1 / 18

Alexander NTOKO Chief, E-Strategies Unit ITU Telecommunication Development Bureau (BDT)

Challenges in Electronic Signatures and Certification Services ITU/BDT Arab Regional Workshop on “e-Services Policies” Damascus, Syria 27-29 April 2004. Alexander NTOKO Chief, E-Strategies Unit ITU Telecommunication Development Bureau (BDT). Overview of Digital Signature.

giacomo
Download Presentation

Alexander NTOKO Chief, E-Strategies Unit ITU Telecommunication Development Bureau (BDT)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges in Electronic Signatures and Certification ServicesITU/BDT Arab Regional Workshop on “e-Services Policies”Damascus, Syria 27-29 April 2004 Alexander NTOKO Chief, E-Strategies Unit ITU Telecommunication Development Bureau (BDT)

  2. Overview of Digital Signature Signer’s Private Key Encrypted Digest Digest Signed Document Hash Algorithm Remember, a digital signature involves services provided by Certificate Authority (CA)

  3. Verifying the Digital Signaturefor Authentication and Integrity ? Digest Hash Algorithm Digest Signer’s Public Key And so does the process of verifying the validity of a digital signature

  4. General Overview of Some Digital Signature and Certificate Authority Challenges • Technology and Standards • Application and Multi-vendor interoperability • Key Length and Encryption algorithms • Content Non-Repudiation and Time stamps • Policies and Legislative • CA-CA Policy-level Interoperability • PKI Domains, Jurisdictions and Accreditation • Roles of Public and Private Sector • E-signature Legislation and Technology Neutrality – Finding the right balance between being technology neutral and enforcing legislation. • Acquisition, Capacity & Business Models • Building Local Capacity • Business Case for CA Infrastructure • Liabilities and Risk assessment/management

  5. Challenges for e-Signatures and Certification Authorities are Intricately linked. Focus on: • Acceptance of Digital Signature Across Multi-Jurisdictional PKI Domains. • Policies for Generic Identity Certificates. • Public Key Infrastructure (PKI) Domains. • CA-CA Inter-Domain Interoperability. • Relationship between Attribute Certificates and Generic Identity Certificates.

  6. Some Initiatives for Addressing CA-CA Inter Domain Interoperability Issues…

  7. Cross Certification • A CA issues a certificate to another CA. This is applied to Strict Hierarchy (Root CAs) • Establishment of Trust Relationship between CAs (Chain of Trust). • Could result in Trust Cascades (A>B and B>C should not imply A>C). • Trust relationship could be Mutual (Horizontal Trust relationship) or Unilateral (Vertical Trust relationship – Root CAs).

  8. Bridge Certificate Authority • A CA acts as a bridge between CAs in different PKI domains. • Each CA establishes a Trust Relationship with the Bridge CA. • The absence of direct relationships between CAs avoids overheads related to the establishment of direct trust relationships between co-operating CAs.

  9. Cross Recognition • No trust relationship on cross certification between CAs. • Requires a mutually trusted and recognized third party. • CA-CA Interoperability is achieved through the licensing or auditing by a mutually agreed authority.

  10. Accreditation Certificate • A combination of cross-certification and cross recognition. • Involves the creation of an accreditation CA. • Public Key of each CA is signed by accreditation CA. • Used in Australia in the Gatekeeper Accreditation CA. • Requires high level government structure and control to create hierarchy (e.g., government-wide PKI).

  11. Certificate Policy – Playsan important role in the implementation of some of these initiatives • Certificate Policy (CP) – A Named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications of common security requirements.

  12. ITU-T X509: CA-CA Policy Interoperability Policy Mappings Extension Allows a certification authority to indicate that certain policies in its own domain can be considered equivalent to certain other policies in the subject certification authority's domain.

  13. ITU-T X.509: PreventingTrust Cascades Policy Constraints extension Ability for a certification authority to require that explicit certificate policy indications be present in all subsequent certificates in a certification path. Ability for a certification authority to disable policy mapping by subsequent certification authorities in a certification path.

  14. Possible Strategy for E-Signatures and CAs

  15. What could be the Role of Governments? • Getting Involved in the Management of Public Internet Resources. • Internet Protocol Addresses • Domain Names (under ccTLDs) • Elaborating Policies and Legislation for the Management of Digital Identities and CAs. • Accreditation of Certification Authorities • Control and Enforcement Mechanisms • Play central role in the management of generic identities (e.g. digital Ids and Passports).

  16. What is ITU-D doing in this Domain? • ITU-D IsAP Programme 3 • Policies:Addressing National/Regional Policies for e-Trust and public Internet resources (e.g., Azerbaijan, Cameroon, Georgia and Mongolia). • Projects:Projects on PKI (CA and RA) and PKI-enabled Applications (Africa, Asia, Latin America and Europe). • Training:Building Human Capacity in e-Security (e.g., Latin America and Pakistan). • Environment:Assistance in Legal Issues for E-Applications and in establishing an Enabling Regulatory Framework (e.g., Latin America, Cape Verde, Mongolia and Burkina Faso).

  17. World e-Trust MoU Multi-Lateral And Inclusive Framework Self-Regulatory & Self-Funding Structure Technology Neutral/Independent Environment Platform for Partnerships in E-Services

  18. Thank You for your attention For further information Web: http://www.itu.int/ITU-D/e-strategy Email: e-strategy@itu.int

More Related