Emerging issues on public information management. November 2011 Prof. Bae, Kyoung Yul Sangmyung University

Transcription

1 Emerging issues on public information management and information security November 2011 Prof. Bae, Kyoung Yul Sangmyung University

2 01 Introduction Contents Digital Convergence Information Security PKI Conclusion 2/48

3 01 Introduction 3/48

4 Introduction Data & Information & Knowledge Data: Raw, non-summarized and unanalyzed facts and figures Information: Data that have been converted into a meaningful and useful context for the receiver Knowledge: Human understanding of a subject matter that has been acquired through proper study and experience 4/48

5 Introduction What is Digital? Generates, stores, and processes data in terms of two states: positive and non-positive. A digital system uses discrete (discontinuous) values, usually but not always symbolized numerically (hence called "digital") to represent information for input, processing, transmission, storage Digital technology is primarily used with new physical communications media. Electronic transmission was limited to analog technology, which conveys data as electronic signals of varying frequency or amplitude that are added to carrier waves of a given frequency. 5/48

6 What is Digital? Introduction How they handle information How they view information How they process information Digital Immigrant Slow & controlled from limited channels Text before pictures, sounds and video Sequential, linear and logical Digital Natives Quickly from multiple sources Pictures, sounds and video before text Random access to hyperlinks multimedia information 6/48

7 Why Digital? Introduction Audio Digitalization Convergence IT/Service/Network Voice Data DMB, DMC Video Text 가 나 다 라 A B C D Devices Computer Tele Appliancecommuni cation Internet Wireless Broadcast Satellite Contents Entertain ment Education Information Digital Home Media Center MP3, MPEG 7/48

8 02 Digital Convergence 8/48

9 Digital Convergence Digital Convergence Convergence IT Service, Computing Networking, Ubiquity Anytime, Anyplace, Information Devices Any Device, Any Platform, Mobility, Accessability Seamless Broadband High Data Processing Power VVV VVV Real Time Information Processing Intelligence Artificial Intelligence Context Awareness Service VVVVV VVVVVVVVVVVVVV VVVVVVVVV VVVVV VVVVVVVVVVVVVVVVVV VVV VVVVV VVV VV VVVVV VVVVVV VVVV VV VVV VVVVVV V VVVVV VVVVVV VVV VVVVVV VVVVVVV VVVVVVVV VVVVVV VVVVVVVVVVVVVVVV VVVV VV VVVV VVVV 9/48

10 Digital Convergence Digital Convergence 10/48

11 What is ICT? Digital Convergence ICT, a driver of the socioeconomic mega trend leads to fundamental changes in the national society system A key to responding to future uncertainties and crisis Industry Design of 4 th space Employment Environment Real-time analysis and control Energy Interface detecting all 5 senses Nano robot u-life Active information security Communication through senses - Body media Welfare Education ICT Technology 11/48

12 Digital Convergence The application of ICT in interactions between Government and Citizens Government and Businesses Government and Employees Government and Government Publish Interact Transact Integrate Transform Information available online Two-way communication Transaction handled online Process, system and organisational integration Entirely new services delivered cross-agency through a centralized enterprise portal 12/48

13 Digital Convergence Use of ICT in Governance Constraints and Recommendations Constraints Recommendations Inadequate Access to ICT Public Awareness about ICTs Lack of integrated approach Lack of regulatory/legal framework Absence of processes and systems Create one-stop government portal Prioritization of Services Improve ICT access by citizens Emphasize Bangla interface for citizen services Need training and leadership from the government Awareness for the use of Open Source Payment Gateway 13/48

14 Digital Convergence Requirements for E-Government 14/48

15 03 Information Security 15/48

16 Information Security Security Freedom from risk or danger; safety. Freedom from doubt, anxiety, or fear; confidence. Something that gives or assures safety, as: A group or department of private guards: Call building security if a visitor acts suspicious. Measures adopted by a government to prevent espionage, sabotage, or attack. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. etc. 16/48

17 Information Security Data & Network Security? 17/48

18 Information Security Security Trend Exclusive systems Big, host types C/S types PC, Internet Mobile & Ubiquitous Users Role of information systems Direction of IT security PC Internet Mobile/ Ubiquitous E-commerce Economic infrastructure Lifelines for society, economy, and daily life Safe/reliable society Personal use Small/medium enterprises National security, calculation use Protection of military data. Reliability of systems Efficient work style, competitiveness Availability for critical infrastructure Network security for e-commerce Availability for IT systems in corporations Security for e-government Large enterprises Banking, transportation, energy sectors Government /48

19 Information Security Information Security Scope 19/48

20 Information Security Security Paradigm Technical Control S/W security Access control, Information Security Technical Hacking Physical Control H/W security Physical Intrusion Managing Control Human security Effluence of information 20/48

