6. 6
ICT Indicators for Thailand on the world stage
The big problem Thailand's ICT development in all the
indexes. The availability of infrastructure, information
Which are still inadequate and not evenly spread. To
the development and utilization of ICT to the amount
of knowledge. Business development services of
government. Can not be effective.
7. 7
Overview of the Thailand telecommunication
Compare the proportion of people with fixed line phones
Unit: per 100 people
Source : IMD World Competitive Year Book 2007
8. 8
Overview of the Thailand telecommunication
High-speed Internet
Year 2550, Thailand has Penetration Rate 2.1%, while in Malaysia.
Year 2549 , Thailand ha Penetration Rate 4.6% , in 2553 Malaysia the targets go to 7%.
9. 9
Broadband Internet use trends of world, regional, and Thailand
Structure of Broadband Internet in the world
Growth -10.6 %
Growth 73.9 %
Source: Gartner (November 2008)
10. 10
Broadband Internet use trends of world, regional, and Thailand
Number of broadband and Narrowband in Thailand
ที่มา: Gartner (November 2008)
11. 11
Broadband Internet use trends of world, regional, and Thailand
Structure of Broadband Internet in Asia Pacific
Growth -4.3 %
Growth 31.6 %
source: Gartner (November 2008)
14. 14
Vision of the Thailand master plan for ICT.
Thailand is a rich intellectual society.
(Smart Thailand) with ICT
Rich social intelligence "here means. Social development and use of information technology and
communication wise. Using the guidelines of the sufficiency economy philosophy. People have all levels
of intelligence (Smart People) and knowledge of information (Information Literacy) to access and use of
information as a critical moral and ethical literacy. Benefits to themselves and society. The management of
information technology And communication with Governance (Smart Governance) to support the
development to Economic and social base of knowledge and innovation, sustainable and stable
15. 15
Vision - Mission - Objectives
Objectives
Mission
1. To improve the quantity and
1. To develop manpower in capability of manpower.
Vision 2. A Governance and
quality and sufficient .
“SMART” management of ICT
Thailand 2. To Develop ICT Governance in the national
broadband infrastructure. 3. To support the restructuring of
production towards value-
3. To ICT management added products and services.
system with Governance 4. to make strength the
Governance. community and individuals.
5. A business and industrial
potential of ICT.
16. Targets
16
At least 50% of people have access to knowledge and use
of ICT is critical, and literacy.
Enhance the availability of ICT in the Networked Readiness
Index in the Top quartile (25%).
Proportion of industrial value-added ICT.
The GDP of not less than 15%.
17. 17
Development strategy
SMART
Thailand
Use ICT to support the Governance and Use ICT to enhance the sustainable
governance in the management of public competitiveness. 6
services. 4 (Strategic Sectors, SMEs)
Hardware Software Communication
3
ICT Infrastructure development. Capacity of the ICT industry.
5
2 Management of ICT with good governance
(Institutional arrangement, Rules and Regulation, Financing, …)
1 Manpower Development. People)
(ICT Professionals and “Information-Literate”
18. 18
SMART Thailand 2020
Stronger Economy Social Equality Environmental
Friendly
Smart Environment
Smart Agriculture Smart Health
(ICT for Green &
Smart Services Smart Learning Green ICT)
Smart Government
ICT Human Resources and
ICT Infrastructure ICT Industry
ICT Competent Workforce
ICT 2020 Framework
19. 19
ICT2020: Key Success Factors
ICT2020:
Smart
Thailand
2020
The government must communicate a clear
public. ICT / Broadband as a National agenda.
Must provide the structure of the implementation status and supervise
the ICT Agenda driven a clear and practical to drive must come from
top management.
20. 20
Leadership and Governance Structure
Improve the composition and structure of authority of the NITC and the need
to follow-up meeting at least once a quarter.
The agency of the Ministry of ICT has served as the Executive Office of Public
Information (Government Chief Information Office: GCIO) is a central agency
to coordinate and drive the country's ICT agenda, preparation of policy and
master plan. Evaluation. Should have the flexibility to work
To agencies responsible for the strategic focus following.
– National Cyber Security Agency
– Government Information Technology Services
21. 21
Leadership and Governance Structure
To the mechanism of linkages of the NITC and other national committee.
The responsibilities related to some dimensions of ICT development such as
– Electronic Transaction Committee
– Commission created the National Economic Policy.
– Board of Governor of the National Telecommunications and new series
will follow the law.
