Develop indigenous Web browser, grab cash prizes

Develop indigenous Web browser, grab cash prizes

Subject: Science and technology

Section: Awareness in IT and Computers

Context:

The Ministry of Electronics and Information Technology is providing cash incentives totaling ₹3.4 crore for developers who create an indigenous Indian web browser that holds global potential.

Challenges in Web Browsing Landscape:

• India’s lack of a trusted root certifying authority poses challenges for web browsers.
• The Indian government and private websites need to acquire SSL certificates from foreign certifying authorities due to this trust gap.

Trust Requirement in the Controller of Certifying Authorities (CCA):

• Browser ideas participating in the competition must establish trust in the Controller of Certifying Authorities (CCA), 
  • which is the Indian government’s entity responsible for overseeing digital signatures, including SSL (Security Sockets Layer) certificates.
• The IT Act (Section 17) provides for the Controller of Certifying Authorities(CCA) to license and regulate the working of Certifying Authorities.

Understanding Root Certifying Authority:

• An entity entrusted with the highest level of authority to issue digital certificates, which are used to authenticate the identities of entities, such as websites, and encrypt communication.
• Root CAs areimplicitly trusted by web browsers and operating systems.
• Example: “DigiCert” is a well-known Root CA that issues certificates to intermediate CAs, allowing them to issue SSL certificates for various websites.

Understanding SSL Certificates and Website Security:

• SSL Certificates: SSL (Secure Sockets Layer) certificates are digital documents that provide security for online communications. They serve two primary purposes:
  • Encryption: SSL certificates encrypt data exchanged between a user’s browser and a web server, ensuring that sensitive information remains confidential.
  • Authentication: SSL certificates verify the identity of websites, assuring users that they are interacting with legitimate and trusted sites.
• Example: When a user visits a banking website, an SSL certificate ensures that the communication between the user’s browser and the bank’s server is encrypted, protecting account information.

India’s Lack of Trusted Root Certifying Authority:

• India currently lacks a root certifying authority that enjoys trust from major web browsers.
• Consequently, Indian government and private websites are compelled to procure SSL certificates from foreign certifying authorities.

Role and Status of Root Certifying Authority of India (RCAI):

• The CCA has established the RCAI under section 18(b) of the IT Act to digitally sign the public keys of CAs in the country.
• The requirements fulfilled by the RCAI include the following:
  • The license issued to the CA is digitally signed by the CCA.
  • All public keys corresponding to the signing private keys of a CA are digitally signed by the CCA.
• However, SSL certificates issued by RCAI lack recognition from most web browsers, necessitating reliance on foreign authorities.

Security Incident involving an Indian Certifying Authority:

• The National Informatics Centre (NIC), an organization authorized by the CCA, encountered a security breach in 2014 when fraudulent certificates were issued.
• As a result, major operating systems and browsers lost trust in India’s CCA, affecting website security.

Reducing Foreign Dependency and Forex Outflow:

• The effort seeks to diminish the significant foreign exchange outflow spent on purchasing SSL certificates from foreign sources.
• Creating a browser that trusts Indian certifying authorities can help reduce the financial burden on the nation.

Collaboration and Support:

The competition is organized and financially supported through a collaboration between the IT Ministry’s Research and Development division and the National Internet Exchange of India.