A Model certificate authority for Sri Lanka

Abstract

Beginning with the widespread availability of Internet technologies, especially the World Wide Web, the trend has been for organizations to shift their operations online. There are many factors promoting this trend and the main ones among them are global reach, cost savings, and new business opportunities that organizations can achieve by operating in an online model. When moving from long established operating procedures and principles in the brick-and-mortar world, to the cyberspace, organizations are faced with a multitude of new requirements, which arc taken for granted in the conventional business model. Some of the principle requirements are in the domain of identity and trust, two concepts that are closely related, as the notion of trust is reposed in an identified entity./ An entirely new layer of online support infrastructure has been developed to provide services in the area of identity and trust. This technical service layer is supported in the real world activities by legislative and judicial mechanisms. In Sri Lanka, the main legislative support structures for online activities have been the Electronics Transaction Act No 19, 2006 of Sri Lanka and the Computer Crimes Act No 24. 2007 of Sri Lanka. The first act provides for a legal framework in which transactions can be conducted on the cyberspace with methods and procedures for establishing validity and enforcing compliance with agreements. The second act provides for a protective barrier against online acts that are of criminal nature and is intended to enhance the prospects of adaptation, of online activities, in every sphere of activity in Sri Lanka./ The main set of technologies that are used in providing identity and trust services, in the online world is based on digital certificates and its management is done through a certification authority (CA). The focus of the research work presented in the dissertation is to analyze the use of digital certificates to provide identity authentication services and study models for implementing a secure and efficient CA for Sri Lanka that is scalable in its user base and extensible in service offerings. The dissertation presents the outcome of a case study in implementing a CA as a pilot project and evaluates different cryptographic technologies, security protocols, and policies that can be used for efficient operation of a CA.