Date post: | 13-Dec-2015 |
Category: |
Documents |
Upload: | elvin-shaw |
View: | 214 times |
Download: | 0 times |
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1
ICT and E-Business Strategies For Development
Geneva, 20-21 October 2003Building Trust and Confidence
For ICT Applications
Krastu MIRSKI
and
Alexander NTOKO
ITU Telecommunication Development Bureau (BDT)
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 2
Agenda for Presentation
1. Barriers to E-Applications2. Technology Framework3. Regional Initiatives4. ITU Activities/Initiatives
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 3
Growing Demand for Online Security
Problems for E-transaction/banking
3835
22 22
0
5
10
15
20
25
30
35
40
Replies 38 35 22 22
Information and network security
Infrastructure Banking system Others
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 4
Knowing whom you are dealing with is central to building online trust
“On the Internet, nobodyknows you’re a dog…”
Identification isthe Challenge
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 5
For Trust in E-Applications, We need at least the Following Features:
o Data Confidentiality• Information accessed only by those authorized
o Data Integrity• No information added, changed, or taken out
o Strong Authentication• Parties are who they pretend to be
o Non-repudiation• Originator cannot deny origin or transaction
o Infrastructure of trust• Automating the checking of identities
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 6
Certificate-Based Identity Verification/Management is a Vital Technology Component for Online Trust
ITU-T X.509 - A key component for establishing trust for e-applications in public networks (such as the Internet).Most B2C e-business solutions are built on HTTPS based on Server-side certificate authentication for security and trust.
Technology Framework - Digital Signature
Signer’s Private Key
SignedDocument
EncryptedDigestHash
Algorithm
Digest
Digital Signature techniques using encryption, message digest and digital certificates are important technology elements for online trust.
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 8
Digital Signature - Solutions
Guarantees:o Data Integrity for E-Application Transactions.o Data Confidentiality when Combined with
Encryption Algorithms.o Non-Replay in Combination with Content
Validation (Time Stamps).o Positive Authentication of Parties.o Content Non-repudiation or Non-deniability
for E-Application Transactions. (How to enforce anti-spam and data privacy laws?)
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 9
Digital Signature – Issues and Challenges
o Acceptance of Digital Signatures Across Multi-Jurisdictional PKI Domains.
o Adopting Policies for Generic Identity Certificates (PKI) and Attribute Certificates (PMI).
o Elaborating Harmonized and Technology Neutral E-Legislative Framework and Enforcement Mechanisms.
o CA-CA Inter-Domain Interoperability Across National Boundaries.
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 10
Strategy for E-Signatures and CAs Trust and Security for e-Business Needs part of a much broader and comprehensive policy framework dealing with e-applications/services
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 11
What could be the Role of Governments?
o National/Regional Policies for the Management of IP Resources.
• Internet Protocol Addresses
• Domain Names (under ccTLDs)
o Enabling Environment for E-Applications.• Accreditation of Certification Authorities
• Control and Enforcement Mechanisms (e.g., Spam, Data privacy).
• Central Role in Generic Digital Credentials.
• Harmonized Regional Framework E-Legislation
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 12
Recent ITU Activities in Europe& CIS Region within the E-Strategies Programme
o Sub-Regional Seminar for ICT Development for the Information Society in Uzbekistan – October 2003.
o Internet Symposium for Europe and CIS States in Russia – September 2003.
o E-agriculture project for a rural community in the Kyrgyz Republic – September 2003.
o National Seminar for E-Business Strategies for Azerbaijan – August 2003.
o E-Government projects in Bulgaria and Georgia using digital certificates, biometrics and public key infrastructure – August 2003.
o Secure E-business infrastructure WTC, Turkey – Q3 2002.
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 13
ITU Activities – Global View
©1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 14
Thank You
for Your Attention
For further information:
Web: http://www.itu.int/ITU-D/e-strategy
Email: [email protected]