1. Public Key Infrastructure[PKI] in Thailand by Rear Admiral Prasart Sribhadung

2. Rear Admiral Prasart Sribhadung Dean, Graduate School of Internet and E-Commerce, Assumption University President, Association of Thai Internet Indusdry (ATII) Advisor, Past Vice President Computer Association of Thailand Under the Patronage of H.M. the King (CAT) Advisor Thai Internet Service Provider Club (TISPC) Member, Internet Policy Sub Committee, NITC, Ministry of Science Member, Computer Terminology Committee, The Royal Institute Member, National Copyright Committee, Ministry of Commerce Chairman, Computer Software Copyright Promotion Subcommittee, Ministry of Commerce Member, Cyber Inspector, Ministry of Information and Communication Technology

3. Rear Admiral Prasart Sribhadung Former Managing Director A-Net Co. Ltd. Business Online Co. Ltd. Former Vice Chairman ANEW Corporation Former Director Naval Data Processing Center Former Lecturer Naval Academy (Operations Research and Computer Programming) Former Lecturer Naval Staff College (Operations Research) Former Lecturer NIDA and UTCC (Operations Research)

4. Public Key Infrastructure (PKI) The concept of public key infrastructure (PKI) enables you to bring strong authentication and privacy to the online world. By using public key cryptographic techniques and encryption algorithms, you can provide a means to identify users and ensure that no one but the intended recipients of data can have access to the data or any other network resources.

5. Public Key Infrastructure (PKI) PKI is a solution that includes technological, procedural, and personnel elements. The key technological elements of a PKI solution are the private key, public key, and certificate authority (which creates and oversees the digital certificate). The procedural elements are the security policies that govern the use of the technological elements. The personnel elements are the cultural requirements of the user community that uses the solution.

6. Public Key Infrastructure (PKI) The purpose of a PKI solution is to give a user a means of identifying himself in the electronic world. This is done through the use of asymmetric cryptographic techniques and the creation of digital certificates. A user utilizes a complex mathematic algorithm to create a public key and private key pair. The public key is distributed to anyone with whom he wants to establish secure communications. The private key is kept safely in the sole possession of the owner and is never disclose to anyone else.

7. Public Key Infrastructure (PKI) After a user have created a key pair, he needs to have his identity validated by a trusted third party which is known as the certificate authority (CA). He submits his public key to the CA and authorizes it to investigate him to prove his identity. After the CA has affirmed that the user is who he claims to be, it then adds its digital signature to the public key and adds information about the user to create an X.509 digital certificate PKI is the infrastructure required so that the utilization of Digital Signatures will be possible

8. PKI in Thailand PKI-related initiatives/projects in Thailand started in 1999 within the Government Information Technology Services (GITS) which operated as part of NECTEC to leverage the pool of manpower, expertise and other common infrastructures. Thai Digital ID Co.Ltd. The first CA in Thailand was established in 2000 and had its first key pair called “Root Key” generated on 4 th September 2000. CA service was available in April 2001. June 2001, ACERTs Co.Ltd was established as the second CA in Thailand with collaboration with Netrust Pte. Ltd. of Singapore and started its CA operation in Dec 2001.

9. PKI in Thailand GITS started test running CA service for government agencies in 2002. On 19 th August 2003, TOT Corporation Public Company establish a CA in collaboration with UniCERT of Baltimore USA.

10. IT Laws in Thailand The Ministry of Science, Technology and Environment proposed six new laws to develop IT infrastructure for Thailand and was approved by the cabinet in December 1988, they are: 1. Electronic Transactions Law 2. Electronic Signature Law 3. Universal Access Law 4. Computer Crime Law 5. Data Protection Law 6. Electronic Funds Transfer Law. The first two were combined into one and was proclaimed “Electronic Transaction Act B.E.2544” on 2 nd December 2001.