23. 23
Thailand e-Government Development Beneath the Iceberg
e-
Political will Civil Servant
And support Attitudes
HRD CIO/CEO - CIO Training
- Ministry of ICT National Operation - CIO Forum
- National ICT Committee Program
Center - CIO Conference
- e-Commerce
Computer and
Resource Center
Network e-Commerce
Information - G to C
Infrastructure Infrastructure - G to B
Infrastructure
- Government IT Services - e-Procurement
- Government Information Network Security & Rules & Regulations - e-Tax
- Gov Data Infrastructure - e-Citizen
- SchoolNet Policy Legal Infrastructure
- Gov News Exchange - PKI - e-Marketplaces
- Gov Data Exchange - ThaiCERT
Information - Gov Interoperability Standard - Computer Crime Law - Electronic Transactions Act
- Government CA Service - Data Protection Law
in every
- NII Law, EFT Law
organization
27. 27
Development of Thailand e-government
e-
Ministry of ICT. To plan the direction of development of e-Government
Year 2548-2551 (e-Government Roadmap), which set important plans in
the development of management systems. And services sector of the
country. To a concrete result.
Infrastructure : Infrastructure development, information technology and communications.
Services : Development of public services through electronic systems.
Regulation : To improve law and regulations.
28. 28
E-gov Roadmap
Phase 1 by the year 2553.
C-Government targets or Connected Government that links
Milestones of the between government agencies in providing e-Services.
Ministry of Information and
Communication Technology is Phase 2-3 by the year 2554-55.
The m-Government Mobile Government or the links
committed to transform the
between government agencies through mobile phones and
administrative process. And other mobile computing devices. In providing e-Services.
government services through
modern technology. To facilitate the Phase 4 by the year 2556
A u-Government Ubiquitous Government or the links
public. Efficiently Quickly and between government agencies. Through multiple channels.
thoroughly. In providing e-Services at any time and any time a service
E-Government. is 24x7.
(e-Government) is considered as a Phase 4 by the year 2557
change management system, The T-Government Transformed Government or the
government system and public government or through conversion of the definition of the
United Nations. The government closer to people from all
service. Government policy that
sectors. A link between government agencies. Through
secures the needs of the people at multiple channels. In providing e-Services at any time and
the center (Citizen Centric). any time a service is 24x7.
31. 31
Agenda
Why Do We Need PKI?
Cryptography Technology
Public Key Infrastructure (PKI)
Certification Authority (CA) & Certificates
Use of Certificates
Trust Model
– Hierarchy
– Cross Certification
– Bridge CA
– Cross Recognition
– Certificate Trust List
32. 32
Why Do We Need PKI?
Data Disclose
Hello Alice Hello Alice
Internet
Hello Alice
Sender Receiver
Intruder / Hacker
Confidentiality
33. 33
Why Do We Need PKI? (2)
(2
Data Alteration
I love you I hate you
Internet
I hate you
love
Sender Intruder / Hacker Receiver
Integrity
34. 34
Why Do We Need PKI? (3)
(3
Identity in the Cyber World :
Authenticity Non-Repudiation
from: Bob@hotmail.com
Bob@hotmail.com
Alice@thaimail.com
from: Bob@hotmail.com
John@yahoo.com
35. 35
Why Do We Need PKI?(4)
PKI?(4
4 functions are provided by PKI
Confidentiality
Ensure that nobody can get knowledge of what you transfer.
Integrity
Ensure that message has not been modified during transmission.
Authentication
You can verify the person you think you’re talking to.
Non-repudiation
Sender cannot be denied being associated with it.
36. 36
Cryptography Technology
Symmetric Key
Use the same key for encryption and decryption
Encryption Decryption
Buy 500 items + = $%c@!f4)e_&7# $%c@!f4)e_&7# + = Buy 500 items
The same key (Pre-shared secret)
Advantages: Disadvantages:
Faster than Asymmetric Key Key Management
Use for encryption Difficulty of secure key
distribution
37. 37
Cryptography Technology (2)
(2
Asymmetric Key
Use different keys for encryption and decryption
Encryption Decryption
Buy 500 items + = $%c@!f4)e_&7# $%c@!f4)e_&7# + = Buy 500 items
Different Keys
(Key Pair : Private Key & Public Key)
Advantages: Disadvantages:
Systematic Key Management Slower than Symmetric Key
Use for encryption,
authenticity, integrity and
non-repudiation
38. 38
Cryptography Technology (3)
(3
Asymmetric Key
Private Key
Kept secret.
Know only to the owner.
Public Key
Stored in a location that is accessible by
everyone.
