Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Similar presentations


Presentation on theme: "© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information."— Presentation transcript:

1 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information Society Tashkent, Uzbekistan 6-8 October 2003 Challenges in Electronic Signatures and Certification Authorities Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau (BDT)

2 Overview of Digital Signature Signers Private Key Signed Document Encrypted Digest Hash Algorithm Digest Remember, a digital signature involves services provided by Certificate Authority (CA)

3 Verifying the Digital Signature for Authentication and Integrity Hash Algorithm Digest ? ? Signers Public Key And so does the process of verifying the validity of a digital signature

4 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 4 General Overview of Some Digital Signature and Certificate Authority Challenges o Technology and Standards Application and Multi-vendor interoperability Key Length and Encryption algorithms Content Non-Repudiation and Time stamps o Policies and Legislative CA-CA Policy-level Interoperability PKI Domains, Jurisdictions and Accreditation Roles of Public and Private Sector E-signature Legislation and Technology Neutrality – Finding the right balance between being technology neutral and enforcing legislation. o Acquisition, Capacity & Business Models Building Local Capacity Business Case for CA Infrastructure Liabilities and Risk assessment/management

5 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 5 Challenges for e-Signatures and Certification Authorities are Intricately linked. Focus on: o Acceptance of Digital Signature Across Multi-Jurisdictional PKI Domains. o Policies for Generic Identity Certificates. o Public Key Infrastructure (PKI) Domains. o CA-CA Inter-Domain Interoperability. o Relationship between Attribute Certificates and Generic Identity Certificates.

6 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 6 Some Initiatives for Addressing CA-CA Inter Domain Interoperability Issues…

7 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 7 Cross Certification o A CA issues a certificate to another CA. This is applied to Strict Hierarchy (Root CAs) o Establishment of Trust Relationship between CAs (Chain of Trust). o Could result in Trust Cascades (A>B and B>C should not imply A>C). o Trust relationship could be Mutual (Horizontal Trust relationship) or Unilateral (Vertical Trust relationship – Root CAs).

8 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 8 Bridge Certificate Authority o A CA acts as a bridge between CAs in different PKI domains. o Each CA establishes a Trust Relationship with the Bridge CA. o The absence of direct relationships between CAs avoids overheads related to the establishment of direct trust relationships between co-operating CAs.

9 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 9 Cross Recognition o No trust relationship on cross certification between CAs. o Requires a mutually trusted and recognized third party. o CA-CA Interoperability is achieved through the licensing or auditing by a mutually agreed authority.

10 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 10 Accreditation Certificate o A combination of cross-certification and cross recognition. o Involves the creation of an accreditation CA. o Public Key of each CA is signed by accreditation CA. o Used in Australia in the Gatekeeper Accreditation CA. o Requires high level government structure and control to create hierarchy (e.g., government- wide PKI).

11 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 11 Certificate Policy – Plays an important role in the implementation of some of these initiatives o Certificate Policy (CP) – A Named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications of common security requirements.

12 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 12 Policy Mappings Extension Allows a certification authority to indicate that certain policies in its own domain can be considered equivalent to certain other policies in the subject certification authority's domain. ITU-T X509: CA-CA Policy Interoperability

13 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 13 ITU-T X.509: Preventing Trust Cascades Policy Constraints extension Ability for a certification authority to require that explicit certificate policy indications be present in all subsequent certificates in a certification path. Ability for a certification authority to disable policy mapping by subsequent certification authorities in a certification path.

14 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 14 Possible Strategy for E-Signatures and CAs

15 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 15 What could be the Role of Governments? o Getting Involved in the Management of Public Internet Resources. Internet Protocol Addresses Domain Names (under ccTLDs) o Elaborating Policies and Legislation for the Management of Digital Identities and CAs. Accreditation of Certification Authorities Control and Enforcement Mechanisms Play central role in the management of generic identities (e.g. digital Ids and Passports).

16 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 16 What is ITU-D doing in this Domain? o ITU-D IsAP Programme 3 Policies: Addressing National/Regional Policies for e-Trust and public Internet resources (e.g., Azerbaijan, Cameroon, Georgia and Mongolia). Projects: Projects on PKI (CA and RA) and PKI- enabled Applications (Africa, Asia, Latin America and Europe). Training: Building Human Capacity in e-Security (e.g., Latin America and Pakistan). Environment: Assistance in Legal Issues for E- Applications and in establishing an Enabling Regulatory Framework (e.g., Latin America, Cape Verde, Mongolia and Burkina Faso).

17 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 17 World e-Trust MoU Platform for Partnerships in E-Services Self-Regulatory & Self-Funding Structure Technology Neutral/Independent Environment Multi-Lateral And Inclusive Framework

18 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 18 Thank You for your attention For further information Web:http://www.itu.int/ITU-D/e-strategyhttp://www.itu.int/ITU-D Email: e-strategy@itu.int


Download ppt "© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information."

Similar presentations


Ads by Google