[kictanet] TODAY’S DEADLINE: Public Consultation on National Broadband Strategy for Kenya
Julius Njiraini
njiraini2001 at gmail.com
Fri Mar 15 14:13:43 EAT 2019
from Julius Njiraini
Computer security and Forensic consultants
0724293490
my proposal to ICT Policy discussion
*INTRODUCTION*
Information technology architects must build applications, systems, and
networks that match ordinary users' expectations of trust in terms of
identity, authentication, service level agreements, and privacy. These will
help in addressing every layer of business, technology, people, and
process. The trust model relies on complete requirements that include
business, technical, legal, regulatory, and fiduciary requirements. It does
this by offering secure services, implemented within a secure component and
which can be used at each level of a Chain of Trust: from the boot
mechanism, to the device operating system(OS) and up to the application
layer. A device OS is typically the main OS of the device that runs
applications and/or services. In the case of smartphones, it can be an OS
such as Android. On other Internet-of-Things (IoT) devices, examples may
include a Linux-based OS or a real-time operating system (RTOS)
*PROCESS.*
Step 1:
Root of Trust services to the device boot mechanism, including device
identification
and attestation services- Since the boot is assisted by the Root of Trust
from the secure component, the integrity of the device boot chain process
is assured and protection offered against various attacks and infections
from malware.
Step 2:
Secure services to protect the device OS- A connection between the device OS
and the secure component enables the device OS to access highly secure services
within the secure component. These can be used to protect the assets of the OS,
such as its certificates and update processes. Application assets, such as
data and keys, and end-user authentication also need to be protected.
Thanks to the secure component, they too can access the most advanced level
of security services.
Step 3:
Dedicated security services for device applications - To offer most value-added
services (VAS), device applications require more advanced security
services that
are optimized (in terms of security, performance etc.) and tailored for
that particular application (e.g. providing specific algorithms). Dedicated
security services can be loaded as needed into a secure component and made
accessible to the device applications which require them.
Digital service providers need to be confident that they can connect their
business activities and back end systems with end-point devices which are
trusted. This reassures them that they are interacting with, and serving,
the right customers. While the trusted end-point is vital to their service
delivery, so too is a secure communication channel between the service
provider’s server and the end user device. A secure channel enables service
providers to confidently use the secure services on the device, such as
those which allow them to:
· Enable or update digital services
· Enroll end users / devices to the service provider platform;
· Authenticate end users
· Store private data
· Authenticate data generated by the device;
· Protect data generated by the device ahead of data transmission
* exchange in the cloud. *
For Cloud Platform Providers In today’s connected device ecosystem, the
cloud platform provider has become firmly established as an actor which
provides a platform that enables end-users and suppliers to interact and /
or conduct transactions. There are different examples of this new ecosystem
player: for example, app stores (e.g. the App Store, Play Store) for
smartphone and tablet applications; online market places for consumers
(e.g. Amazon, Alibaba); and IoT cloud platform providers (e.g. Azure,
Google, Artik, etc.) for enterprise and M2M applications. All cloud
platform providers need to remotely and securely enroll and manage
connected devices; this enables the cloud provider to offer new services
and send regular updates. Secure end user and device authentication is also
commonly required, to ensure that the provider is interacting with the
intended devices and audience. The key requirements of cloud platform
providers are:
Enrollment - Complexities arise with device enrollment when the cloud
platform provider needs to enroll a variety of devices from heterogeneous
domains (e.g. healthcare, energy, home automation, etc.) and from different
manufacturers. Reliable device enrollment is critical for IoT cloud
platform providers across M2M and enterprise use cases. The Chain of Trust
established by the GlobalPlatform Device Trust Architecture supports device
identification and offers a solution for the secure storage of identity
credentials allocated by cloud platform providers.
· Remote management - Cloud platform providers must always be able
to remotely manage devices. To do this, the devices need to be trusted
end-points and they need a secure channel which allows them to engage with
the right devices and be sure that their update processes are not
compromised.
· Authentication - End user and device authentication are required
across both consumer and M2M use cases, to allow the correct access to
platform services and to ensure non-repudiation. The cloud platform
provider needs to use the secure services available on the device for this
purpose.
WHY IS THE DEVICE TRUST ARCHITECTURE NEEDED?
