identification of on-line users and digital signature marin aranitasi prof . dr betim Çiço
DESCRIPTION
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department . Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço. Content. Objectives Overview of the Actual Security Problems Proposal of my Solution - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/1.jpg)
Polytechnic University of TiranaFaculty of Information TechnologyComputer Engineering Department
Identification of on-line users and Digital Signature
Marin Aranitasi Prof. Dr Betim Çiço
![Page 2: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/2.jpg)
2
ContentObjectivesOverview of the Actual Security
ProblemsProposal of my SolutionDescription of Previous SolutionsSchematic View & Authentication
TechnologiesDetailed Work DescriptionSecurity IssuesConclusions
![Page 3: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/3.jpg)
3
Objectives I will treat systems that offer
services (especially public services)E-governmentAll electronic systems that offer
services, have one common element --- the identification & the authorization of their users.
Information exchange username-password
![Page 4: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/4.jpg)
4
Government services
1. Government to Citizen
2. Government to Business
3. Government to Government
![Page 5: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/5.jpg)
5
Problems 1. Users have to remember a lot of
identification elements2. Users in case of a lost or in case they forget
the id elements, have to go to the specific institution, with an official request ,to get back their id information.
3. Every institution has to create help desk structures, that in 80-90% face with issuance of id elements.
4. This mechanism of management has big problems because we can’t guarantee the authenticity of the operations with the electronics services, if the credentials are so “OPEN”
![Page 6: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/6.jpg)
6
My proposalTo create a unified identification mechanism, which can be utilized from all electronic systems that are currently in use.
The real objective The construction of a communication infrastructure, between electronic systems of different institutions, that allow the identification of the users.
PKI – Public Key Infrastructure
![Page 7: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/7.jpg)
7
Previous PKI projects(1)Common Access Card(CAC)
DoD PKI-based security project
Defense Enrollment Eligibility Reporting System (DEERS)
Real-time Automated Personnel Identification System (RAPIDS),
![Page 8: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/8.jpg)
8
Previous PKI projects(11)Common Access Card(CAC)
Three certificates stored on the CAC include the following:1. An authentication certificate. -
Accessing secure Web portals.2. A signing certificate. – sign e-mail 3. An encryption certificate. - This
certificate is used by others to send encrypted email to the CAC card owner
Combination of biometrics and PIN to protect access to the card.
![Page 9: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/9.jpg)
9
Schematic view
![Page 10: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/10.jpg)
10
Schematic viewUser/citizenSCDev PortalNational CA-
RootSigning SystemSystem
Administrator
![Page 11: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/11.jpg)
11
Identification technologies
Something you know – username-password (single – factor authentication)
Something you have – media, token (two factor authentication)
Something you are – biometrics
![Page 12: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/12.jpg)
12
Price vs Authentication
![Page 13: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/13.jpg)
13
Considerations Identification techniques
◦Key - Fob◦Smart cards ◦USB token
Performance /cost◦Performance view◦Cost view◦Sociological view
![Page 14: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/14.jpg)
14
Smart cards
Choose smart – card Relatively expensive
More ◦secure◦manageable
![Page 15: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/15.jpg)
15
Detailed scheme
![Page 16: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/16.jpg)
16
Detailed schemePortal
(Website)
PKI Infrastructure
OCSP/TSP
![Page 17: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/17.jpg)
17
PKI infrastructure
Servers :◦Active directory server◦Certificate server ◦Mail server
AD-SRV Cert-SRVCA Mail-SRV
Network
User/Citizen
![Page 18: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/18.jpg)
18
Certificates
Signing certificate
◦Allows data on disk to be encrypted
◦Protects e-mail messages
![Page 19: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/19.jpg)
19
Certificates
Login certificate
◦Prove your identity to a remote computer
![Page 20: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/20.jpg)
20
Conclusions PKI system – secure E-government Secure:
◦Transactions◦Mail
Ensures data :◦Authenticity◦Integrity
Confidentiality Smart card – practical ( like credit
cards)
![Page 21: Identification of on-line users and Digital Signature Marin Aranitasi Prof . Dr Betim Çiço](https://reader036.vdocuments.site/reader036/viewer/2022062501/56816497550346895dd66b29/html5/thumbnails/21.jpg)
Questions and Suggestions?
Thank You for Your Attention!