Building Trust in E-taxpayer supported organizations ITU-T Workshop on Difficulties, Viewpoints and Institutionalization.


60 views
Uploaded on:
Description
Masquerade: Pretending to be another client to get to data or to obtain ... Masquerade: Authentication (Digital Certificates) Replay: Digital ...
Transcripts
Slide 1

Building Confidence in E-taxpayer driven organizations ITU-T Workshop on Challenges, Perspectives and Standardization Issues in E-government Geneva, 5-6 June 2003 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau (BDT)

Slide 2

But Why? A Holistic Approach to Building Confidence is A Key Driver for E-government.

Slide 3

… Because the difficulties for DCs are not simply restricted to innovation and access Security assumes a focal part in building client certainty for e-taxpayer driven organizations

Slide 4

Security attentiveness toward e-applications are very high in the needs of Developing Countries Results of ITU-D Survey (March 2003) on Challenges to E-Transactions. WTDC02 IsAP Programme3 - Security

Slide 5

What is TRUST? An element A , can be said to believe another element B when A makes the suspicion that B will carry on precisely as An anticipates. Its about having trust in taxpayer driven organizations gave by means of Telecommunications/ICTs.

Slide 6

Knowing who you are managing remains a noteworthy concern … however in e-government, it is imperative to Know whether you are managing a pooch.

Slide 7

What are a portion of the security concerns? Personality Interception : The perception of characters of imparting gatherings for abuse. Information Interception : The perception of client information amid a correspondence by an unapproved client. Control: The interference and adjustment of data in a private correspondence. Masquerade : Pretending to be another client to get to data or to gain extra benefits. Replay : The recording and resulting replay of a correspondence at some later date. Renouncement : The foreswearing by a client of having taken an interest to a limited extent or the majority of a correspondence. Foreswearing of Service : The counteractive action or interference of a correspondence or the deferral of time-basic operations . Activity Analysis : The unapproved investigation and perception of data (e.g. frequency, grouping, sort, sum, and so on)

Slide 8

Let\'s Map a portion of the Security/Trust Issues to Possible Solutions… Identity Interception : Confidentiality (Strong Encryption). Information Interception : Confidentiality (Strong Encryption) . Control: Data Integrity (Digital Signatures). Masquerade : Authentication (Digital Certificates) Replay : Digital Signatures + with Time Stamp . Renouncement : Digital Signatures . Refusal of Service : Authentication and Access Control. Activity Analysis : Strong Encryption .

Slide 9

… It is clear that character check/administration assumes a pivotal part in tending to a large portion of these issues…

Slide 10

Digital Signatures are key to the Solution Signer\'s Private Key Encrypted Digest Signed Document Hash Algorithm

Slide 11

Verifying the Digital Signature for Authentication and Data Integrity ? Digest Hash Algorithm Digest Signer\'s Public Key Integrity: One piece change in the substance changes the summary

Slide 12

What Solutions do Digital Signatures give? Ensures: Integrity of report One piece change in record changes the overview Authentication of sender Signer\'s open key decodes digest sent and unscrambled digest matches processed review Non-disavowal Only underwriter\'s private key can encode digest that is unscrambled by his/her open key and matches the registered condensation. Non-disavowal anticipates reneging on an understanding by denying an exchange.

Slide 13

How do diverse Technologies Address the fundamental Security Challenges for E-government?

Slide 14

Growing Demand for Security and Trust

Slide 15

Reflected in development projections for PKI

Slide 16

But Why PKI? It\'s Not about Waging a Technology War. The Issue is about Providing Solutions.

Slide 17

PKI Addresses Many Security and Trust Issues for Building Confidence in E-government: Data Confidentiality Information got to just by those approved Data Integrity No data included, changed, or taken out Strong Authentication Parties are who they put on a show to be Non-revocation Originator can\'t preclude beginning Infrastructure from securing trust Automating the checking of personalities Mechanism to avoid Replay Digital mark joined with Time Stamp

Slide 18

But To Assist DCs we should Learn from the Experiences of Industrialized Countries: What are the issues confronting industrialized nations with PKIs? Will creating nations stay away from these pitfalls?

Slide 19

Some PKI Challenges confronted by Industrialized Countries? Innovation Level Non Interoperability Between Different PKI Vendors. Distinctive Approaches to Address CA-CA Interoperability Challenges. Part Specific Strategies for Identity Certificates Leading to Non-interoperability of Digital Signatures Across PKI Domains (e.g., for Health, Finance and Business). Acknowledgment of Certificates crosswise over Geographical Boundaries. National Identities or National Passports?

Slide 20

Some Possible Approaches to Build Confidence in e-government for Developing Countries? Nonexclusive Identity Certificates Public Key Infrastructure (PKI) for Generic Identity Certificates (advanced ID cards). Far reaching Certificate Policies for CA-CA Interoperability. Trait or Privilege Certificates Establishment of Privilege Management Infrastructures (PMI) for Sector Specific Needs. Foundation of Frame work for Relationship amongst AA and CAs Technology Level Interoperability CA-CA and CA-RA Interoperability

Slide 21

Build Trust Where is Exists! Non specific Identity Framework for All Sectors

Slide 22

… But DCs still face numerous difficulties: … Just to list a couple of them… Low Level of Awareness on Security/Trust Technologies and their part as a key driver for e-government. Human and Financial Resources to Establish PKI. Suitable Business Models for Sustainability and Investments in PKI. Principles and/or Profiles to guarantee for Multi-Vendor Interoperability. Strategy Level Interoperability for PKI Domains and Jurisdictions. Managing Liabilities, Risks, Insurance, Legal and Policy Framework for PKI Services.

Slide 23

How is ITU-D Assisting DCs in e-government? ITU-D Istanbul Action Plan (IsAP) Policies: Assistance in Addressing National/Regional e-applications Policies Projects: Projects on E-government Infrastructure and Applications/Services. Preparing: Building Human Capacity and Awareness on e-Security and E-government. Environment: Assistance in Legal Issues for E-Applications and Conducive Environment. Rules: ITU-D Study Group Questions to Provide rules on E-Applications (counting e-government).

Slide 24

Conclusion – Is there Any Hope for e-taxpayer driven organizations in Developing Countries? Information transfers and ICTs can improve taxpayer supported organizations by making efficiencies and achieving the populace in remote ranges. E-government can animate the advancement of ICTs and telecom base in DCs. However, for this to happen, chiefs and clients must have trust in the utilization of this new channel for the conveyance of taxpayer supported organizations.

Slide 25

Thank You for Your Attention For additional data Web: http://www.itu.int/ITU-D/e-methodology Email: e-strategy@itu.int

Recommended
View more...