1 how to secure e-government? tai m. chung internet management technology lab. sungkyunkwan...
Post on 29-Jan-2016
212 Views
Preview:
TRANSCRIPT
1
How to Secure e-Government?
Tai M. Chung
Internet Management Technology Lab.Sungkyunkwan University
tmchung@ece.skku.ac.kr
This material shows the speaker’s personal opinion and may not be agreed by the Korean e-Government Presidential
Committee
2
Contents
Introduction
Korean e-Government & Security
How to Implement Secure e-Government?
Conclusione-gov.………
………
3
전자정부사업의추진배경Introduction
4
ARPANETStarts
E-mailServi
ce
NSFNETReplace
dGopher, Wais Starts
InterNIC Founded
19819855
19919911
19921992
19821982
19919933
19691969
2005 InternetSubscribers : 1
billion
Future EvolutionMobile, IPv6,
Grid
19719722
TCP/IP Applied
20032003
Convergence
19919988
Broadband in Korea KRNIC founded
20020000
xDSL Deployed in Korea
Evolution of Networks
E-government
E-learning E-commerce
E-banking
E-community
E-defence
Application Areas
WWW introduced
5
Home Network
InternetInternet Large Scale Data
High-PerformanceComputing Resource
User Subscribed Networks: xDSL(High Performance Multimedia Communication)
Mobile Data CommunicationNetwork
Current Evolution of IT Environment
Ubiquitous N
etwork w
ith
IPv6
World-Wide Inter NetworkingINTERNET(1990s~)
6
Government Portal
Civil PetitionCenter
Local Petition Office
Agency Web Sites
Information and Service
Opinion/petition
Public
Mobile
Internet
Fax, Mail, Telephone
Visiting
…
Agency 1
Agency 2
Agency 3
Agency N
Provide various information and
integrated services
Collective Resolution
Integrated Processing
platform
Knowledge Sharing
Link between Agencies
『 World’s Foremost Open E-Government
Innovate Service Delivery mechnisms Enhance efficiency and transparency of
public sector Realize sovereignty of the people
The Vision of Korean E-Government
Network based Government
Knowledge based Government
Participatory Government
Petition through fax, e-mail,
Internet, etc.
7
In the future
Computerization(78’-82’,83’-86)
Building Infrastructure (87’-91’, 92’-96')
1st Informatization(96’. 6.)
Cyber Korea 21 (99’-01’)
3rd Informatization(02’-06’)
Computerization
Informatization e-governmentization
“Beyond e-Government” (2002.5) 11 focused e-gov projects
(2002)
Special Committee for e-gov(2001.2)
Law for informatization (1995.8)
“e-Government” “u-Government”
Law for Infra. Deployment(1986.5)Basic Planning Law
( ’78)
Organize CommitteeFor informatization( ’96) Popularization( ’95 ~ )
Computerize simple regulatory process
Utilize the electronic information for the real administrative tasks
Structural change & process reengineering using IT
“Computerization” “Informatization”
•Paper documents -> electronic information
•Automatic processing
•Administration, Finance, Defense, Education, etc..Computerize administrative process & network infrastructure
• Implement selected projects
• Envision future environments
• Add service flexibility and
speed
Various Institutions (2002 년 상반기 )
Simplify the process to prepare rapidly increasing service demands
Consistantly providing efficient and reliable service to customers
Porting the services from government (public sector) to private sector
National Broadband project(1995-1997, 1998-2000) E-gov Roadmap announcement (2003.8)
History of National e-Government Development
8
The stages of e-Government Development
Consolidate internal administrative process and common platform
Selective reform of public service delivery
Phase 1 [Building Foundation)
Phase 1 [2005]
Provision of
limited information
Periodic update
of information
Electronic forms
Level 2Development
Level 3Interoperation
Level 1Initiation
Online processing
of civil service
E-payment of
Taxes and fees
Level 4E-Commerce
Improve administrative internal process through information
Promote integrated public service
Phase 2 [Enhancing Services]
Phase 2 (2007)
Seamless cross-agency Online
service
Converged service between public and private sector
Level 5Integrated
Administration
9
Readiness
- Service that everyone can use : Whoever
Convenience
Reliability
- Service that is always usable : Whenever
Security
- Service that is secured - make private information in secure
- easy services to use: Whenever, wherever
Requirements for good e-gov services
10
Reported Hacking Events
Hacking reported in Korea
2001
2002
2003
2000
2004
2005.9
5000
10000
15000
20000
25000
30000
events
yr도
1,1,994433
5,5,333333
1515,1,19292
226,6,117799
229,9,110099
229,9,669922
15,1921,435112,34682,0942002
26,1793,4381,086,249137,5292003
5,3332,85340,27452,6582001
1,9432,2324,78321,7562000
5727881,7129,8531999
KoreaJapanEnglandU.S.A.year
2001
2002
2003
2000
2004
2005.9
20000
40000
60000
80000
100000
events
yr
Viruses reported in Korea
550,0,112244
665,5,003333
338,8,667777
885,5,002233
11007,7,999944
113,3,116644 Hacking reported worldwide
Source : certcc korea
Japan
8.88%
others
20.8%
U.S.A.
