Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PKI Industry growth in Bangladesh

1,257 views

Published on

PKI Industry growth in Bangladesh

Published in: Internet
  • Be the first to comment

PKI Industry growth in Bangladesh

  1. 1. PKI Industry Growth in Bangladesh Al Faruq Ibna Nazim Computer Services Ltd.
  2. 2. AGENDA • PKI Glossary • PKI Necessity • PKI Basics • PKI Services • PKI in Bangladesh • PKI Business in Bangladesh • Advantages of Local PKI • Limitation
  3. 3. PKI GLOSSARY • Public Key Crypto – key pairs used to encrypt/decrypt or sign/verify • Certificate – a digital method of binding a key pair or pairs to a specific identity • Certificate Authority – the system that securely creates the certificates • Public Key Infrastructure – the whole system of creating, issuing, managing, utilizing and revoking certificates
  4. 4. PKI NECESSITY Homer and Marge want to exchange data in a digital world. There are Confidence and Trust Issues … Internet Intranet Extranet Homer Marge
  5. 5. PKI NECESSITY – CONFIDENCE & TRUST ISSUE • In the Identity of an Individual or Application AUTHENTICATION • That the information will be kept Private CONFIDENTIALITY • That information cannot be Manipulated INTEGRITY • That information cannot be Disowned NON-REPUDIATION Internet Intranet Extranet Homer Marge
  6. 6. PKI BASICS – OPERATION Cryptography It is the science of making the cost of acquiring or altering data greater than the potential value gained. Cryptosystem It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form. Plaintext Encryption Decryption PlaintextCiphertext Key Key Hello World &$*£(“!273 Hello World
  7. 7. PKI BASICS – ALGORITHM All cryptosystems are based only on three Cryptographic Algorithms: MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …) - Maps variable length plaintext into fixed length cipher text - No key usage, computationally infeasible to recover the plaintext SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) - Encrypt and decrypt messages by using the same Secret Key PUBLIC KEY (DSA, RSA, …) - Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)
  8. 8. PKI BASICS - Algorithms based on Private Key Pros • Efficient and fast Algorithm • Simple model - Provides Integrity, Confidentiality Cons • The same secret key must be shared by all the entities involved in the data exchange • High risk • It doesn’t scale (proliferation of secrets) - No Authentication, Non-Repudiation Plaintext Encryption Decryption PlaintextCiphertext Private Key Private Key
  9. 9. PKI BASICS - Algorithms based on Public Key Pros • Private key is only known by the owner: less risk • The algorithm ensures Integrity and Confidentiality by encrypting with the Receiver’s Public key Internet Intranet Extranet Homer Marge Plaintext Encryption Decryption PlaintextCiphertext Homer’s Public Key Marge’s Private Key
  10. 10. PKI BASICS - Algorithms based on Public Key Pros • The algorithm ensures Non-Repudiation by encrypting with the Sender’s Private key Internet Intranet Extranet Homer Marge Plaintext Encryption Decryption PlaintextCiphertext Homer’s Private Key Marge’s Public Key
  11. 11. PKI BASICS - Algorithms based on Public Key Cons • Algorithms are 100 – 1000 times slower than secret key ones They are initially used in an initial phase of communication and then secrets keys are generated to deal with encryptions • How are Public keys made available to the other people? • There is still a problem of Authentication!!! Who ensures that the owner of a key pair is really the person whose real life name is “Marge”? Internet Intranet Extranet Homer Marge
  12. 12. PKI BASICS – CERTIFICATE SIGNING & VERIFICATION
  13. 13. PKI SERVICES • Secure Email – sign and/or encrypt messages • Secure browsing – SSL – authentication and encryption • Secure code – Authenticode • Secure wireless – PEAP & EAP-TLS • Secure documents – Rights Management • Secure networks – segmentation via IPSEC, RPKI • Secure files – Encrypted File System(EFS)
