1 / 21

PKI in Saudi Arabia Design, Services, and Policies

Arab Forum on e -transactions Security the Public Key Infrastructure (PKI), Tunisia, 25-27 January 2010. PKI in Saudi Arabia Design, Services, and Policies . Dr. Fahad Al Hoymany Senior Advisor Director of National Center for Digital Certification MCIT, Saudi Arabia. Jan 26, 2010.

ulric
Télécharger la présentation

PKI in Saudi Arabia Design, Services, and Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Arab Forum on e-transactions Security the Public Key Infrastructure (PKI), Tunisia, 25-27 January 2010 PKI in Saudi ArabiaDesign, Services, and Policies Dr. Fahad Al Hoymany Senior Advisor Director of National Center for Digital Certification MCIT, Saudi Arabia Jan 26, 2010

  2. Saudi PKI Services and Structure • PKI is a security infrastructure adopted by Saudi Arabia to provide: • (1) Confidentiality • (2) Authentication • (3) Data Integrity • (4) Non-Repudiation/Digital Signature • The Saudi PKI is based on a hierarchical CA model. • All CAs are housed in and operated by The National Center for Digital Certification (NCDC). • The Saudi PKI consists of two main CSPs: • Government CSP for servicing the government sector. • Commercial CSP for serving the private sector (and others). Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC) Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  3. Saudi PKI Structure National Policy Authority Root CA Foreign CA Government CA Commercial CA Government CSP Government CSP Commercial CSP Commercial CSP ... RA PA RA PA RA PA RA PA Subscribers Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  4. Saudi PKI Strategy • Centralized certificate issuance and management. • Distributed user registration and management. • National PKI policies drive acceptance. • e-Government is the driver for successful PKI deployment. • Issue separate certificates for authentication, signing, and encryption. • Use smart card, USB token, and roaming methods. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  5. Structure of Certificate Chain Root CA Certificate Government CA Certificate User Certificate Identity of Root CA associated with public key and signed by Root CA (itself) Identity of Government CA associated with public key and signed by Root CA Identity of user associated with public key and signed by government CA Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  6. Browser ID : 123456 المفتاح الخاص Secure Transactions Challenge- Secret key response exchange Example: Customer Logs on to Bank Website Ahmad Ibrahim National ID: 123456 Account No: 7788 Balance = $75000 Ahmad ID 123456 --------- --------- --------- --------- Acct 7788 --------- --------- --------- --------- Bank Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  7. Certificate and Key Lifetimes • Certificate life times are as follows: • End Users (including Non Humans and Entities) : 3 Years • CA (Level 1 CA) : 10Years • Root CA: 20Years • Key lengths are as follows: • End Users (including Non Humans and Entities) : 1024 bits • CA (Level 1 CA) : 2048 bits • Root CA: 4096 bits • No certificate renewal is done, except at key update times, unless CSP’s policy demands otherwise. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  8. Backup and Recovery • Signing keys are never backed up. • Difficult to enforce non-repudiation if signing key is backed up. • The creation of a signing key would be done under the control of the user. • Key backup, Archive/History, Escrow, and Recovery will be provided for all CSP’s. • Key history will be included on user cryptographic tokens for convenience. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  9. Types of PKI Certificates Email Certificate Name Certificate ahmad@org.gov.sa Ahmad Ibrahim Abdullah Linking Email address to a public key Linking name to a public key • Used for signing, encrypting, and authentication via Email address. • Used for signing, encrypting, and authentication via person’s name. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC) Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  10. Types of PKI Certificates Website Certificate National ID Certificate www.Bank.com.sa 123456 Linking website address to a public key Linking ID to a public key • Used for signing and authentication via domain name. • Used for signing and authentication via national ID number. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC) Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  11. Types of PKI Certificates Mobile Number Certificate Device Certificate 0504443245 192.23.45.11 Linking mobile number to a public key Linking IP address to a public key • Used for signing, encrypting, and authentication via mobile number. • Used for signing, encrypting, and authentication via IP address (or any other device identifier). Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC) Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  12. Electronic Transactions Act • The Act aims at the control, organization, and provision of a regulatory framework for electronic transactions and signatures to achieve the following:- • Establish standard rules for using electronic transactions and signatures and facilitating their application in the public and private sectors by means of reliable electronic records. • Give credibility and accord trustworthiness to the accuracy and integrity of electronic transactions, signatures, and records. • Streamline the introduction of electronic transactions and signatures both at the national and international levels. • Prevent misuse and fraudulent practices in electronic transactions and signatures. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  13. Warranties, Liabilities, and Indemnification • Warranties: • Root CA and CSPs ensure that they provide services consistent with the CP, CPS and operating rules. • No warranties as a result of loss due to war, natural disasters, unauthorized use of certificates, negligence, etc. • Liabilities: • End-users, RAs, and CSPs are liable for misrepresentation of certificate information. • Subscribers are liable for breach of Subscriber’s agreement. • Relying Parties are liable for failure to perform according to Relying Party Agreement. • RAs are liable for failure to perform according to Registration Authorities agreement. • NPA will set liability limits and indemnification outreach. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  14. Dispute Resolution • Dispute Resolution Committee arbitrates on all claims or disputes. • NPA will define the role of Dispute Resolution Committee: • Objectives and responsibilities. • Reporting structure. • Relationships with other NPA committees, CSP Policy, Authorities and outside parties. • Rules of procedures and practice. • Powers and jurisdiction. • Dispute Resolution Policy includes: • Types of claims and disputes it applies to e.g. key/certificate management, time-stamping, transactions, etc. • Applicability (to whom it applies to). • Dispute resolution procedure. • Any exceptions or exclusions. • Voluntary mediation first, then binding arbitration. Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  15. Center Photos Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  16. Center Photos Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  17. Center Photos Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  18. Center Photos Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  19. Center Photos Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  20. Center Photos Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

  21. http://www.pki.gov.sahttp://www.ncdc.gov.sa THANK YOUFurther information can be found here: Dr. Fahad AlHoymany, National Center for Digital Certification (NCDC)

More Related