Prime Minister Abiy Ahmed (PhD) inaugurated Ethiopia’s first Public Key Infrastructure (PKI) ushering in a significant security milestone in the digital scaffolding of the country. The launch ceremony held last week at the Information Network Security Agency (INSA) headquarters was attended by several senior officials, who were set to receive certification on behalf of their respective institutions
PKIs refer to the entire ecosystem of software, hardware, policy, algorithms, and procedures to regulate the issuance of digital certificates and electronic verification. The certificates create a reliable communication channel by establishing the identity of the owner, the signature of the certificate authority, and other relevant details through third-party verification.
PKI enables secure communication by encrypting data so that only authorized recipients can decrypt and access the information. This is crucial for protecting sensitive data transmitted over public or unsecured networks. The infrastructure is foundational for securing online banking, email, virtual private networks (VPNs), software distribution, and more.
A nostalgic Abiy who returned to an institution (INSA) he was crucial in founding expressed a sense of delight in the realization of years of hard work and foresight in the project. The PM heralded the creation of a PKI as the coming to fruition of foundational aspirations for an Agency, which features a ‘key’ in its logo.
“You have achieved what we could not during our tenure,” Abiy said.
He labeled the infusion of digital signatures and the attainment of encryption capabilities as a foundational pillar for a trustworthy digital ecosystem. Abiy explained how regulator institutions like the National Bank of Ethiopia could obtain root certificates from the Agency to facilitate secure services to entities under their purview.
Ethiopia’s six-year-old Electronic Signature Proclamation requires the use of an asymmetric cryptosystem with unique links to the signatory, a key under the sole control of the signatory, and a message link that informs of subsequent changes. The proclamation signed into law by former president Mulatu Teshome (PhD) recognizes INSA as the sole recognized root certificate authority with conditions for certification excluding private individuals, and corporations based out of Ethiopia.
While several encryption methodologies are available internationally, the most common form of encryption used today involves a public key, which anyone can use to encrypt a message, and a private key (also known as a secret key), which only one person should be able to use to decrypt those messages.
However, PKIs are not without vulnerabilities. Research that analyzed 1300 instances of PKIs notes potential vulnerabilities in the “backdating” of digital certificates, the issuance of these for MITM (man-in-the-middle attack) attempts, the lack of verification of a requester’s identity, and the unscrupulous issuance of rogue certificates.
Habtamu Teshome, Communications officer at INSA, expects the launch of the PKI to bring about a marked improvement in the national integrity of communications. He says the degree of confidence when information is exchanged between parties will be enhanced with infrastructure.
“It is an important step,” Habtamu told Shega.
He believes the establishment of an infrastructure that enables reliable transfer of digital documents will increase overall confidence in the country’s network infrastructure. Habtamu explained how other authorities will need to obtain a root certificate from the Agency to subsequently issue it for the relevant entities.
“PKI refers to a comprehensive infrastructure,” the official noted.
INSA is tasked with ensuring the trustworthiness and the overall security of the cryptosystem, issuing licenses and monitoring certificate providers, as well as establishing subsequent working procedures.
Abenezer Feleke, Strategic Communications Advisor at the National ID project, explained how the digital ID plays a crucial role in the overall PKI infrastructure as an enabler. He pointed out how several other factors, like device penetration, network access, and data management, feed into the ecosystem.
“It is all interdependent,” Abenezer told Shega.
A person who issues certificates without a license from INSA could face up to 200,000 birr in fines, while the manufacturing of crypto products unrecognized by the Agency may be fined up to half the amount.
Follow us
