1 / 11

Prof. Sokratis K. Katsikas University of the Aegean, Greece

PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey. Prof. Sokratis K. Katsikas University of the Aegean, Greece. Research team. Scientific Director Asst. Prof. Stefanos Gritzalis Technical Director Prof. Sokratis Katsikas Quality Reviewer

samantha-sheppard
Download Presentation

Prof. Sokratis K. Katsikas University of the Aegean, Greece

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKI services in the Public Sector of the EU Member StatesObjectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean, Greece

  2. Research team • Scientific Director Asst. Prof. Stefanos Gritzalis • Technical Director Prof. Sokratis Katsikas • Quality Reviewer Asst. Prof. Dimitris Gritzalis • Researchers Asst. Prof. Lilian Mitrou Asst. Prof. Yannis Stamatiou Dr Dimitris Lekkas

  3. Facts... • Increasing use of technology and the Internet by huge numbers of people. • Government organizations are in a transition state: from the “paper-based” to the “paper-less” office. …these led to the idea of making available online public services (i.e. G2G and G2C transactions). • A considerable advantage: Transactions can take place with unprecedented ease at high speed, with no need for physical presence of either of the transacting parties at the transaction site. • A considerable disadvantage: Security problems and privacy threats. Which leads us to …

  4. Basic security requirements • Confidentiality • Access to information to authorized entities only. • Integrity • Modification of information only by authorized entities. • Availability • Information available to authorized entities upon • request within reasonable time. • Non-repudiation • Impossibility of later denial of a committed action

  5. Addressing security requirements • Public Key Cryptography (PKC) is an effective technology to establish the baseline security requirements. • To support PKC, it is necessary to establish an appropriate infrastructure, the Public Key Infrastructure (PKI). • A series of technological and legal issues need to be addressed (and resolved) before establishing a PKI.

  6. The objectives of our survey • To identify the extent of the use of electronic signatures towards the establishment of e-government services. • To identify the technologies employed for the exploitation of e-signatures. • To investigate the legal issues involved in the use of e-signatures. • To identify ways of managing certificates in the public sector. • To provide a set of good-practices regarding the above issues.

  7. Components of our methodology • Review current status (identify the current status regarding the use of e-signatures in the EU) • Investigate legal issues pertaining to e-signatures (review legal and regulatory issues regarding the use of signatures) • Investigate already employed technical standards (review the e-signature standards in place) • Review relevant case studies (where available) (information stemming from relevant surveys) • Make use of questionnaires (conclusions drawn from responses to appropriate questions)

  8. Expected results Questionnaires Reviews Good practice for the Public Sector in EU Member States Case-studies EU legal issues Employed technical standards

  9. Questionnaire We have prepared, for distribution, a questionnaire comprising 27 questions, grouped in 5 categories, relating to: (a) existing e-services (b) legal status of certificates (c) use of certificates in the public sector (d) requirements from Certification Service Providers (e) use of certificates for G2G and G2C transactions

  10. Issues discussed in a good-practice proposal • Architecture of and technologies needed for a PKI environment • Interoperability • Legal status of a Certification Authority (CA) • Certification hierarchy levels and cross- certification • Role and identity certificates • Certificate revocation and expiration policy • Registration Authorities (RA) • …

  11. Summary Towards a good-practice guidance, for the exploitation of Public Key Infrastructure by the Public Sector

More Related