Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application
A vision on a national Electronic A vision on a national Electronic Authentication InfrastructureAuthentication Infrastructure
MINISTRY OF INFORMATION AND COMMUNICATIONSSymposium on buiding an Electronic Authentication Infrastructure for the deployment of online public services and administration reform
NCDSANCDSA
ROOTCA
2
Introduction of an effort of Viet Nam in building a nation-wide infrastructure for effectively securing electronic transactions
Agenda 1. Introduction2. Electronic transactions trend3. Business requirements for an electronic
Authentication Framework4. Outline an Electronic Authentication system5. Conclusion
AgendaAgenda
NCDSANCDSA
ROOTCA
3
Demand for electronic Demand for electronic transactionstransactions
Increasing trend of electronic transactions Communication channel between state agencies and society E-commerce and commercial support activitiesInternational agreements
Effort of Viet Nam in e-government developmentVietnam’s rank in terms of the e-gov readiness index improvedE-government: …where Internet and related technologies has the potential to transform the structures and operation of government (UN). Transactions between the administration and its citizens, private sector going to be online
NCDSANCDSA
ROOTCA
4
The information security requirements for electronic transactions
Confidential/PrivacyAuthenticationIntegrityNon-repudiation
Without information security measures: PAIN
Modern ways to secure electronic transactions
Information security for electronic transactions
NCDSANCDSA
ROOTCA
5
Some major PKI projects: Toward e-government development
Ongoing PKI projectsE-Tax, E-custom: MOFE-Banking: VSBE-Certificate of Origin, Chemistry registration: MOITE-Intellectual Property: MOSTE-Procurement: MPI
Others projects in the IT application plan 2010Integrated E-mail systemDocument sharing
NCDSANCDSA
ROOTCA
6
Multi Factor Tokenc
Very High
High
Average
StandardLow
A mouse click
Knowledge- based
Pin/Password
-
PKI
Cost
Level of authentication
Levels of Authentication
Information security requirement: case by case
High: Payment in a commercial dealLow: Transportation fee paymentBanking electronic transactionsc
Not every transaction requires all PKI properties
The common requirement is authenticationCriteria to select appropriate measures
NCDSANCDSA
ROOTCA
7
Lesson from abroad
The reference countries USAAustraliaSingaporeOther countries
The concepts: Authentication principles and the mechanism to facilitate these principlesElectronic Authentication Framework (NeAF) and Infrastructure to facilitate the framework (NeAS)
NCDSANCDSA
ROOTCA
8
Toward a nation-wide electronic authentication framework
GoalsProtect investmentFacilitate simple solutions for applications encompassing authentication functionsEasy the technology upgrade
ScopeScope: Concentrate on the government activities
NCDSANCDSA
ROOTCA
9
NeAF: Project
In the framework of WB Project: Consultancy on a PKI scheme to support e-Government development and on a Proposal for the National e-Authentication Framework
With cooperation of leading international and regional Information security vendors
Tentative finish date: 2011
NCDSANCDSA
ROOTCA
10
NeAF: Project organization
Supporting team work leaded by NCDSA (AITA, MIC)
Our mission:Determine appropriate objectivesSupport and assistantTechnology and knowledge transfer (to action)Monitor the quality
NCDSANCDSA
ROOTCA
11
NeAF: Objectives
Develop a proposal for the national e-Authentication framework that consists of:
Principles and methodologiesTechnologies, policies, procedures, and assessment framework for electronic transactions in e-Government development and socio-economic development. Architecture, main technical specification of authentication service components, and their interface specifications.
Develop the capacity to build up expertise for e-Authentication.
NCDSANCDSA
ROOTCA
12
NeAF: Issues
Manage the risks associated with the online transactions in the future e-Government of Vietnam and e-Commerce
Considering all authentication risk factorsHelp determine the appropriate authentication methods for each electronic transaction type
Deliver an outline design for the electronic authentication system based on the framework
For futute investment proposal
NCDSANCDSA
ROOTCA
13
NeAF: Reference
Address most issues that have occurred in authorizing electronic transactions in IT advanced countries
The reference countries are USA, Canada, Australia and Singapore.The international experience from the work being conducted under the STORK and PEPPOL projects relating to adoption of PKI in electronic IDs and public procurement processes in the EU will be specially interested in.
The designs’ reference countries are USA, Canada, and Australia.
NCDSANCDSA
ROOTCA
14
NeAF: Feature requirements
Main Issues for National e-Authentication Framework and electronic Authentication system
Risk ManagementSecurityPrivacyDisclosure RequirementsComplaints HandlingStandards
NCDSANCDSA
ROOTCA
15
NeAF: Feature requirements (cont.)
Main Issues for National e-Authentication Framework and electronic Authentication system
ScalabilityBalancePrinciplesAuthentication assurance levelsApproachCost- EffectivenessIntegration
NCDSANCDSA
ROOTCA
16
Implementation: Model and components
National Electronic Authentication System: Provide authentication services to agencies and public electronic transactions.Federated Authentication Model: With multiple types of credentials Components
Application Service Providers Credential Service Providers: Support 3rd partiesEnd Users
Authentication scenarioassertion-basedcertificate-based
NCDSANCDSA
ROOTCA
17
CSP(s)Ministry A
Website
Branh B
Portal
Operation Model of NecAS
User(s)
Select the level of authentication based on business requirements
Credential type A
Credential type B
NCDSANCDSA
ROOTCA
18
Provide user authentication services to state agencies’ public websites, focus on:
Key agencies Only administrative public services
Performance requirements for the 1st phase
Able to serve around concurrent 100 authentication requests.
Not every access needs authentication.
National Authentication Systems (Phase I)
NCDSANCDSA
ROOTCA
19
To extend in the future to cover all public services
Promote PPP
Extending capabilities and integrated technologies
Implement multiple types of credentialImproving performance
National Authentication Systems (Phase II)
NCDSANCDSA
ROOTCA
20
Conclusion
Data sharing requires information security and authentication
NeAF and NeAS help efficient development of e-gov applications that need authentication
Firm infrastructure invested by government and PPP are needed
Thank you very much!Thank you very much!Thank you very much!Thank you very much!National Centre of Digital Signature Authentication (AITA, MIC)E-mail: [email protected] Tel: 0983 264 287