homeland security
DESCRIPTION
TRANSCRIPT
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
P a r t n e r s i n B u i l d i n g U A E ' s S e c u r i t y & E c o n o m y
Homeland Security Exploring the Role of National Identity
Management Infrastructure
Presented by Dr. Ali M. Al-Khouri
In: Homeland Security Summit Middle East 27-28 May 2013 | Abu Dhabi | UAE
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
• Introduction: Definitions
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Homeland Security Wikipedia Definition
.. refers to the broad national effort by all levels of government to protect its territory from hazards, both internal and external, natural and man-made.
Homeland Security, URL=http://en.wikipedia.org/wiki/Homeland_Security
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Homeland Security & Terrorism Terrorism evokes conjectures of images [violence and destruction]
… associated with the term “Terrorism”.. which can be defined as a primarily a psychological tool of “strategic leveraging” and a form of “propaganda by deed,” that can be utilized by both anti-state partisan revolutionary groups and state leaderships.
Hall Gardner Professor of International Politics at
the American University of Paris
“modern day terrorism is conducted not necessarily by physical gore but a concerted psychological warfare ..”
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Homeland Security Forms of Terrorism
Classical Definition 1. Anti-state terrorism disrupt states and undermine governments, black and gray market economies. 2. State-sponsored terrorism disrupt political economies of rival states, attack leaders and supporters of opposition movements. 3. Totalitarian terrorism Fear & control society 4. Street terrorism kidnapping, drug smuggling, contract killing ..
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Homeland Security Forms of Terrorism
Neo Definition 1. Bio Terrorism [biological and chemical warfare] 2. Cyber Terrorism [loss of billions of dollars] 3. Nuclear Terrorism 4. Eco Terrorism [Ecological destruction] 5. Narco Terrorism [drug abuse] 6. ??
assumed newer proportions and
has gone beyond physical
realms into virtual realms
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Homeland Security Emerging Threats
… each form of terrorism use Identity or misuse Identity.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
• Identity Terrorism
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Homeland Security Identity is required for any transaction
Imposters carry out illegal transactions using aliases and fraudulent identities.
Documents are forged
falsifying otherwise legal documents
huge financial transactions that
fund acts of terrorism
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
It takes 130 person-hours to rebuild a digital identity after it has been compromised. . .
Identity Terrorism Identity in the Digital World One of the primary
factors underlying these problems is the lack of security in government-issued identity credentials. For example, Social Security cards have no security features, even though a Social Security number is one of the primary and most frequently used personal identifiers in America.
A 2010 report from the U.S. Department of Justice
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Identity Theft Almost 9 million people have their
identities stolen every year (US Federal Trade Commission estimate)
• Identity Fraud
Costs government agencies billions around the world
Medicare fraud $60 billion per year (US Department of Justice estimates)
• Identity Misuse
Illegal drug trafficking Money laundering Terrorist financing
• Identity Abuse
45% of registered online identities are fake as per industry estimates.
Identity Terrorism Reported and Published Cases
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Identity Terrorism
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Identity Terrorism
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
• Modern Identity Management Systems
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Personal Identification • Identity Protection • Legal Sanction
Fighting Identity Terrorism
Conventional Identity Documents
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Personal Identification • Identity Protection • Legal Sanction
Modern Identity Documents
Fighting Identity Terrorism
Conventional Identity Documents
• Identity Protection • Fraud Prevention • Fraud Containment • Document Protection • Legal Protection • Transaction Assurance
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Fighting Identity Terrorism Identity, Document & Transaction Management
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Fighting Identity Terrorism Modern Identity Management Systems
Provide Identity Protection
Digital Identity Profile
Core Identity parameters
Multiple Biometric data
Digital Certificates
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Fighting Identity Terrorism
Prevent Identity Abuse • Digital Notarization of
transactions • Time-Stamped transactions
Prevent Identity Fraud • Digital Identity in a Smart
Card • Identity data signed by the
ID Issue • Smart Card as a Secure
Document
Prevent Identity Misuse • Identity verification online,
on demand • Transaction stakeholders
identified online
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Smart National ID Card Multiple Security Capabilities
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
ID Enabled e-Transactions Government, Businesses and Citizens
Modern Identity Management enable remote transactions with complete protection to the three dimensions of Identity Management.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Protection of Transactions using ID Credentials for Trust
Improved trust and ensures compliance to the legal systems in the country.
