PKI Industry growth in Bangladesh

PKI Industry Growth in
Bangladesh
Al Faruq Ibna Nazim
Computer Services Ltd.

AGENDA
• PKI Glossary
• PKI Necessity
• PKI Basics
• PKI Services
• PKI in Bangladesh
• PKI Business in Bangladesh
• Advantages of Local PKI
• Limitation

PKI GLOSSARY
• Public Key Crypto – key pairs used to encrypt/decrypt or sign/verify
• Certificate – a digital method of binding a key pair or pairs to a
specific identity
• Certificate Authority – the system that securely creates the
certificates
• Public Key Infrastructure – the whole system of creating, issuing,
managing, utilizing and revoking certificates

PKI NECESSITY
Homer and Marge want to exchange data in a digital world.
There are Confidence and Trust Issues …
Internet
Intranet
Extranet
Homer Marge

PKI NECESSITY – CONFIDENCE & TRUST ISSUE
• In the Identity of an Individual or Application
AUTHENTICATION
• That the information will be kept Private
CONFIDENTIALITY
• That information cannot be Manipulated
INTEGRITY
• That information cannot be Disowned
NON-REPUDIATION
Internet
Intranet
Extranet
Homer Marge

PKI BASICS – OPERATION
Cryptography
It is the science of making the cost of acquiring or altering data greater
than the potential value gained.
Cryptosystem
It is a system that provides techniques for mangling a message into an
apparently intelligible form and than recovering it from the mangled
form.
Plaintext Encryption Decryption PlaintextCiphertext
Key Key
Hello World &$*£(“!273 Hello World

PKI BASICS – ALGORITHM
All cryptosystems are based only on three Cryptographic Algorithms:
MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)
- Maps variable length plaintext into fixed length cipher text
- No key usage, computationally infeasible to recover the plaintext
SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
- Encrypt and decrypt messages by using the same Secret Key
PUBLIC KEY (DSA, RSA, …)
- Encrypt and decrypt messages by using two different Keys: Public Key, Private Key
(coupled together)

PKI BASICS - Algorithms based on Private Key
Pros
• Efficient and fast Algorithm
• Simple model
- Provides Integrity, Confidentiality
Cons
• The same secret key must be shared by all the entities involved in the data exchange
• High risk
• It doesn’t scale (proliferation of secrets)
- No Authentication, Non-Repudiation
Private Key Private Key

PKI BASICS - Algorithms based on Public Key
Pros
• Private key is only known by the owner: less risk
• The algorithm ensures Integrity and Confidentiality by encrypting
with the Receiver’s Public key
Internet
Intranet
Extranet
Homer Marge
Homer’s Public Key Marge’s Private Key

Pros
• The algorithm ensures Non-Repudiation by encrypting with the
Sender’s Private key
Internet
Intranet
Extranet
Homer Marge
Homer’s Private Key Marge’s Public Key

Cons
• Algorithms are 100 – 1000 times slower than secret key ones
They are initially used in an initial phase of communication and then secrets keys
are generated to deal with encryptions
• How are Public keys made available to the other people?
• There is still a problem of Authentication!!!
Who ensures that the owner of a key pair is really the person whose real life
name is “Marge”?
Internet
Intranet
Extranet
Homer Marge

PKI BASICS – CERTIFICATE SIGNING & VERIFICATION

PKI SERVICES
• Secure Email – sign and/or encrypt messages
• Secure browsing – SSL – authentication and encryption
• Secure code – Authenticode
• Secure wireless – PEAP & EAP-TLS
• Secure documents – Rights Management
• Secure networks – segmentation via IPSEC, RPKI
• Secure files – Encrypted File System(EFS)

PKI IN BANGLADESH – ROOT CA
PKI service is regulated by the government body as
Office of the Controller of Certifying Authorities (CCA)
www.cca.gov.bd
Objectives
• Paperless Government Correspondence
• e-Government
• e-Procurement
• e-Commerce
• Electronic Document Signing
• Internet Banking using digital signature
• Device and Server Signing
• Preventing Cyber Crimes
Activities
• Controlling Activities of Certifying Authority (CA)
• Issuing, suspending and repealing CA license according to ICT Act 2006
(Amendment 2013) and ICT (CA) Rules 2010.
• Leading and Maintaining of Public Key Infrastructure (PKI) activities.
• Making Rules, guideline and regulation for PKI and controlling its
standard.
• Submitting investigation report before the Cyber Tribunal after
investigating Cyber crimes under ICT Act, 2006.
• Constituting Audit firm for auditing IT.
• Prescribing rate of Digital Signature Certificate according to IT (CA)
rules, 2010.

PKI IN BANGLADESH – MODEL
Issued by Sub-CA
Issued by Licensed CA
Accredited by CCA
Office of the CCA Root CA
Licensed CAs (Public/Private)
Sub CA
(Internal/External)
Subscribers

PKI IN BANGLADESH – Licensed CAs
 Mango Teleservices Ltd. (www.mangoca.com)
 Dohatec New Media. (www.dohatec-ca.com.bd)
 Data Edge Ltd. (www.dataedgeid.com)
 Banglaphone Ltd. (www.banglaphone.net.bd)
 Computer Services Ltd. (www.ca.computerservicesltd.com)
 Bangladesh Computer Council. (www.bcc.gov.bd)

PKI BUSINESS IN BANGLADESH
Service Provided:
• SSL certificate for TT service & Foreign
Remittance
• Class 2 certificates
Purpose:
• Multifactor login from a dedicated system of
distant branch. Secure communication
channel between server & branch.

Service Provided:
• SSL certificate
Purpose:
• To Secure communication channel between
server & client.

Service Provided:
• SSL certificate
Purpose:
• Secure communication channel between
server & client.

Service Provided:
• Class 2 certificates
Purpose
• Secure communication among 4 personnel of
finance team.

Service Provided:
• Class 1 certificate
Purpose:
• Issuing digitally signed registration cards &
admit cards.

Service Provided:
• Cryptographic hardware token
Purpose:
• Document authorization, to use in e-file
management system.

Service Provided:
• SSL certificate
• Cryptographic hardware token
Purpose:
• Send & receive encrypted document within a
secure channel.

Service Provide:
Class 2 certificate
SSL Certificate for JBGC
Cryptographic hardware token
Purpose:
Document authorization & secure
communication channel between server
& client.

ADVANTAGES OF LOCAL PKI
• Local regulatory authorized.
• Local law governed for legal assistance.
• Accountability for service.
• Local currency exchange and remittance.
• Regulatory earning for government.

LIMITATION
The only limitation so far is Bangladesh is not recognized internationally
to PKI registry.
Internet Explorer, Chrome, Firefox, Opera etc. browsers recognition is
required.
International PKI forum association is required.

CONCLUSION
• For such technology progressive country we need data transaction
security & authenticity.
• For such services regulatory observation is highly required.
• Accountability for local organizations will allow client trust &
flexibility.
• Local financial transaction will allow local revenue earning &
government revenue.

QUESTIONS
alfaruq@bdpeer.com
???

Gratitude Declaration
Computer Services Ltd.
Data Edge Ltd.
Controller of Certifying Authority

PKI Industry growth in Bangladesh

PKI Industry growth in Bangladesh

Recommended

More Related Content

Viewers also liked

Viewers also liked(20)

Similar to PKI Industry growth in Bangladesh

Similar to PKI Industry growth in Bangladesh(20)

More from Bangladesh Network Operators Group

More from Bangladesh Network Operators Group(20)

Recently uploaded

Recently uploaded(10)

PKI Industry growth in Bangladesh