homeland security

www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved

P a r t n e r s i n B u i l d i n g U A E ' s S e c u r i t y & E c o n o m y

Homeland Security Exploring the Role of National Identity

Management Infrastructure

Presented by Dr. Ali M. Al-Khouri

In: Homeland Security Summit Middle East 27-28 May 2013 | Abu Dhabi | UAE


• Introduction: Definitions

• Identity Terrorism

• Modern Identity Management Systems

• Digital Signature and Trust

• Interoperability and Standardisation

• Concluding Remarks

Agenda








Agenda



Homeland Security Wikipedia Definition

.. refers to the broad national effort by all levels of government to protect its territory from hazards, both internal and external, natural and man-made.

Homeland Security, URL=http://en.wikipedia.org/wiki/Homeland_Security

http://en.wikipedia.org/wiki/Homeland_Security


Homeland Security & Terrorism Terrorism evokes conjectures of images [violence and destruction]

… associated with the term “Terrorism”.. which can be defined as a primarily a psychological tool of “strategic leveraging” and a form of “propaganda by deed,” that can be utilized by both anti-state partisan revolutionary groups and state leaderships.

Hall Gardner Professor of International Politics at

the American University of Paris

“modern day terrorism is conducted not necessarily by physical gore but a concerted psychological warfare ..”


Homeland Security Forms of Terrorism

Classical Definition 1. Anti-state terrorism disrupt states and undermine governments, black and gray market economies. 2. State-sponsored terrorism disrupt political economies of rival states, attack leaders and supporters of opposition movements. 3. Totalitarian terrorism Fear & control society 4. Street terrorism kidnapping, drug smuggling, contract killing ..


Homeland Security Forms of Terrorism

Neo Definition 1. Bio Terrorism [biological and chemical warfare] 2. Cyber Terrorism [loss of billions of dollars] 3. Nuclear Terrorism 4. Eco Terrorism [Ecological destruction] 5. Narco Terrorism [drug abuse] 6. ??

assumed newer proportions and

has gone beyond physical

realms into virtual realms


Homeland Security Emerging Threats

… each form of terrorism use Identity or misuse Identity.








Agenda



Homeland Security Identity is required for any transaction

Imposters carry out illegal transactions using aliases and fraudulent identities.

Documents are forged

falsifying otherwise legal documents

huge financial transactions that

fund acts of terrorism


It takes 130 person-hours to rebuild a digital identity after it has been compromised. . .

Identity Terrorism Identity in the Digital World One of the primary

factors underlying these problems is the lack of security in government-issued identity credentials. For example, Social Security cards have no security features, even though a Social Security number is one of the primary and most frequently used personal identifiers in America.

A 2010 report from the U.S. Department of Justice


• Identity Theft Almost 9 million people have their

identities stolen every year (US Federal Trade Commission estimate)

• Identity Fraud

Costs government agencies billions around the world

Medicare fraud $60 billion per year (US Department of Justice estimates)

• Identity Misuse

Illegal drug trafficking Money laundering Terrorist financing

• Identity Abuse

45% of registered online identities are fake as per industry estimates.

Identity Terrorism Reported and Published Cases


Identity Terrorism








Agenda



• Personal Identification • Identity Protection • Legal Sanction

Fighting Identity Terrorism

Conventional Identity Documents


• Personal Identification • Identity Protection • Legal Sanction

Modern Identity Documents


Conventional Identity Documents

• Identity Protection • Fraud Prevention • Fraud Containment • Document Protection • Legal Protection • Transaction Assurance


Fighting Identity Terrorism Identity, Document & Transaction Management


Fighting Identity Terrorism Modern Identity Management Systems

Provide Identity Protection

Digital Identity Profile

Core Identity parameters

Multiple Biometric data

Digital Certificates



Prevent Identity Abuse • Digital Notarization of

transactions • Time-Stamped transactions

Prevent Identity Fraud • Digital Identity in a Smart

Card • Identity data signed by the

ID Issue • Smart Card as a Secure

Document

Prevent Identity Misuse • Identity verification online,

on demand • Transaction stakeholders

identified online


Smart National ID Card Multiple Security Capabilities


ID Enabled e-Transactions Government, Businesses and Citizens

Modern Identity Management enable remote transactions with complete protection to the three dimensions of Identity Management.