11. Digital (Electronic) Signature Electronic Transaction Act B.E.2544 Chapter 2, Section 26, stated that an electronic signature is considered to be a reliable electronic signature if it meets the following requirements: (1)The signature creation date are, within the context in which they are used, linked to the signatory and to no other person; (2)The signature creation date were, at the time of signing, under the control of the signatory and of no other person; (3)Any alteration to the electronic signature, made after the time of signing, is detectable; and (4)Where a purpose of legal requirement for a signature is to provide assurance as to the completeness and integrity of the information and any alteration made to that information after the time of signing is detectable. The provision of paragraph one does not limit that there is no other way to prove the reliability of an electronic signature of the adducing of the evidence of the non-reliability of an electronic signature.

12. PKI Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can: –Issue digital certificates –Issue crypto keys –Provide tools to use crypto to secure information –Provide verification and return of certificates

13. The Use of Public-Key Cryptosystems We can classify the use of Public-Key Cryptosystems into three categories: 1. Key Exchange: The two communicating partners cooperate to exchange a session key. Several approaches are possible, involving the private key(s) of one or both parties. 2. Digital Signature/Authentication: The sender “signs” a message by encrypting with his private key. That is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. 3. Confidentiality(Secrecy) The sender encrypts the plaintext message with the receiver’s public key and sends the ciphertext, then the receiver decrypts the ciphertext with his own private key to retrieve the plaintext message. (This is only possible for a small plaintext) Some algorithms covers all three applications, others can manage one or two of those applications.(see table 6.2, p.170)

14. Public Key Encryption If Alice wishes to send a confidential message to Bob, she uses Bob ’ s public key to encrypt the plaintext message, then sends the ciphertext to Bob When Bob receives the encrypted message, Bob decrypts the ciphertext with his private key, revealing the plaintext message from Alice

15. Public Key Encryption

16. Digital Signature An interesting thing happens when the asymmetric process is reversed, that is the private key is used to encrypt a short message The public key can be used to decrypt it, and the fact that the message was sent by the organization that owns the private key cannot be refuted This is known as nonrepudiation, which is the foundation of digital signatures Digital Signatures are encrypted messages that are independently verified by a central facility (registry) as authentic

17. Hybrid In practice, pure asymmetric key encryption is not widely used except in the area of certificates It is more often used in conjunction with symmetric key encryption creating a hybrid system Use the Diffie-Hellman Key Exchange method that uses asymmetric techniques to exchange symmetric keys to enable efficient, secure communications based on symmetric keys Diffie-Hellman provided the foundation for subsequent developments in public key encryption

18. Digital Signature

19. Digital (Electronic) Signature Electronic signature means letters, characters, numbers, sounds or any other symbols created in electronic form and affixed to a data message in order to establish the association between a person and a data message for the purpose of identifying the signatory who involves in such data message and showing that the signatory who involves in such data message and showing that the signatory approves the information contained in such data message.

20. Digital Signature PGP signatures look like this: ---- BEGIN PGP SIGNED MESSAGE---- Really Good Electronics - Chip Prices 1MB 2 CHIP 80 NS$20.25 1MB 2 CHIP 70 NS$20.75 1MB 8 CHIP 80 NS$18.70 1MB 8 CHIP 70 NS$19.60 1MB FX (Any speed)$16.80 For information, call 800-RAM-GOLD ----BEGIN PGP SIGNATURE---- iQCVAgUBLlgEEHD7CbCQPJJ1AQEMXgQAueUPPrpYeb13RZMPD4f8QmW+pQs/ay2P vrtD+kL0zz3LczxoK3XDdvRj1eRYviXYaJhvSt13cK7+D71no1mFHWv3DS7tBJzpG3hJ RUr6guRoekcYWXPR7OZhW9VTUHNoIG/OpK23HCatd9f+81TafeUc160k9/CMKj034 kZ1hz8= =jRLh ----END PGP SIGNATURE----

21. Signing a Digital Signature Unsigned plaintext document Digital signature applied by encryption with MD5/RSA sender’s private key Document with signature compressed Attached encrypted session key decrypted with receiver private key ASCII armor removed Message received in ASCII armor format Verify signature using sender public key RSA/MD5 File converted to ASCII armor format Decompress file revealing plaintext message and signature Compressed encrypted signed message decrypted with session key The session key (IDEA )is encrypted using RSA receiver’s public key and attached Compressed signed document encrypted with IDEA session key Message file transferred