Don’t keep secret.
39. 39
Cryptography Technology (4)
(4
Asymmetric Key Usage
Encryption
Ensure the data will be kept secret.
Confidentiality
Digital Signing
Authorize sender and ensure Data Integrity.
Integrity
Authentication
Non-repudiation
40. 40
Public Key Infrastructure (PKI)
What is PKI?
Public Key Infrastructure (PKI) is a system of
digital certificates, Certification Authorities
(CA), and other registration authorities that
verify and authenticate the validity of each
party involved in an internet transaction.
41. 41
Public Key Infrastructure (PKI) (2)
(2
PKI Components
Certification Authority
(CA)
Repository
Registration
Authority (RA)
End Entity
(EE)
42. 42
Certification Authority
Certification Authority (CA): CA issues digital
certificates for proving their identities.
CA
Mr. A
Certification Authority
Web Server C
Digital
Mrs. B Digital
Certificate
Certificate
Digital
Certificate
Secure Transaction Secure Transaction
Mr. A Mrs. B Web Server C
43. 43
What is Certificate?
Digital Certificate
An object used to bind the
identity of end entity to its
- End Entity Information
public key.
- End Entity’s Public key
Contains attributes about - Certificate Information
the end entity. - CA’s Digital Signature
Issued and digitally signed
by Certification Authority
(CA).
45. 45
Certificates
Example of Certificate Types
Personal Certificate
Organizational Certificate
VPN Certificate
SSL Certificate
Code Signing Certificate
etc.
46. 46
Certificates
Certificate Life Cycle Management
- key archival
Creation
- key recovery
- link public key to certificate
- used to identify EE
Expiration Registration
- certificate expired - register to RA
- certificate revoked (publish CRL) - verification: information of EE
- certificate issuance: by CA
Distribution
- transmitted by owner
- stored in repository for later retrieval
47. 47
Uses of Certificate
General Uses of Certificate
Secure e-mail (S/MIME)
Secure Document
Secure Socket Layer (SSL)
Time Stamp service
etc.
Specific Uses of Certificate
e-Tax
e-Procurement
e-Invoice
etc.
48. 48
Uses of Certificate (2)
(2
Example of PKI Applications
S/MIME
Microsoft Office Outlook
Mozilla Thunderbird
SSL
Microsoft Internet Explorer
Mozilla Firefox
Secure Document
Microsoft Office
OpenOffice.org
49. 49
Trust Model
Hierarchy
Cross-Certification
Cross-
Bridge CA
Cross-Recognition
Cross-
Certificate Trust List
50. 50
Trust Model
Hierarchy
Root CA Root CA
Intermediate CA
End Entity Certificates
CA1 CA2
CA 1.1 CA 1.2 CA 2.1 CA 2.2 The simplest approach to a PKI
framework is to have a single root
CA. Root CA holds all certificates;
all users refer to and trust it for all
transactions. Also intermediate CAs
are trusted because the root CA,
which certifies it, is trusted.
51. 51
Trust Model
Hierarchy (2) - Analysis
(2
Advantages Disadvantages
• Simply validation - Certificates can be traced • If the root CA is compromised, the entire
back through the hierarchy for validation system is affected
• Low costs due to simplicity of system • The system is not well-suited to complex
• Usually high interoperability, if standards deployments such as international trade
are followed • A high degree of consensus is needed at
• Uniformity – the root CA specifies policies design time
which bind all elements of the system – but • Acceptance of single authority by all users is
centralized policies are not well-suited to necessary, and may be difficult to achieve
national or multi-national deployment (particularly in international contexts)
• The technical and administrative workload
of the CA is enormous for large deployment
Reference: Galexia
52. 52
Trust Model
Cross-
Cross-Certification
Cross-Certify Root CA
CA 1 CA 2 Intermediate CA
End Entity Certificates
CA 1.1 CA 1.2
EE2
Cross-Certification (CC) model is
one of the several models, which
EE1.1 EE1.2 a CA issues a cross-certificate for
another CA in order to initiate
trust to each other. So, Users can
verify unknown CA by cross
certify.
53. 53
Trust Model
Cross-
Cross-Certification : Full Mesh
CA
CA CA
CA CA
CA
CA CA
CA CA
CA
CA
CA CA CA
CA CA
Every CAs need to be cross-certified by all other CAs in the network.