  14. 14. PKI IN BANGLADESH – ROOT CA PKI service is regulated by the government body as Office of the Controller of Certifying Authorities (CCA) www.cca.gov.bd Objectives • Paperless Government Correspondence • e-Government • e-Procurement • e-Commerce • Electronic Document Signing • Internet Banking using digital signature • Device and Server Signing • Preventing Cyber Crimes Activities • Controlling Activities of Certifying Authority (CA) • Issuing, suspending and repealing CA license according to ICT Act 2006 (Amendment 2013) and ICT (CA) Rules 2010. • Leading and Maintaining of Public Key Infrastructure (PKI) activities. • Making Rules, guideline and regulation for PKI and controlling its standard. • Submitting investigation report before the Cyber Tribunal after investigating Cyber crimes under ICT Act, 2006. • Constituting Audit firm for auditing IT. • Prescribing rate of Digital Signature Certificate according to IT (CA) rules, 2010.
  15. 15. PKI IN BANGLADESH – MODEL Issued by Sub-CA Issued by Licensed CA Accredited by CCA Office of the CCA Root CA Licensed CAs (Public/Private) Sub CA (Internal/External) Subscribers
  16. 16. PKI IN BANGLADESH – Licensed CAs  Mango Teleservices Ltd. (www.mangoca.com)  Dohatec New Media. (www.dohatec-ca.com.bd)  Data Edge Ltd. (www.dataedgeid.com)  Banglaphone Ltd. (www.banglaphone.net.bd)  Computer Services Ltd. (www.ca.computerservicesltd.com)  Bangladesh Computer Council. (www.bcc.gov.bd)
  17. 17. PKI BUSINESS IN BANGLADESH
  18. 18. PKI BUSINESS IN BANGLADESH Service Provided: • SSL certificate for TT service & Foreign Remittance • Class 2 certificates Purpose: • Multifactor login from a dedicated system of distant branch. Secure communication channel between server & branch.
  19. 19. PKI BUSINESS IN BANGLADESH Service Provided: • SSL certificate Purpose: • To Secure communication channel between server & client.
  20. 20. PKI BUSINESS IN BANGLADESH Service Provided: • SSL certificate Purpose: • Secure communication channel between server & client.
  21. 21. PKI BUSINESS IN BANGLADESH Service Provided: • Class 2 certificates Purpose • Secure communication among 4 personnel of finance team.
  22. 22. PKI BUSINESS IN BANGLADESH Service Provided: • Class 1 certificate • Class 2 certificate • Class 3 certificate Purpose: • Issuing digitally signed registration cards & admit cards.
  23. 23. PKI BUSINESS IN BANGLADESH Service Provided: • Class 2 certificate • Cryptographic hardware token Purpose: • Document authorization, to use in e-file management system.
  24. 24. PKI BUSINESS IN BANGLADESH Service Provided: • Class 2 certificate • SSL certificate • Cryptographic hardware token Purpose: • Send & receive encrypted document within a secure channel.
  25. 25. PKI BUSINESS IN BANGLADESH Service Provide: Class 2 certificate SSL Certificate for JBGC Cryptographic hardware token Purpose: Document authorization & secure communication channel between server & client.
  26. 26. PKI BUSINESS IN BANGLADESH
  27. 27. ADVANTAGES OF LOCAL PKI • Local regulatory authorized. • Local law governed for legal assistance. • Accountability for service. • Local currency exchange and remittance. • Regulatory earning for government.
  28. 28. LIMITATION The only limitation so far is Bangladesh is not recognized internationally to PKI registry. Internet Explorer, Chrome, Firefox, Opera etc. browsers recognition is required. International PKI forum association is required.
  29. 29. CONCLUSION • For such technology progressive country we need data transaction security & authenticity. • For such services regulatory observation is highly required. • Accountability for local organizations will allow client trust & flexibility. • Local financial transaction will allow local revenue earning & government revenue.
  30. 30. QUESTIONS alfaruq@bdpeer.com ???
  31. 31. Gratitude Declaration Computer Services Ltd. Data Edge Ltd. Controller of Certifying Authority

×