The connected device landscape is expanding rapidly. New devices and device
types are being connected to a range of different cloud platforms, new
device operating systems are being created and digital services are being
developed. Yet not all devices are secure enough to protect against threats
and attacks. Considering the sensitive nature of data being gathered and
exchanged between many connected devices, the lack of standardized security
poses a significant risk across the complete ecosystem. For digital
services to be a success:
· Service providers need to trust that the devices which are
responsible for gathering and sending back service-related data are fully
protected and updatable against future attack threats.
· Device makers need to support a range of device OS, securely
connect to multiple cloud platform providers and offer the right level of
security services to service providers.
· Cloud platform providers need to securely enroll many device
types, running a wide range of different secure services. End to end data
integrity, from verifiable devices, is fundamental to their business model;
big data is useless if you cannot trust the source of that data.
Collaboration between these key stakeholders on securing digital services
must therefore be a priority or the IoT ecosystem will not realize its full
potential and ‘big brand’ IoT data breaches could become the norm
*SOLUTION*
*1. **Digital Certificate*
A *Digital Certificate* is used to encrypt online data/information
communications between an end-users browser and a website. After verifying
that a company owns a website, certificate authority will sign their
certificate so it is trusted by internet browsers. Digital Certificates are
a means by which consumers and businesses can utilise the security
applications of *Public Key Infrastructure* (PKI). PKI comprises of the
technology to enables secure e-commerce and Internet based communication by
providing the following
*Identification / Authentication:*
The persons / entities with whom we are communicating are really who they
say they are.
*Confidentiality:*
The information within the message or transaction is kept confidential. It
may only be read and understood by the intended sender and receiver.
*Integrity:*
The information within the message or transaction is not tampered
accidentally or deliberately with en route without all parties involved
being aware of the tampering.
*Non-Repudiation:*
The sender cannot deny sending the message or transaction, and the receiver
cannot deny receiving it.
*Access Control:*
Access to the protected information is only realized by the intended person
or entity.
2. Digital Signature Digital Signature is a process that guarantees
that the contents of a message have not been altered in transit. You need a
digital certificate to digitally sign a document. However, if you create
and use a self-signed certificate the recipients of your documents will not
be able to verify the authenticity of your digital signature. They will
have to manually trust your self-signed certificate. The policy should come
with legislation of implanting Public Key infrastructure in Kenya.
On Fri, Mar 15, 2019 at 8:15 AM Nanjira Sambuli via kictanet <
kictanet at lists.kictanet.or.ke> wrote:
> Good day,
> Are we to assume that concerns raised here regarding today’s deadline for
> submitting comments have gone unheard?
>
>
>
> Regards,
> Nanjira.
>
> Sent on the move.
>
> > On 11 Mar 2019, at 19:18, info at elvisjonyo.co.ke wrote:
> >
> >> On 2019-03-11 13:51, Nanjira Sambuli via kictanet wrote:
> >> +1, Ali,
> >> Additionally, are there reflections on the successes and shortcomings
> >> for the 2013-17 period?
> >> For instance the goal on broadband speeds for rural vs urban areas, a
> >> very lofty goal therein?
> >> Regards,
> >> Nanjira.
> >> Sent on the move.
> >>> On 11 Mar 2019, at 07:29, Ali Hussein <ali at hussein.me.ke> wrote:
> >>> Gimode
> >>> Greetings. Seeing that you posted this email on Friday, 8th March, I'm
> curious to understand how the committee can expect to get substantive
> responses within a week on such a critical piece of document?
> >>> I think it's time this country reviews what it means when the
> constitution talks about Public Participation. I know that there are
> members of the August House in this list. I challenge them to address this
> issue. I fear that government officials are taking us through a 'tick the
> box' exercise when it comes to public participation.
> >>> Ali Hussein
> >>> Principal
> >>> AHK & Associates
> >>> Tel: +254 713 601113
> >>> Twitter: @AliHKassim
> >>> Skype: abu-jomo
> >>> LinkedIn: http://ke.linkedin.com/in/alihkassim
> >>> 13th Floor , Delta Towers, Oracle Wing,
> >>> Chiromo Road, Westlands,
> >>> Nairobi, Kenya.