Protection of Transactions using ID Credentials for Trust

Improved trust and ensures compliance to the legal systems in the country.

key to transactional protection








Agenda



Digital Signature Solution Enabled Trust in Transactions

Digital Signature as a Service is embedded in the UAE ID Program as a key component that provides unique signatures for any transaction that needs credential verification and transaction assurance.


Owner's public key

Owner's name

Expiration date of the

public key

Name of the issuer

(Emirates ID Authority)

Serial number of the digital

signature, and

Digital signature of

Emirates ID Authority

Content of Digital Signature

All these are

verifiable.


Digital Signature Solution: System Architecture

provide Digital Identity to individuals in a Smart Card with unique certificates to every individual.


Digital Signature Solution: System Architecture


Digital Signature Solution Public Key Infrastructure Technology

Digital Signature Server components

• User Registration and Life-Cycle Management • Centralised Policy Management • Digitally Signed and Time-Stamped Transaction

Management • Certificate and Card Verification Service • Transaction Verification Service • Time Stamping Service • Audit Logger • Databases: Identity Repository, Transaction Database,

Audit Trails, ID card Hotlist and CRL Database. Digital Signature Client

• Active X & Java based Plug-in • UAE ID Card based Access Control Component • Digital Signing & Time Stamping Component


Electronic Document Security Process

In a very similar, a physical electronic document could be embedded with a Digital Signature that can be verified by authorities at any point in time. This is a flow that shows how a document is affixed with a digital signature and delivered to the intended document receiver


Robust Identity Benefit Realisation








Agenda



Interoperability Standardization

different sides of the same coin!

enabled by

meaningless without

Efficient & Effective eGovernment Services Inter and Intra-Government Interoperability


Digital ID Profiles

Enrolment Process

Interoperable Identity

standards

service delivery systems

enable

access

create

provide

enable

standardization of how Identity is

integrated into different

applications for service access and

privilege management

For enhancing the customer experience, it is also critical that standards be established for data exchange for Identity profiles so that data movement across networks becomes easier enabling Federation in Identity Management.

Government Service Delivery Model … ability to lay down the standards for interoperability


customer experience

standards

establish

(data exchange for Identity profiles)

data movement across networks becomes

easier

Federated Identity

Management

enable

Enhancing Customer Experience … need for standardisation


Interoperability of different devices

Digital ID

Profiles

Packaging of Digital ID Profiles

ID Card integration with the applications

ID Validation mechanisms

Multifactor authentication

Data Exchange mechanism

Delivery of e-Services using National ID Card

eGov Transformation … areas of identity interoperability and standardisation


eGov Transformation … standards that need to be established

Authentication mechanisms for determining ID

Data Exchange

Identity Profile Integration

Usage of ID in Service Delivery








Agenda



Conclusion Final Remarks

• Identity Security is no longer isolated from Homeland Security

• The asymmetric threats related to identity theft and abuse is now a strategic threat.

• Likely to see new forms of identity theft in the increasingly digitised world..

• Modern Identity Management provide higher levels of security and privacy

• Serious and focused international cooperation and collaboration is fundamental to comprehend, safeguard critical infrastructure, cyberspace, and people.


http://www.emiratesid.gov.ae/ar/media-center/publications.aspx

More Information Read our recent research publications

www.id.ae


….

Thank You Dr. Ali M. Al-Khouri

Director General Emirates Identity Authority

United Arab Emirates [email protected]

www.emiratesid.ae

“I know not with what weapons World War III

will be fought, but World War IV will be fought

with sticks and stones.”

Albert Einstein

homeland security

Technology

emirates identity authority

rights reservedp

rights reservedit

rights reserved introduction

term terrorism

bio terrorism biological

remarksagenda introduction

narco terrorism drug