Number of cross-certificates = n x (n-1); n = number of CAs
55. 55
Trust Model
Cross-
Cross-Certification (3)
(3
CA1 CA2
Subject: CA2 Subject: CA1
Issuer: CA1 Issuer: CA2
Certification Path: Certification Path:
- CA1’s user receives a message from - CA2’s user receives a message from
CA2’s user. CA1’s user.
cross-certificate CA2 cross-certificate
CA1
CA2 by CA1 CA1 by CA2
EE2 CA 1.1
EE1.1
56. 56
Trust Model
Cross-
Cross-Certification (4)
(4
Advantages Disadvantages
• No central authority means no critical point • In case of many CAs are in domain, cross-
of failure certification can be expensive, and must be
• No need for universal consensus; only performed multiple times by each CA
between CAs as needed to form trust • Poor scalability in a Full Mesh – each new
relationships CA must be compatible with CAs already in
• High interoperability – but only if this the network
already exist at the time of cross-certifying • Multiple points for validation process to fail
(in a Partial Mesh)
Reference: Galexia
57. 57
Trust Model
Bridge CA
Bridge CA
Bridge CA Root CA
Intermediate CA
Cross-Certify Cross-Certify End Entity Certificates
CA 1 CA 2
This model are combines
CA 1.1 CA 1.2 aspects of both the hierarchy
model and the cross-
EE2
certification model. It reduces
number of cross-certificates
by requiring only one pair of
EE1.1 EE1.2 cross-certifications for each
CA.
58. 58
Trust Model
Bridge CA (2)
(2
Cross-Certify Cross-Certify
Root CA Bridge CA Root CA
CA CA CA CA
Cross-Certify
Root CA
CA CA
number of cross-certificates = n x 2; n = number of CAs
59. 59
Trust Model
Bridge CA (3)
(3
CA1 Bridge CA CA2
Subject: CA1
Issuer: Bridge CA
Subject: Bridge CA Subject: Bridge CA
Subject: CA2
Issuer: CA1 Issuer: CA2
Issuer: Bridge CA
Certification Path: Certification Path:
- CA1’s user receives a message from - CA2’s user receives a message from
CA2’s user. CA1’s user.
CA1 CA2
Bridge CA by CA1 Bridge CA by CA2 cross-
cross-
certificate CA 1 by Bridge CA certificate
CA 2 by Bridge CA
EE2 CA 1.1
EE 1.1
60. 60
Trust Model
Bridge CA (4)
Advantages Disadvantages
• Scalability – new CAs need only cross-certify • The validation fails if the bridge CA is
with the bridging CA compromised (although individual CAs can
• Interoperability – CAs cross-certify continue to operate on their own)
individually with bridging CA • All parties involved must recognize the
validity of the bridging CA
• High workload on the bridging CA as system
grows
Reference: Galexia
61. 61
Trust Model
Cross-
Cross-Recognition
Root CA
CA 1 CA 2 Intermediate CA
End Entity Certificates
CA 1.1 CA 1.2
EE2 Cross-recognition model (CR) is
Cross-recognize
different from cross-certification
models because it is recognition
between users and CAs instead of
EE1.1 EE1.2 recognition between CAs. So, the
decision whether or not to trust a CA
ultimately falls to the user.
62. 62
Trust Model
Cross-
Cross-Recognition (2)
(2
CA1 CA2
Install CA2’s Certificate Install CA1’s Certificate
EE1.1 EE2
Certification Path: Certification Path:
- CA1’s user receives a message from - CA2’s user receives a message from
CA2’s user. CA1’s user.
CA2 CA1
EE2 CA 1.1
EE 1.1
63. 63
Trust Model
Cross-
Cross-Recognition (3)
Advantages Disadvantages
• Only the certificates of the breached CA are • the decision whether or not to trust a CA
affected ultimately falls to the user
• Largely remove the need for technical • users must be better-informed than in other
compatibility between CAs, only at the models because the decision to trust the
application level (e.g. a user’s software must certificate rests with them and not their CA
be able to process the information in a
given certificate)
• Allows entirely distinct CAs into
interoperation easier
Reference: Galexia
64. 64
Trust Model
Certificate Trust List
Publishing Authority Root CA
Intermediate CA
CTL Signing Entity Certificates
Digitally sign
CA1
CA2
CA3
The Certificate Trust List (CTL) is a list of
… CAs’ certificates from a trusted authority.
The list itself is digitally signed to ensure
its integrity and accuracy.
CA 1.1 CA 1.2
EE1.1 EE1.2 EE2
65. 65
Trust Model
Certificate Trust List (2)
CA1 Publishing Authority CA2
Install Certificate Trust List Install Certificate Trust List
EE1.1 EE2
Certification Path: Certification Path:
- CA1’s user receives a message from - CA2’s user receives a message from
CA2’s user. CA1’s user.