21 Information Security Technical Control Fundamental Defense IPS (Intrusion Prevention System) Secure Operating System Multilevel Security Data security Data Encryption DRM Watermarking 21/48

22 Information Security Physical Control Lock, DVR, guard Physical Security Systems Biometrics Bio Smartcard 22/48

23 Information Security Managing Security 23/48

24 Information Security Security for Network Communications Confidentiality Integrity Authentication Interception Modification Forgery Is Private? Has been altered? Who am I dealing with? Non-Repudiation Access Control Availability Not SENT! Claim Who sent/received it? Unauthorised access Have you privilege? Denial of Service Wish to access!! 24/48

25 Information Security DRM 25/48

26 Information Security DRM 26/48

27 Information Security Long Term Digital Signature For assuming paper documents and electronic documents, the same and specific period is required. (For example 10 years) 27/48

28 04 PKI 28/48

29 PKI Security for Network Communications organization Exclusive line/wired or Wireless Customer information Web server DB server user Internet firewall IPS AP server firewall Internet internal staff Subscriber section Data interception Malware execution Communication network section Data bugging Data alteration Web server section Application server section Data processing error Inadequate Inadequate access control, security settings authorization Inadequate patch Inadequate authentication management Intranet, user section Inadequate access control 29/48

30 PKI On the Internet, Nobody knows you re a dog 30/48

31 PKI PKI Breach of personal profile and credit card information at transaction Breach of personal profile in shared computer Cyber stealing Hacking on cyber securities & bank account / Stock price manipulation ID and password stealing Need of Strong Security Protection With PKI technology 31/48

32 PKI PKI Solution 32/48

33 PKI PKI Solution 33/48

34 PKI PKI Solution 34/48

35 Information Security PKI Structure A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. Security Services Threat Solution Root-CA Certificate Authority (CA) Authenticity Confidentiality Integrity Non-repudiation Unauthorized User Data Leakage Data Forgery Repudiation Digital Signature Encryption Digital Signature Digital Signature C Certificate R CRL Management Y T Operation O Management G Registration Authority (RA) R A P Certificate Y P U B L I C Management K E Y Registrarion Issue Revoke Renew Individual Corporation Server S/MiME 35/48

36 Information Security PKI Functions When to apply PKI techniques in each business unit, Security functions (Authentication, Integrity, Confidentiality, Non-repudiation) are applied as follows Problem Matched security method Protection Technology Difficult to verify user Authentication of identity Digital Signature Technology (User authentication) Easy to make forgery or modification on contents Guarantee Integrity Digital Signature Technology (Message authentication) Breach information Repudiate transactions Confidentiality Non-repudiation Encryption Technology (Message authentication) Digital Signature Technology (Message authentication) 36/48

37 Information Security Government PKI & National PKI 37/48

38 PKI Government PKI & National PKI Mutual Recognition Accredited CA National Root CA (KISA) Certification issuance / Management Accredited CA Certification issuance / Management Accredited CA Government Root CA (GCMA) Certification issuance / Management Certification issuance / Management Accredited CA E-Government Service Provider E-Government Service Provider Subscriber Subscriber 38/48

39 PKI Government PKI & National PKI 39/48

40 PKI Government PKI & National PKI 40/48

41 PKI PKI in e-government Applications Regional Administration - Service for counties - Access with certificates Taxation - National Tax Agency - Access with certificates National Financing Information System - Based on Internet banking, etc Electric document system - Interoperable with other systems Petition Service - Identify oneself online by certificates e-government Applications Public Key Infrastructure (PKI Center) Education Administration System -Teachers can assess with cert. Personal Management inside Government - All employees inside Government 4 Major Insurances data exchange - Labor, Medical care, Pension, Industrial disaster - Internet access with certificate Digital Signature & Seal -Distribute certificates -Develop and enhance system adopting certificates E-Supply (G2B) - Online bidding with certificate Enhance computerization - Sharing national resource information 41/48

42 PKI Services PKI Public Services Housing subscription deposit system, Education, Medical information, e-bidding ('06) Housing subscription, the year-end tax adjustment, NEIS, National health Insurance, etc. 42/48

43 PKI Services PKI Mobile Banking Mobile banking service with certificate ('07~) Transferring a certificate from PC to mobile phone Generating electronic signature in mobile phone 43/48

44 PKI in Korea PKI Establishing a reliable u-authentication System Extending the authentication means to Biometric, OTP with PKI certificate Extending the authentication object to devices Developing new PKI business model 44/48

45 PKI General PKI Issues PKI technologies have been matured However, lack of killer applications Long term signature retention is necessary Stable standards are needed for signature verification capability over long term period PKI supports high assurance security Many applications will reside on web services Trusted validation authority Out source validation service from client 45/48

46 05 Conclusion 46/48

47 Conclusion Integrated Computing 47/48

48 Thank You Do not squander time; for that s the stuff life is made of. - Benjamin Franklin 48/48