1 / 27

Tunisian National Public Key Infrastructure : Experience and challenges

Tunisian National Public Key Infrastructure : Experience and challenges. Mlle Manel ABDELKADER Responsible of the Certification and PKI Unit National Digital Certification Unit www.certification. tn. Historical Glance: PKI development in Tunisia. E-commerce development strategy 1997:

duff
Download Presentation

Tunisian National Public Key Infrastructure : Experience and challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tunisian National Public Key Infrastructure : Experience and challenges Mlle Manel ABDELKADERResponsible of the Certification and PKI Unit National Digital Certification Unit www.certification.tn

  2. Historical Glance: PKI development in Tunisia • E-commerce development strategy 1997: • Infrastructure • Legal framework • Payment systems : E-dinar • Security and Trust : NDCA • Awareness building and Training • E-government strategy and projects • Building administration information systems • Online services for companies and citizens

  3. Early Legal Framework • E-commerce and Electronic Exchanges Law (August 2000)‏ • Definition of electronic documents, digital certificates and digital signature • Liability of electronic document digitally signed • Introduction of NDCA as the root CA for Tunisia • Role and duties of Certification Service Providers (CSP)‏ • About E-commerce Transactions • Privacy protection

  4. Application decrees (2001-2008)‏ • Schedule of conditions for CSPs • Conditions for the use of crypto tools • Technical data relating to digital certificates and their liability • Technical specifications for digital signature creation devices

  5. Tunisian National PKI • Trust Model: Hierarchical. • Root CA : defined and managed by the National Digital Certification Authority • Scope of activity: National and International • Roles: • Generation, renewal and revocation of digital certificates for the Public sector • Licensing of Certificate Service Providers in Tunisia. • Cross-certification agreements with foreign CAs. • Evalutation of cryptographic devices • Definition of the specifications of signature establishment and verification solutions. • Leading research activities in security and cryptography.

  6. National PKI architecture Foreign CAs Cross certification agreements NDCA (root CA)‏ Public Sector CA Private sector CA Public sector agents

  7. Root CA Architecture Main Components: • Policy authority: is responsible of • Management of the National Certification Policy (CP) and the Certificate Policy Status (CPS), • Verification of the compliance of CSP Certification Policy with the National CP. • Establishment the cross-certification agreements with foreign CAs.

  8. National Digital Certification Agency Certificat Certificat Certificat Backup Online Services Certification Authority Universal time Key Mananagement • Timestamping • Authority Registration Authority Publication Authority Registration Unit Validation Authority End user End user

  9. Certificate Categories • NDCA issues: • Individual certificates: • Personal certificates: delivered to individuals for personnel use. They could be digital signature certificates or encryption certificates. • Enterprise certificates: delivered to the employees to be used for business purposes. They could be digital signature certificates or encryption certificates. • Organizational certificates: • Server Certificates: guarantee the security of electronic payment operations and remote consulting of confidential data. • Network Certificates: guarantee the confidentiality and the integrity of exchanged data via secure tunnels and ensures peers authentication. • Code Signing certificates: guarantee the security of codes.

  10. Tunisian Certificates Technical Specifications • Standard: X.509 • Algorithms: SHA1 (hash function), RSA (key pairs) • Lentgh: 1024, 2048 bit • Lifetime: 1 or 2 years for end users certificates

  11. How to get a digital certificate from NDCA? • Submit a request (form available online www.certification.tn)‏ • Requires physical presence and identification of the customer • NDCA provides a cryptographic key pair (public key and private key) and a digital certificate stored in highly secured crypto USB token or a smart card.

  12. Distributed Network on the Tunisian Territory v v v v v

  13. National Applications • Electronic Commerce • E-government • E-banking, E-finance,…

  14. Server certificates for E-commerce web sites to secure payment transactions and authenticate merchant web site. • Examples : • Online subscription for Internet accounts using the E-dinar payment system. • Online payment of bills. Electronic Commerce

  15. E-governement E-government projects: • Tax filing E-tasrih (Ministry of Finance) • Social Security for employees E-CNSS • Online Company creation (Industry Promotion Agency)

  16. E-Banking & E-Finance : • Strong Authentication and digital signature for: • E-banking services for the Tunisian Post • Banking Clearance Network

  17. Banks Clearance Network (SIBTEL) • Digital signature of images for scanned checks • Digital archival of digitally signed images  National commission for digital archival, e-records and evidence

  18. International Cooperation • Integration of NDCA root certificate in Microsoft products. • Organization of international Conferences on digital certification and cryptography: • AfricaCrypt, June 2009 • the « PKI Regional Conference , 20-22 June 2005 in Tunis » in collaboration with UNECA and INTIF (OIF). • NDCA member of OASIS and participant in works related to standardization (electronic signature).

  19. Challenges • Assiting of the national applications (since the conception phase) • Proximity • Cost • Training

  20. Ongoing Work • Increase he number of the online applications and services offered to the tunisian citizens (presidential program). • Legal electronic Archival. • Mobile PKI.

  21. Thankyou National Digital Certification Agency http://www.certification.tn

More Related