• No results found

Egyptian Best Practices Securing E-Services

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Egyptian Best Practices Securing E-Services"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

Egyptian Best Practices

Securing E-Services

Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant

Root CA Manager, ITIDA

Agenda

• Security Measures for E-Services

• Examples of E- Services Threats

• Egypt Legalizations Related to E-Services

• Egypt Procedures to Facilitate E-services

– Egypt E-Signature Infra-Structure

– Egypt Computer Emergency Response Team

• Demos of the Use of Egyptian E-Signature

(2)

Security Measures For E-Services

Confidentiality Authentication Data Integrity Non-Repudiation

Public Key Encryption Techniques Symmetric Key Encryption

Examples of E- Services Threats

Confidentiality Attack

Bob Bob Die Bob Sends A Message to John John Receives the Message Man In the Middle Attacker

(3)

Examples of E- Services Threats

Authentication and Non-Repudiation Attacks

This link is sent the customer to faked web site to harvest logins and personal

information. (Phishing E-mail)

Examples of E- Services Threats

Data Integrity Attack

Original

Image 1

Tampered

Image1

(4)

Original

Image 1

Tampered

Image1

Examples of E- Services Threats

Data Integrity Attack

Egypt Legalizations Related to E-Services

• E-Signature Law

(5)

Drafting an Electronic Signature Law

• National E-Signature Committee (members):

– Ministry of Communications and Information Technology

– Ministry of Justice

– Ministry of Economy and Foreign Trade

– Ministry of Finance

– Ministry of Foreign Affairs

– Ministry of Interior

– Ministry for Administrative Development

– Central Bank of Egypt

– Cabinet Information & Decision Support Center

E-Signature Law

- In 2004, law no. 15 was officially released to help enforce the e-Signature in Egypt and to establish the (Information Technology Industry Development Agency–(ITIDA).

- The Executive Directive of the E-signature law issued in May 2005

- The e-signature law establishes legal recognition of electronically (digitally) signed documents and contracts as well as (unsigned) electronic documents - The establishment of ITIDA supports Egypt’s e-services industry by securing

(6)

Continue……

• In 28th, September 2009, Prime Minister Dr. Ahmed Nazif witnessed the

launch of E-Signature services for the public and private sectors and the inauguration of the Egyptian Root-CA trust center, marking the e-signature authorization by the Information Technology Industry Development Agency (ITIDA).

Egyptian E-Signature Infra-Structure

National ROOT Certification Authority

Country XY recognitionCross

Signature Key Holders ( End Users) Gov Employees CSP1 CSP2 CSP3 CSP4 GOV CA Operates Certifies Issues

(7)

Regulating Digital Certificates

Request for digital certificates

Digital Certificates

 Information Technology Information Technology Industry Development

Industry Development AgencyAgency (E

(E--Signature regulator)Signature regulator)

Client Organizations Client Organizations Digital Digital Certificate Certificate Providers Providers

The Egyptian Root CA

- As one of its primary roles, ITIDA operates the Egyptian Root Certificate Authority (Root CA) according to the highest security standards offering a continuous 24hx7 operation (based on the means of a 2nd hot-standby Trust Center).

- The national Root CA is the trust anchor for all relying parties within that domain. Furthermore, the national Root CA is the legal and national base upon which all IT applications, E-commerce and E-business Transactions will be affected.

(8)

Root CA Key Functions

• Issues digital certificates for licensed certificate service providers (CSPs) and publish them to be available 24/7.

• Helps to prove or deny instantaneously the validity of digital certificates of the licensed CSPs by providing both OCSP Service and LDAP directory.

• Root CA has the rights to stop the operation of any CA in case of security deficiencies.

• Working as TSA (Time Stamping Authority) for CSPs.

Continue……

• Responsible for interoperability between other countries providing a point of communication between Egypt and other nations in relations of E-signature.

• Auditing all the PKI technical requirements of CSP’s against the Egyptian executive directives and all the updated international standards.

