Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy Authors: C. Lambrinoudakis,

Published byMyron Green Modified over 9 years ago

Similar presentations

Presentation on theme: "Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy Authors: C. Lambrinoudakis,"— Presentation transcript:

1 Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy Authors: C. Lambrinoudakis, S. Gritzalis, F. Dridi, and G. Pernul Source: Computer Communications, 26(16), pp.1873-1883, 2003. Adviser: Min-Shiang Hwang Speaker: Chun-Ta Li ( 李俊達 )

2 2 Outline IntroductionIntroduction The e-government platformThe e-government platform Security issuesSecurity issues The Public Key InfrastructureThe Public Key Infrastructure A case-study: the e-government system WebocratA case-study: the e-government system Webocrat ConclusionConclusion CommentComment

3 3 Introduction e-governmente-government –Improving the quality of life, Disseminating knowledge, Generating earnings et al. Information securityInformation security User privacyUser privacy Security measures – Risk analysis (RA)Security measures – Risk analysis (RA) –Assess the consequences from a potential security incident –Select the countermeasures

4 4 Introduction (cont.) RA is to have precisely specified boundariesRA is to have precisely specified boundaries e-government – amalgam of heterogeneous information systeme-government – amalgam of heterogeneous information system A framework can facilitate the development of a unified e-government security policyA framework can facilitate the development of a unified e-government security policy –Isolated system  component of the e-government platform Organizational Framework for the Security Requirements of e-government services (e-GOV-OFSR)Organizational Framework for the Security Requirements of e-government services (e-GOV-OFSR) [Gritzalis and Lambrinoudakis, 2002 ] [Gritzalis and Lambrinoudakis, 2002 ]

5 5 The e-government platform [Wimmer and Traunmuller, 2002][Wimmer and Traunmuller, 2002] User …… Internet Wireless Governmental Portal Global Access Point Local (state) Users Local (state) Users Central Server (National Authority) Remote Server (Local Authority) Remote Server (Local Authority) … SUPPORTED SERVICES

6 6 Security issues Identifying security requirementsIdentifying security requirements –e-University –e-Voting –Electronic collaboration of governmental departments –Web-based public services Security requirementSecurity requirement –service phases –actor type

7 7 Security issues (cont.) e-Universitye-University

8 8 Security issues (cont.) e-Votinge-Voting

9 9 Security issues (cont.) Electronic collaboration of governmental departmentsElectronic collaboration of governmental departments

10 10 Security issues (cont.) Web-based public servicesWeb-based public services

11 11 Security issues (cont.) A consolidated view of the security requirements for an e-Government platformA consolidated view of the security requirements for an e-Government platform

12 12 The Public Key Infrastructure Registration Digital signatures Encryption Time stamping Non-repudiation Key management Certificate management Information repository Directory services Camouflaging communication TTP to TTP interoperability Authorization Audit PKI services Use of PKI services for fulfilling e-government security requirements Security requirements Availability Performance Authentication Logging Management of privileges Integrity Confidentiality Non- repudiation Anonymity Public trust Untraceability Secure storage a Not in the context of e-voting. a a a

13 13 The Public Key Infrastructure (cont.) The hardware and software infrastructure supporting the e-government portalThe hardware and software infrastructure supporting the e-government portal –Risks: Unreliable hardware, Limited computing resources, Unstable software, maintainability, Poor communication infrastructure et al.Unreliable hardware, Limited computing resources, Unstable software, maintainability, Poor communication infrastructure et al. –Countermeasures: Redundant servers, backup communication lines, services contracts, testing procedures et al.Redundant servers, backup communication lines, services contracts, testing procedures et al.

14 14 A case-study: the e-government system Webocrat e-GOV-OFSR framework  Webocrate-GOV-OFSR framework  Webocrat Webocrat – implemented within the Webocracy ProjectWebocrat – implemented within the Webocracy Project Protecting the system – PKI-based security architecture (CSAP)Protecting the system – PKI-based security architecture (CSAP) –Communication (C) –Security (S) –Authentication (A) –Privacy (P)

15 15 A case-study: the e-government system Webocrat (cont.) Webocracy project – EU funded research projectWebocracy project – EU funded research project // Webocracy – Democracy on the Web Service Operator Service Customers System Administrator Knowledge Management Knowledge Management Discussion Management Opinion-Polling- Management CSAP: Security Services

16 16 A case-study: the e-government system Webocrat (cont.) actor types:actor types: –System administrators Setting up the hardware/software infrastructureSetting up the hardware/software infrastructure Implemented the security services through the CSAP moduleImplemented the security services through the CSAP module –Service operators (government employees) Setting up the Webocrat modulesSetting up the Webocrat modules –Service customers (citizens, politicians) Accessing the system via well-specified “User Interfaces”Accessing the system via well-specified “User Interfaces” Citizens Information HelpdeskCitizens Information Helpdesk

17 17 A case-study: the e-government system Webocrat (cont.) Webocrat-WebspaceWebocrat-Webspace –Publishing Space Different types of documentsDifferent types of documents –Laws, Resolutions, Budgets et al. –Discussion Space Supporting intelligent communicationSupporting intelligent communication –Inputs and comments – published in the Discussion space –Opinion Polling Space Electronic opinion polling on several issues/questionsElectronic opinion polling on several issues/questions –Knowledge Management

18 18 A case-study: the e-government system Webocrat (cont.) Security requirements & risk analysisSecurity requirements & risk analysis

19 19 A case-study: the e-government system Webocrat (cont.) CSAP security architectureCSAP security architecture Integrity, Confidentiality, Non-repudiation Secure Storage Logging (Audit) Access Control and Authorization (Management of Privileges) Identification and Authentication . Registration . Authorization . Key Management . Certificate Management . Directory Services . Time Stamping . Non-repudiation . Information . Repository . Audit . Digital Signatures . Encryption . TTP to TTP . Interoperability . Camouflaging . Communication

20 20 Conclusions RA methodologiesRA methodologies –Information system with well-defined boundaries –Each information system must study independently –Consolidated list of requirements e-GOV-OFSR frameworke-GOV-OFSR framework –service phases –actor types PKI security servicesPKI security services

21 21 Comments Methodologies  requirements  existing approach  framework (architecture)Methodologies  requirements  existing approach  framework (architecture) RA  each information system  frameworkRA  each information system  framework PKI-based approach  other approachPKI-based approach  other approach –Security –Efficiency –Cost

Download ppt "Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy Authors: C. Lambrinoudakis,"

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.

Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Security Controls – What Works

Security Controls – What Works
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
Building a Successful Security Infrastructure

Building a Successful Security Infrastructure
Understanding Active Directory

Understanding Active Directory
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Similar presentations

Ads by Google