Publishing Authority Publishing Authority
CTL Signing Entity CTL Signing Entity
Certificate Trust List Certificate Trust List
CA1 CA2
CA1.1 EE2
EE1.1
66. 66
Trust Model
Certificate Trust List (3)
Advantages Disadvantages
• High scalability • The single publisher of the trust list must be
• Generally low costs (but this can increase, recognized by all parties
depending on the implementation) • Potential difficulties in distributing up-to-
date versions of the trust list
• Single point of failure (the trust list and/or
trust list authority) although individual CAs
would continue to function
Reference: Galexia
69. 69
Mission
The Office of U.S. Foreign Disaster Assistance (OFDA) is
the office within USAID responsible for facilitating and coordinating
U.S. Government emergency assistance overseas. As part of
USAID's Bureau for Democracy, Conflict, and Humanitarian
Assistance (DCHA), OFDA provides humanitarian assistance to save
lives, alleviate human suffering, and reduce the social and
economic impact of humanitarian emergencies worldwide.
70. 70
Role and Responsibility
OFDA responds to all types of natural disasters, including earthquakes,
volcanic eruptions, cyclones, floods, droughts, fires, pest infestations, and
disease outbreaks. OFDA also provides assistance when lives or livelihoods
are threatened by catastrophes such as civil conflict, acts of terrorism, or
industrial accidents. In addition to emergency assistance.
OFDA funds mitigation activities to reduce the impact of recurrent natural
hazards and provides training to build local capacity for disaster
management and response.
72. 72
Early warning System
1. Establishment of Standard Operating Procedure (SOP)
2. Receiving data from inter-and international agencies
3. Data Analysis
4. Dissemination of warning message
5. Planning, coordinating, monitoring and evaluating the warning,
response and mitigation process with provincial governments
and Department of Disaster Prevention and Mitigation in
emergency response and mitigation, and evacuation drills
Reference:
National Disaster Warning Center Thailand
73. 73
Sea Level Change Meansurement
Proposed
Deploy at 9’N 89’E in late 2006
Deploy at 4’N 90’E in early 2006
Reference:
National Disaster Warning Center Thailand
76. 76
Challenges
There are many actors in disaster management system in Thailand.
It is a big challenge to give an equal or suitable role to all
As Thailand is “not much” a disaster prone country, to make the
disaster risk reduction on top of the National Agenda is not an easy
job
The challenge will be on the shoulder of DDPM, as the National
Focal Point in Disaster Management, to start the process of linking
national mechanism with the AADMER
Reference:
ASEAN DEFENCE ESTABLISHMENTS AND CIVIL SOCIETY ORGANISATIONS (CSOs)
COOPERATION ON NON-TRADITIONAL SECURITY ( Disaster Management )
77. 77
The Road Ahead
Establishment of a national committee (or sub-committee under the
National DPM Committee, that would be directly responsible for the
Implementation of the Agreement
Formulation of National SOPs (Request and Offer Assistance)
Establishment of SAR team, ERAT relief teams that has the
international capacity
Make the AADMER more widely known to other agencies/organizations
and have more engagements from them
Reference:
Others ASEAN DEFENCE ESTABLISHMENTS AND CIVIL SOCIETY ORGANISATIONS (CSOs)
COOPERATION ON NON-TRADITIONAL SECURITY ( Disaster Management )
78. 78
UN role
Define the proper scale of the problem and solution.
The system must be:
– Fully owned by the Indian Ocean Rim countries
– Based on international multilateral cooperation
– Based on the open and free exchange of data
– Protect all countries in the Indian Ocean Basin
– Transparent and accountable to all members
Reference:
Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.
78
79. 79
How does it function?
Is based on the joint operation of international networks of
detection connected with national tsunami warning centres
UN governance provided under the IOC
Each nation is responsible for issuing warnings in their
territory and protect its own population.
National centres must have strong links with emergency
preparedness authorities (national, provincial and local)
Reference:
Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.
79
80. 80
Where are we now?
A single system being planned
All countries of the Indian Ocean participate
Tsunami advisory information provided from centres in Hawaii and Tokyo.
National focal points designated in 14 nations
Governance of UN/IOC accepted in Paris
Full scope of the task recognized: multi-nation (27), multi-year (>3)
Beyond the emergency: transition to reconstruction and development phase.
Joint UN implementation: IOC,WMO,ISDR,UNDP
Reference:
Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.
80