30.56%
China
22.41%
Taiwan
12.95%
2005.9 Attempts to systems from abroad
11
Recent Cyber-Attacks Announced
Original
Febrica
ted
Phishing Internet Banking Fraud – 2005/5/10
Possible Petition Document Fabrication noticed 2005/09/27
Internet Worm Accident Slammer Worm – 2003/1/25 Blaster Worm - 2003/7/17
12
A case of Phishing Phising = Private data + fishing
Involve Fabricated URL
The email comes with various attributes of the legitimate bank
The phish site indeed looks like a simple ligitimate survey,except the demand for user ID or a debit card number
Fabricated E-mail
Fabricated Web site
Card Number
13
Attacking Objects are Generalized
– From special target like internet banking to everything
– Information systems are all related the offline
systems in life Homepage fabrication
Service denial
Internet banking
Attacking special target
Every system networked to information systems
14
Increased efficiency : zeroday attack
Date of announcement
100
2000.10.17 2002.7.24 2003.7.16 2004.4.14 2005.8.15
200
300
timeNimda:
336 days
Slammer: 183days
Blaster :26 days
Sasser18 days
Zobot5 days
zotob worm, took 5 days from the vulnerability
announcement(2005.8.15)Zeroday attack realized
Zeroday attack realized
Source : TrendMicre
15
Need for e-Gov Security
Information Sharing
Networking
G2G
G2B
Gov & Inustry
Outsourcing
Gov. Support
G2C
E-Petition Service
Public Opinion
Public welfare
Attacking Enterprise Information
Attacking Critical Infrastructure
Threats to Shared Information
Attacking Privacy
Attacking Multiple Targets
Targets networked
16
전자정부사업의추진배경
How to Implement Security
17
Security Measures for e-Government
Management
Access ControlTask BalanceHuman Resource
Lawa & Regulations Education
Technology
Access Control Authentication Encryption
Integrity
Non-repudiation
Research & Development
Ubiquitous Government
Physical Security
Backup & EREscot Service Gate Control
National Collaboration
18
Integration Computing facilities
Infrastructure Automation
humidity Sensing Power Sensing Temperature Sensing
Facility Monitoring
User Request Automation
Call Management Auto-Distribution Auto-Answer
Call Center
< Integrated Monitoring >
System Management System (SMS)
Job Management fault Management Backup Management Capability Management Configuration Management
System
Network Management System (NMS)
fault management Performance Management Configuration Management
Network
Desktop Management System (DMS)
Software Distribution Management Remote Control Resource Management
Client
ESM
Access Management Authentication Violation Check Intrusion Detection System / Firewall
Security Monitoring
• Common Business• Intra structure
• Call Center Operation
• Storage Integration
• Power• N/W
CommonSupport
Common Backup
Base Institution Establishment
Institution Support
Operation Support
• 24x365• Backup Service
Integrated Computing
• Co-Location• Integrated
Monitor
19
Solutions for e-Govenrment Security
ESM
VPN
Virus
Chec
k
Vulnerability Test
IDS Firewa
ll
E-mail Security
File Security
Authentication
EncryptionSystem Backup
Intrusion Tracking
20
Managing Security Solutions : ESM
VVPPNN
firfire-e-wwalalllII
DDSS
NNMMSS
DATABASE
MANAGED NODE(SERVER)
SERVICE CENTER
MANAGEMENT CONSOLE MANAGEMENT CONSOLE
MANAGED NODES(Client)
SERVICE CENTER
MANAGED NODES(Client)
CORE SERVER
Hard Work Behind
Simple & Easy
21
Solutions for Content Security - DRM
DRMClien
t
DRMClien
t
Enterprise ApplicationsEDMS, KMS, E-mail, …
Encrypted (Packaged)
DocEncrypted
Doc
Original Doc
USER A USER B
Packaging Server
Directory Interface
Policy Manager
Usage Tracing Server
Licensing Manager
Directory Server
DRM SERVER
Usa
ge
Data
Control Flow
Doc Flow
… DRM Module
22
Authorized Internal User A
External User
Administrator
Unauthorized Internal User B
Outflow
Illegal external user can’t open any documents
Manages security policy, user’s authority and monitors a robust audit trail using web-based management tool
Unauthorized internal user B has no authority to open document
User B is blocked from approaching to DMS System
Document Management System with Document Safer ServerUpload original file
Download encrypt file
All documents are automatically encrypted according to user’s authority when user requests a document from DMS Server
How it works How it works
23
전자정부사업의추진배경Conclusion
24
Process for Perfect Security
SecurityBack-up
Back-up
Back-up
1. Apply security solutions and management2. Checking the correctness of the information3. Covered by Insurance
Service
Service
25
Services to be Protected
e-gove-gov
e-educatione-educatione-commercee-commerce
e-financee-finance
e-communitye-community
e-e-nationnation
al al defensdefens
ee
Circulation & Management of
Secure Document Implementation of
Encryption System
Secure e-petition &e-commerce
Development of Social
atmosphere
Secure World
26
Questions & Answers
top related