A Preliminary Security Analysis of New Zealand's igovt System (ME Thesis)

 

Yu-Cheng Tu

University of Auckland

New Zealand

 

Submitted 15 July 2008

 

Abstract

Identity management is the emerging technology for organizations to administer identities.  It consists of business processes and policies as well as current practices for supporting such administration.

 

Since governments often deal with a large amount of people and identity information, identity management in recent years have become more important for delivering services to the public electronically.  New Zealand is an example of this, where an identity management system is being developed for its people.  The system is known as igovt, where it aims to manage the identities of New Zealand citizens when they interact with government agencies online.

 

In this thesis, we propose a method for analysing the security requirements of the New Zealand's igovt system.  We first identify the primary security objectives of the identity management system in general as well as the igovt system.  We then analyse the types of information held in the system using a novel extension of the FIDIS methodology.  And finally we use misuse case analysis to elicit security requirements for the igovt system.  Together, we present the preliminary analysis of the igovt system for illustrating our methodology.

 

Full thesis in PDF format (0.7 MB).