pki industry growth in bangladesh

PKI Industry Growth in Bangladesh

Al Faruq Ibna Nazim

Computer Services Ltd.

AGENDA

• PKI Glossary

• PKI Necessity

• PKI Basics

• PKI Services

• PKI in Bangladesh

• PKI Business in Bangladesh

• Advantages of Local PKI

• Limitation

PKI GLOSSARY

• Public Key Crypto – key pairs used to encrypt/decrypt or sign/verify

• Certificate – a digital method of binding a key pair or pairs to a specific identity

• Certificate Authority – the system that securely creates the certificates

• Public Key Infrastructure – the whole system of creating, issuing, managing, utilizing and revoking certificates

PKI NECESSITY

Homer and Marge want to exchange data in a digital world.

There are Confidence and Trust Issues …

InternetIntranetExtranet

Homer Marge

PKI NECESSITY – CONFIDENCE & TRUST ISSUE

• In the Identity of an Individual or Application

AUTHENTICATION

• That the information will be kept Private

CONFIDENTIALITY

• That information cannot be Manipulated

INTEGRITY

• That information cannot be Disowned

NON-REPUDIATION


Homer Marge

PKI BASICS – OPERATION

Cryptography

It is the science of making the cost of acquiring or altering data greater than the potential value gained.

Cryptosystem

It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form.

Plaintext Encryption Decryption PlaintextCiphertext

Key KeyHello World &$*£(“!273 Hello World

PKI BASICS – ALGORITHM

All cryptosystems are based only on three Cryptographic Algorithms:

MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)

- Maps variable length plaintext into fixed length cipher text

- No key usage, computationally infeasible to recover the plaintext

SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)

- Encrypt and decrypt messages by using the same Secret Key

PUBLIC KEY (DSA, RSA, …)

- Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)

PKI BASICS - Algorithms based on Private Key

Pros

• Efficient and fast Algorithm

• Simple model

- Provides Integrity, Confidentiality

Cons

• The same secret key must be shared by all the entities involved in the data exchange

• High risk

• It doesn’t scale (proliferation of secrets)

- No Authentication, Non-Repudiation


Private Key Private Key

PKI BASICS - Algorithms based on Public Key

Pros

• Private key is only known by the owner: less risk

• The algorithm ensures Integrity and Confidentiality by encrypting with the Receiver’s Public key


Homer Marge


Homer’s Public Key Marge’s Private Key

PKI BASICS - Algorithms based on Public Key

Pros

• The algorithm ensures Non-Repudiation by encrypting with the Sender’s Private key


Homer Marge


Homer’s Private Key Marge’s Public Key

PKI BASICS - Algorithms based on Public KeyCons

• Algorithms are 100 – 1000 times slower than secret key ones

They are initially used in an initial phase of communication and then secrets keys are generated to deal with encryptions

• How are Public keys made available to the other people?

• There is still a problem of Authentication!!!

Who ensures that the owner of a key pair is really the person whose real life name is “Marge”?


Homer Marge

PKI BASICS – CERTIFICATE SIGNING & VERIFICATION

PKI SERVICES

• Secure Email – sign and/or encrypt messages

• Secure browsing – SSL – authentication and encryption

• Secure code – Authenticode

• Secure wireless – PEAP & EAP-TLS

• Secure documents – Rights Management

• Secure networks – segmentation via IPSEC, RPKI

• Secure files – Encrypted File System(EFS)

PKI IN BANGLADESH – ROOT CAPKI service is regulated by the government body as

Office of the Controller of Certifying Authorities (CCA)

www.cca.gov.bd

Objectives• Paperless Government Correspondence• e-Government• e-Procurement• e-Commerce• Electronic Document Signing• Internet Banking using digital signature• Device and Server Signing• Preventing Cyber Crimes

Activities• Controlling Activities of Certifying Authority (CA)• Issuing, suspending and repealing CA license according to ICT Act 2006

(Amendment 2013) and ICT (CA) Rules 2010.• Leading and Maintaining of Public Key Infrastructure (PKI) activities.• Making Rules, guideline and regulation for PKI and controlling its

standard.• Submitting investigation report before the Cyber Tribunal after

investigating Cyber crimes under ICT Act, 2006. • Constituting Audit firm for auditing IT.• Prescribing rate of Digital Signature Certificate according to IT (CA)

rules, 2010.

http://www.cca.gov.bd/

PKI IN BANGLADESH – MODEL

Issued by Sub-CA

Issued by Licensed CA

Accredited by CCA

Office of the CCA Root CA

Licensed CAs (Public/Private)

Sub CA

(Internal/External)

Subscribers

PKI IN BANGLADESH – Licensed CAs

Mango Teleservices Ltd. (www.mangoca.com)

Dohatec New Media. (www.dohatec-ca.com.bd)

Data Edge Ltd. (www.dataedgeid.com)

Banglaphone Ltd. (www.banglaphone.net.bd)

Computer Services Ltd. (www.ca.computerservicesltd.com)

Bangladesh Computer Council. (www.bcc.gov.bd)

http://www.mangoca.com/

http://www.dohatec-ca.com.bd/

http://www.dataedgeid.com/

http://www.banglaphone.net.bd/

http://www.ca.computerservicesltd.com/

http://www.bcc.gov.bd/

PKI BUSINESS IN BANGLADESH


Service Provided:

• SSL certificate for TT service & Foreign Remittance

• Class 2 certificates

Purpose:

• Multifactor login from a dedicated system of distant branch. Secure communication channel between server & branch.


Service Provided:

• SSL certificate

Purpose:

• To Secure communication channel between server & client.


Service Provided:

• SSL certificate

Purpose:

• Secure communication channel between server & client.


Service Provided:

• Class 2 certificates

Purpose

• Secure communication among 4 personnel of finance team.


Service Provided:

• Class 1 certificate



Purpose:

• Issuing digitally signed registration cards & admit cards.


Service Provided:


• Cryptographic hardware token

Purpose:

• Document authorization, to use in e-file management system.


Service Provided:


• SSL certificate

• Cryptographic hardware token

Purpose:

• Send & receive encrypted document within a secure channel.


Service Provide:

Class 2 certificate

SSL Certificate for JBGC

Cryptographic hardware token

Purpose:

Document authorization & secure communication channel between server & client.

ADVANTAGES OF LOCAL PKI

• Local regulatory authorized.

• Local law governed for legal assistance.

• Accountability for service.

• Local currency exchange and remittance.

• Regulatory earning for government.

LIMITATION

The only limitation so far is Bangladesh is not recognized internationally to PKI registry.

Internet Explorer, Chrome, Firefox, Opera etc. browsers recognition is required.

International PKI forum association is required.

CONCLUSION

• For such technology progressive country we need data transaction security & authenticity.

• For such services regulatory observation is highly required.

• Accountability for local organizations will allow client trust & flexibility.

• Local financial transaction will allow local revenue earning & government revenue.

QUESTIONS

[email protected]

???

Gratitude Declaration

Computer Services Ltd.Data Edge Ltd.Controller of Certifying Authority