Tunisian national public key infrastructure experience and challenges
1 / 27

Tunisian National Public Key Infrastructure : Experience and challenges - PowerPoint PPT Presentation

  • Uploaded on

Tunisian National Public Key Infrastructure : Experience and challenges. Mlle Manel ABDELKADER Responsible of the Certification and PKI Unit National Digital Certification Unit www.certification. tn. Historical Glance: PKI development in Tunisia. E-commerce development strategy 1997:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Tunisian National Public Key Infrastructure : Experience and challenges' - duff

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Tunisian national public key infrastructure experience and challenges l.jpg

Tunisian National Public Key Infrastructure : Experience and challenges

Mlle Manel ABDELKADERResponsible of the Certification and PKI Unit

National Digital Certification Unit


Historical glance pki development in tunisia l.jpg
Historical Glance: PKI development in Tunisia challenges

  • E-commerce development strategy 1997:

    • Infrastructure

    • Legal framework

    • Payment systems : E-dinar

    • Security and Trust : NDCA

    • Awareness building and Training

  • E-government strategy and projects

    • Building administration information systems

    • Online services for companies and citizens

Early legal framework l.jpg
Early Legal Framework challenges

  • E-commerce and Electronic Exchanges Law (August 2000)‏

    • Definition of electronic documents, digital certificates and digital signature

    • Liability of electronic document digitally signed

    • Introduction of NDCA as the root CA for Tunisia

    • Role and duties of Certification Service Providers (CSP)‏

    • About E-commerce Transactions

    • Privacy protection

Slide4 l.jpg

  • Application decrees (2001-2008) challenges‏

    • Schedule of conditions for CSPs

    • Conditions for the use of crypto tools

    • Technical data relating to digital certificates and their liability

    • Technical specifications for digital signature creation devices

Tunisian national pki l.jpg
Tunisian National PKI challenges

  • Trust Model: Hierarchical.

  • Root CA : defined and managed by the National Digital Certification Authority

  • Scope of activity: National and International

  • Roles:

    • Generation, renewal and revocation of digital certificates for the Public sector

    • Licensing of Certificate Service Providers in Tunisia.

    • Cross-certification agreements with foreign CAs.

    • Evalutation of cryptographic devices

    • Definition of the specifications of signature establishment and verification solutions.

    • Leading research activities in security and cryptography.

National pki architecture l.jpg
National PKI architecture challenges

Foreign CAs

Cross certification



(root CA)‏

Public Sector


Private sector


Public sector


Root ca architecture l.jpg
Root CA Architecture challenges

Main Components:

  • Policy authority: is responsible of

    • Management of the National Certification Policy (CP) and the Certificate Policy Status (CPS),

    • Verification of the compliance of CSP Certification Policy with the National CP.

    • Establishment the cross-certification agreements with foreign CAs.

Slide8 l.jpg

National Digital Certification Agency challenges





Online Services

Certification Authority



Key Mananagement

  • Timestamping

  • Authority

Registration Authority

Publication Authority

Registration Unit

Validation Authority

End user

End user

Certificate categories l.jpg
Certificate Categories challenges

  • NDCA issues:

    • Individual certificates:

      • Personal certificates: delivered to individuals for personnel use. They could be digital signature certificates or encryption certificates.

      • Enterprise certificates: delivered to the employees to be used for business purposes. They could be digital signature certificates or encryption certificates.

    • Organizational certificates:

      • Server Certificates: guarantee the security of electronic payment operations and remote consulting of confidential data.

      • Network Certificates: guarantee the confidentiality and the integrity of exchanged data via secure tunnels and ensures peers authentication.

      • Code Signing certificates: guarantee the security of codes.

Tunisian certificates technical specifications l.jpg
Tunisian Certificates Technical Specifications challenges

  • Standard: X.509

  • Algorithms: SHA1 (hash function), RSA (key pairs)

  • Lentgh: 1024, 2048 bit

  • Lifetime: 1 or 2 years for end users certificates

Slide11 l.jpg

How to get a digital certificate from NDCA? challenges

  • Submit a request (form available online www.certification.tn)‏

  • Requires physical presence and identification of the customer

  • NDCA provides a cryptographic key pair (public key and private key) and a digital certificate stored in highly secured crypto USB token or a smart card.

National applications l.jpg
National Applications challenges

  • Electronic Commerce

  • E-government

  • E-banking, E-finance,…

Electronic commerce l.jpg

Electronic Commerce

E governement l.jpg
E-governement challenges

E-government projects:

  • Tax filing E-tasrih (Ministry of Finance)

  • Social Security for employees E-CNSS

  • Online Company creation (Industry Promotion Agency)

E banking e finance l.jpg
E-Banking & E-Finance : challenges

  • Strong Authentication and digital signature for:

  • E-banking services for the Tunisian Post

  • Banking Clearance Network

Banks clearance network sibtel l.jpg
Banks Clearance Network (SIBTEL) challenges

  • Digital signature of images for scanned checks

  • Digital archival of digitally signed images

     National commission for digital archival, e-records and evidence

International cooperation l.jpg
International Cooperation challenges

  • Integration of NDCA root certificate in Microsoft products.

  • Organization of international Conferences on digital certification and cryptography:

    • AfricaCrypt, June 2009

    • the « PKI Regional Conference , 20-22 June 2005 in Tunis » in collaboration with UNECA and INTIF (OIF).

  • NDCA member of OASIS and participant in works related to standardization (electronic signature).

Challenges l.jpg
Challenges challenges

  • Assiting of the national applications (since the conception phase)

  • Proximity

  • Cost

  • Training

Ongoing work l.jpg
Ongoing Work challenges

  • Increase he number of the online applications and services offered to the tunisian citizens (presidential program).

  • Legal electronic Archival.

  • Mobile PKI.

Slide27 l.jpg

Thank challengesyou

National Digital Certification Agency