> >>> Any information of a personal nature expressed in this email are
> purely mine and do not necessarily reflect the official positions of the
> organizations that I work with.
> >>>> On Fri, Mar 8, 2019 at 9:04 PM Gimode, Chiimbiru via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
> >>>> Dear Listers,
> >>>> You will recall the Ministry of Information, Communications and
> Technology (MoICT) constituted an inter-agency Steering Committee to review
> of Kenya’s first National Broadband Strategy (NBS) for the period
> 2013-2017. The Committee draws membership from the MoICT, Communications
> Authority of Kenya (CA), Vision 2030 Delivery Secretariat (VDS), National
> Communications Secretariat (NCS) and the ICT Authority (ICTA).
> >>>> The team is at the tail-end of the review of the NBS and is seeking
> views from the members of the public to enrich the NBS for the period 2018
> – 2023 in line with Constitution of Kenya 2010.
> >>>> Attached is a public notice on the same.
> >>>> You can access the consultation paper on the Authority’s website on
> this link:
> https://ca.go.ke/consumers/public-consultations/open-consultations/
> >>>> The deadline for submission of comments is 15th March 2019.
> >>>> Best Regards,
> >>>> Chiimbiru Gimode, CMRP, MPRSK.
> >>>> Communications Officer
> >>>> Communications Authority of Kenya (CA)
> >>>> Head Office: CA Centre,Waiyaki Way,Westlands, Nairobi I P.O Box 14448
> Nairobi 00800.
> >>>> Regional Offices: Mombasa I Nyeri I Kisumu I Eldoret
> >>>> Office Line : 0703-042-524 I Website : www.ca.go.ke I Twitter :
> @CA_Kenya
> >>>> Facebook : Communications Authority of Kenya I YouTube : CA Kenya I
> Instagram: CA Kenya
> >>>> Flickr : https://www.flickr.com/photos/cck-kenya
> >>>> Core Values:
> >>>> Integrity | Innovation| Excellence
> >>>> “Today is only one day in all the days that will ever be. But what
> will happen in all the other days that ever come can depend on what you do
> today’’-Ernest Hemingway
> >>>> Please be responsible, consider the environment before printing this
> e-mail.
> >>>> DISCLAIMER:- This email and any files transmitted with it are
> confidential and intended solely for the use by the individual(s) or entity
> to whom it is addressed to. If you are not the intended recipient, you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.
> Additionally, if you have received this email in error please notify the
> sender immediately by a reply e-mail. E-mail transmission cannot be
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message, which arise as a result of e-mail
> transmission.
> >>>> _______________________________________________
> >>>> kictanet mailing list
> >>>> kictanet at lists.kictanet.or.ke
> >>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> >>>> Twitter: http://twitter.com/kictanet
> >>>> Facebook: https://www.facebook.com/KICTANet/
> >>>> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
> >>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
> platform for people and institutions interested and involved in ICT policy
> and regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
> >>>> KICTANetiquette : Adhere to the same standards of acceptable
> behaviors online that you follow in real life: respect people's times and
> bandwidth, share knowledge, don't flame or abuse or personalize, respect
> privacy, do not spam, do not market your wares or qualifications.
> >> _______________________________________________
> >> kictanet mailing list
> >> kictanet at lists.kictanet.or.ke
> >> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> >> Twitter: http://twitter.com/kictanet
> >> Facebook: https://www.facebook.com/KICTANet/
> >> Unsubscribe or change your options at
> >>
> https://lists.kictanet.or.ke/mailman/options/kictanet/info%40elvisjonyo.co.ke
> >> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
> >> platform for people and institutions interested and involved in ICT
> >> policy and regulation. The network aims to act as a catalyst for
> >> reform in the ICT sector in support of the national aim of ICT enabled
> >> growth and development.
> >> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> >> online that you follow in real life: respect people's times and
> >> bandwidth, share knowledge, don't flame or abuse or personalize,
> >> respect privacy, do not spam, do not market your wares or
> >> qualifications.
> > It is unreasonable and dishonorable to expect the public to peruse
> through a document and give comments in one week. You might as well
> promulgate it as is.
> >
> >
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/njiraini2001%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20190315/8c57c5f5/attachment.htm>
More information about the KICTANet
mailing list