 Conclusion Bridge Model may be the typical trust model for national level PKI systems –Efforts to keep interoperability is required Additional system requirements –Which have not supposed before 2000 –Not only Signature & non-repudiation –Should be put into design consistently Thank you