1 / 13

AN APEC PERSPECTIVE

AN APEC PERSPECTIVE. Steve Orlowski Chair eSecurity Task Group APEC Telecommunications and Information Working Group. BACKGROUND. Established 1997 under the APEC Telecommunications and Information Working Group Two main areas: electronic security (added 2000) electronic authentication

apria
Download Presentation

AN APEC PERSPECTIVE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AN APEC PERSPECTIVE Steve Orlowski Chair eSecurity Task Group APEC Telecommunications and Information Working Group

  2. BACKGROUND • Established 1997 under the APEC Telecommunications and Information Working Group • Two main areas: • electronic security (added 2000) • electronic authentication • Sub group - PKI Interoperability Expert Group • Liaison with other international bodies

  3. CURRENT ACTIVITIES • APEC Cybersecurity Strategy • CERT capacity building • Cybercrime legislation survey • IT security training material • Compendium of IT security standards • IT security skills recognition • Encryption policies • Electronic authentication

  4. ELECTRONIC AUTHENTICATION • Issues paper published (hard copy and electronic) • covers all technologies • PKI interoperability - mapping of accreditation schemes

  5. ISSUES PAPER • Business models • Technology • User requirements • Trust • Cultural differences • Legal issues

  6. PKI INTEROPERABILITY • Differing Approaches • APEC mapping of accreditation schemes • legal • policy • technical • APEC high level principles for schemes

  7. APPROACHES • Hierarchies • root CA • Cross certification • CA to CA • Cross recognition • scheme to scheme

  8. CROSS RECOGNITION • Developed by APEC • Maps accreditation schemes rather than individual CAs • Public or private sector • Assurance and evidence of legal effect • Accreditation certificate • unilateral cross certificate • similar to TSP data • Certificate trust lists

  9. CA MAPPING • Based on RFC 2527 • Approx 200 points of comparison • Rough equivalence • Australia - Gatekeeper grade 2 (mid level) • Canada - GoC PKI medium • EU - qualified • Singapore - advanced • United States - FBCA medium • Identrus (Australian implementation) • Hong Kong to join

  10. HIGH LEVEL GUIDELINES • Based on a series of questionnaires • High level principles developed • Accepted by TEL 27

  11. PRINCIPLES • Legal • recognition of foreign schemes • technology not mandated • Policy • based on internationally recognised standards • Technical • identification and naming • FIPS, common criteria or equivalent technology • archives • directory access

  12. STANDARDS REQUIREMENTS • Cryptographic modules • FIPS 140-2 to ISO April 2003 • Implementations • physical • personnel • administrative • overall technical • CA protection profile for issue of qualified certificate or equivalent?

  13. REFERENCES • eSTG Website http://www.apectelwg.org/apec/atwg/preatg.html • Principles http://www.apectel27.org.my/ESTG-8.doc • Mappings (not EU) http://www.apectel27.org.my/ESTG-5.doc

More Related