key to transactional protection
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
• Digital Signature and Trust
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Signature Solution Enabled Trust in Transactions
Digital Signature as a Service is embedded in the UAE ID Program as a key component that provides unique signatures for any transaction that needs credential verification and transaction assurance.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Owner's public key
Owner's name
Expiration date of the
public key
Name of the issuer
(Emirates ID Authority)
Serial number of the digital
signature, and
Digital signature of
Emirates ID Authority
Content of Digital Signature
All these are
verifiable.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Signature Solution: System Architecture
provide Digital Identity to individuals in a Smart Card with unique certificates to every individual.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Signature Solution: System Architecture
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Signature Solution: System Architecture
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital Signature Solution Public Key Infrastructure Technology
Digital Signature Server components
• User Registration and Life-Cycle Management • Centralised Policy Management • Digitally Signed and Time-Stamped Transaction
Management • Certificate and Card Verification Service • Transaction Verification Service • Time Stamping Service • Audit Logger • Databases: Identity Repository, Transaction Database,
Audit Trails, ID card Hotlist and CRL Database. Digital Signature Client
• Active X & Java based Plug-in • UAE ID Card based Access Control Component • Digital Signing & Time Stamping Component
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Electronic Document Security Process
In a very similar, a physical electronic document could be embedded with a Digital Signature that can be verified by authorities at any point in time. This is a flow that shows how a document is affixed with a digital signature and delivered to the intended document receiver
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Robust Identity Benefit Realisation
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
• Interoperability and Standardisation
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Interoperability Standardization
different sides of the same coin!
enabled by
meaningless without
Efficient & Effective eGovernment Services Inter and Intra-Government Interoperability
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Digital ID Profiles
Enrolment Process
Interoperable Identity
standards
service delivery systems
enable
access
create
provide
enable
standardization of how Identity is
integrated into different
applications for service access and
privilege management
For enhancing the customer experience, it is also critical that standards be established for data exchange for Identity profiles so that data movement across networks becomes easier enabling Federation in Identity Management.
Government Service Delivery Model … ability to lay down the standards for interoperability
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
customer experience
standards
establish
(data exchange for Identity profiles)
data movement across networks becomes
easier
Federated Identity
Management
enable
Enhancing Customer Experience … need for standardisation
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Interoperability of different devices
Digital ID
Profiles
Packaging of Digital ID Profiles
ID Card integration with the applications
ID Validation mechanisms
Multifactor authentication
Data Exchange mechanism
Delivery of e-Services using National ID Card
eGov Transformation … areas of identity interoperability and standardisation
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
eGov Transformation … standards that need to be established
Authentication mechanisms for determining ID
Data Exchange
Identity Profile Integration
Usage of ID in Service Delivery
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
• Introduction: Definitions
• Identity Terrorism
• Modern Identity Management Systems
• Digital Signature and Trust
• Interoperability and Standardisation
• Concluding Remarks
Agenda
• Concluding Remarks
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
Conclusion Final Remarks
• Identity Security is no longer isolated from Homeland Security
• The asymmetric threats related to identity theft and abuse is now a strategic threat.
• Likely to see new forms of identity theft in the increasingly digitised world..
• Modern Identity Management provide higher levels of security and privacy
• Serious and focused international cooperation and collaboration is fundamental to comprehend, safeguard critical infrastructure, cyberspace, and people.
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
http://www.emiratesid.gov.ae/ar/media-center/publications.aspx
More Information Read our recent research publications
www.id.ae
www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
….
Thank You Dr. Ali M. Al-Khouri
Director General Emirates Identity Authority
United Arab Emirates [email protected]
www.emiratesid.ae
“I know not with what weapons World War III
will be fought, but World War IV will be fought
with sticks and stones.”
Albert Einstein