Public Key Infrastructure[PKI]in

Thailandby

Rear Admiral Prasart Sribhadung

Rear Admiral Prasart Sribhadung

• Dean, Graduate School of Internet and E-Commerce, Assumption University

• President, Association of Thai Internet Indusdry (ATII)

• Advisor, Past Vice President Computer Association of Thailand Under the Patronage of H.M. the King (CAT)

• Advisor Thai Internet Service Provider Club (TISPC)

• Member, Internet Policy Sub Committee, NITC, Ministry of Science

• Member, Computer Terminology Committee, The Royal Institute

• Member, National Copyright Committee, Ministry of Commerce

• Chairman, Computer Software Copyright Promotion Subcommittee, Ministry of Commerce

• Member, Cyber Inspector, Ministry of Information and Communication Technology

Rear Admiral Prasart Sribhadung

• Former Managing Director A-Net Co. Ltd. Business Online Co. Ltd.

• Former Vice Chairman ANEW Corporation

• Former Director Naval Data Processing Center

• Former Lecturer Naval Academy (Operations Research and Computer Programming)

• Former Lecturer Naval Staff College (Operations Research)

• Former Lecturer NIDA and UTCC (Operations Research)

Public Key Infrastructure (PKI)

• The concept of public key infrastructure (PKI) enables you to bring strong authentication and privacy to the online world.

• By using public key cryptographic techniques and encryption algorithms, you can provide a means to identify users and ensure that no one but the intended recipients of data can have access to the data or any other network resources.

Public Key Infrastructure (PKI)

• PKI is a solution that includes technological, procedural, and personnel elements.

• The key technological elements of a PKI solution are the private key, public key, and certificate authority (which creates and oversees the digital certificate).

• The procedural elements are the security policies that govern the use of the technological elements.

• The personnel elements are the cultural requirements of the user community that uses the solution.

Public Key Infrastructure (PKI)

• The purpose of a PKI solution is to give a user a means of identifying himself in the electronic world.

• This is done through the use of asymmetric cryptographic techniques and the creation of digital certificates.

• A user utilizes a complex mathematic algorithm to create a public key and private key pair.

• The public key is distributed to anyone with whom he wants to establish secure communications.

• The private key is kept safely in the sole possession of the owner and is never disclose to anyone else.

Public Key Infrastructure (PKI)

• After a user have created a key pair, he needs to have his identity validated by a trusted third party which is known as the certificate authority (CA) . He submits his public key to the CA and authorizes it to investigate him to prove his identity.

• After the CA has affirmed that the user is who he claims to be, it then adds its digital signature to the public key and adds information about the user to create an X.509 digital certificate

• PKI is the infrastructure required so that the utilization of Digital Signatures will be possible

PKI in Thailand

• PKI-related initiatives/projects in Thailand started in 1999 within the Government Information Technology Services (GITS) which operated as part of NECTEC to leverage the pool of manpower, expertise and other common infrastructures.

• Thai Digital ID Co.Ltd. The first CA in Thailand was established in 2000 and had its first key pair called “Root Key” generated on 4th September 2000. CA service was available in April 2001.

• June 2001, ACERTs Co.Ltd was established as the second CA in Thailand with collaboration with Netrust Pte. Ltd. of Singapore and started its CA operation in Dec 2001.

PKI in Thailand

• GITS started test running CA service for government agencies in 2002.

• On 19th August 2003, TOT Corporation Public Company establish a CA in collaboration with UniCERT of Baltimore USA.

IT Laws in Thailand

• The Ministry of Science, Technology and Environment proposed six new laws to develop IT infrastructure for Thailand and was approved by the cabinet in December 1988, they are:

• 1. Electronic Transactions Law• 2. Electronic Signature Law• 3. Universal Access Law• 4. Computer Crime Law• 5. Data Protection Law• 6. Electronic Funds Transfer Law.

• The first two were combined into one and was proclaimed “Electronic Transaction Act B.E.2544” on 2nd December 2001.

Digital (Electronic) Signature

• Electronic Transaction Act B.E.2544 Chapter 2, Section 26, stated that an electronic signature is considered to be a reliable electronic signature if it meets the following requirements:(1) The signature creation date are, within the context in which they are used, linked

to the signatory and to no other person;

(2) The signature creation date were, at the time of signing, under the control of the signatory and of no other person;

(3) Any alteration to the electronic signature, made after the time of signing, is detectable; and

(4) Where a purpose of legal requirement for a signature is to provide assurance as to the completeness and integrity of the information and any alteration made to that information after the time of signing is detectable.