• Offers technical consultations to all the community in the field of Information Security especially in Public key Infrastructure.

(9)

Achievements……

• Root CA main trust center with 6 IT fortified rooms and more than 40 different types of servers and security equipments has been implemented to operate 24/7

by 100% highly trained Egyptian staff.

• GOV- CA trust center is implemented and is ready to serve the governmental organizations.

• Signing an MOU with the German Root CA to facilitate the cross recognition with the German Root CA.

• Three private CSPs are ISO 27001 certified and passed ITIDA audit (financial, legal and technical) and now are ready to issue digital certificate under the hood of Egyptian Root CA (16000 Certificates Up till now).

Continue……

• The first two deployed private CSP have been securely connected to the Root CA main trust center to maintain a copy of all the issued digital certificates and CRLs to maintain client rights in case of disaster.

• Auditing process by ITIDA is to be continued for the remaining CSPs.

• Home made E-signature tools are ready to be used

– (Egyptian Smart Token (with and without Fingerprint). – E-Signature Applications (Desktop, Web, and Mobile)

(10)

Cyber Security and Data Protection Law

• The Law is prepared by Government, Private sector and Academia as well as

Legal and technology experts.

• The Law will be endorsed at the end of this Year

Egypt Computer Emergency Response Team

• Egyptian CERT mandate is to support the Egyptian society in working with protection against IT incidents and is the central report and coordination point for relevant security incidents for the government activities (starts with Telecom and banking sectors).

(11)

1st Phase of Egyptian National CERT

The initial activities that the national CERT starts with are as follows:

• Incident Handling.

• Incident analysis : forensic collection and analysis • Alerts and Warnings.

• Announcements. • Technology Watch. • Security Audit. • Intrusion Detection.

2nd Phase of Egyptian National CERT

• Vulnerabilities handling • Development of Security Tools

• Configuration and Maintenance Security Tools, Applications and Infrastructure. • Security Quality Management Services

(12)

Demos of the Use of Egyptian

E-Signature Software and Tools to

Secure E-Applications

(13)

ITIDA Cryptography Suite

(14)

Mobile Phone Application

The Future……

• Finalizing the Root CA disaster recover site at the Ministry of finance premises 30 KM apart from the Root CA main site.

• Doubling the staff to achieve the business continuity.

• Cross recognizing our Egyptian Root CA with other imitates in other countries.

(15)

Questions ???????

References

Download now ( PDF - 15 Page - 502.11 KB )

Related documents

Claims Management Services Get help to analyze the problem and execute an effective remediation plan

• Operational analytics, which support compliant, risk-focused claims administration processes with “look-back” capabilities for evaluating processes and

Automatic Traffic Light Using PIC Microcontroller Code , Circuit Diagram and Explanation – Electronify

Turn on led_Red1 Turn on led_Green2 Wait 30 seconds Turn on led_Yellow1 Turn on led_Yellow2 Wait 3 seconds Turn on led_Red2 Turn on led_Green1 Wait 20 seconds Turn on led_Yellow1

Astrocytic TDP-43 pathology in Alexander disease

Phosphorylated TDP-43 also accumulates in the detergent-insoluble fraction from affected brain regions of Gfap R236H/ ⫹ knock-in mice, which harbor a GFAP mutation homologous to

Lectro Dryer

Normally Open (N.O.) auxiliary contact is provided for remote indication of High Inlet Dewpoint Alarm. See wiring diagram for actual terminal numbers. Relay is energized during

Financial Innovation and Advancing Information Technology Values in Indian Banks

Today with advancement of technology and its adoption by banking industry a variety of channels and various customer touch points have been integrated so

Intimacy With the Holy Spirit

Mark’s new book has sparked in me a new hunger to say once again: “Holy Spirit, I want to know You more.” I know that as you study the work and the person of the Holy Spirit laid

Fine art therapy

artistic therapy, fine art therapy – definicja (określenie) przedmiotu plastykoterapii: plastykoterapia, terapia przez plastykę (leczenie przez plastykę), terapia przez sztukę