The provision of paragraph one does not limit that there is no other way to prove the reliability of an electronic signature of the adducing of the evidence of the non-reliability of an electronic signature.

PKI

• Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption

• PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can:– Issue digital certificates– Issue crypto keys– Provide tools to use crypto to secure information– Provide verification and return of certificates

The Use of Public-Key Cryptosystems

• We can classify the use of Public-Key Cryptosystems into three categories:• 1. Key Exchange: The two communicating partners cooperate to exchange a se

ssion key. Several approaches are possible, involving the private key(s) of one or both parties.

• 2. Digital Signature/Authentication: The sender “signs” a message by encrypting with his private key. That is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message.

• 3. Confidentiality(Secrecy) The sender encrypts the plaintext message with the receiver’s public key and sends the ciphertext, then the receiver decrypts the ciphertext with his own private key to retrieve the plaintext message. (This is only possible for a small plaintext)

• Some algorithms covers all three applications, others can manage one or two of those applications.(see table 6.2, p.170)

Public Key Encryption

•If Alice wishes to send a confidential message to Bob, she uses Bob’s public key to encrypt the plaintext message, then sends the ciphertext to Bob• When Bob receives the encrypted message, Bob decrypts the ciphertext with his private key, revealing the plaintext message from Alice

Public Key Encryption

Digital Signature

• An interesting thing happens when the asymmetric process is reversed, that is the private key is used to encrypt a short message

• The public key can be used to decrypt it, and the fact that the message was sent by the organization that owns the private key cannot be refuted

• This is known as nonrepudiation, which is the foundation of digital signatures

• Digital Signatures are encrypted messages that are independently verified by a central facility (registry) as authentic

Hybrid

• In practice, pure asymmetric key encryption is not widely used except in the area of certificates

• It is more often used in conjunction with symmetric key encryption creating a hybrid system

• Use the Diffie-Hellman Key Exchange method that uses asymmetric techniques to exchange symmetric keys to enable efficient, secure communications based on symmetric keys

• Diffie-Hellman provided the foundation for subsequent developments in public key encryption

Digital Signature

Digital (Electronic) Signature

• Electronic signature means letters, characters, numbers, sounds or any other symbols created in electronic form and affixed to a data message in order to establish the association between a person and a data message for the purpose of identifying the signatory who involves in such data message and showing that the signatory who involves in such data message and showing that the signatory approves the information contained in such data message.

Digital Signature

• PGP signatures look like this:

• ---- BEGIN PGP SIGNED MESSAGE----

• Really Good Electronics - Chip Prices

• 1MB 2 CHIP 80 NS $20.25

• 1MB 2 CHIP 70 NS $20.75

• 1MB 8 CHIP 80 NS $18.70

• 1MB 8 CHIP 70 NS $19.60

• 1MB FX (Any speed) $16.80

• For information, call 800-RAM-GOLD

• ----BEGIN PGP SIGNATURE----

• iQCVAgUBLlgEEHD7CbCQPJJ1AQEMXgQAueUPPrpYeb13RZMPD4f8QmW+pQs/ay2P

vrtD+kL0zz3LczxoK3XDdvRj1eRYviXYaJhvSt13cK7+D71no1mFHWv3DS7tBJzpG3hJ

RUr6guRoekcYWXPR7OZhW9VTUHNoIG/OpK23HCatd9f+81TafeUc160k9/CMKj034

kZ1hz8=

=jRLh

----END PGP SIGNATURE----

Signing a Digital Signature

Unsignedplaintext document

Digital signatureapplied byencryptionwith MD5/RSAsender’sprivate key

Documentwith signaturecompressed

Attachedencryptedsession keydecryptedwith receiverprivate key

ASCIIarmorremoved

Messagereceived inASCIIarmorformat

Verify signatureusing senderpublic keyRSA/MD5

File convertedto ASCIIarmorformat

Decompressfile revealingplaintextmessage andsignature

Compressedencryptedsigned messagedecrypted withsession key

The sessionkey (IDEA )isencryptedusing RSAreceiver’spublic key and attached

Compressedsigneddocumentencryptedwith IDEAsession key

Message file transferred