Cybersecurity ecosystem and TDL - Trust in Digital Life · Cybersecurity ecosystem and TDL Antonio...
Transcript of Cybersecurity ecosystem and TDL - Trust in Digital Life · Cybersecurity ecosystem and TDL Antonio...
Cybersecurity ecosystem and TDL
Antonio F. Skarmeta
University of Murcia (UMU)
SPAIN
2 TDL Madrid 2015
• Trust Framework 1. Policies for trust in heterogeneous environment: definition of policies that include technical,
organization and business aspects. Auditing and enforcement schemes for policies
2. Trusted environment on the device: device integrity, using TPM, PKI and eID systems.
Bootstrapping trust on the device, related functions and protocols
3. Service integrity (ensuring trusted and reliable operations): CA, reputation system as
complementary schemes. Methods for the development of trusted services – integrity by design.
Disaster recovery, graceful recovery from failure
4. Data lifecycle management: access control, secure storage revision management and collaborative
schemes and proof of termination.
• Security and Trustworthiness 1. Transparent of the trust and accountability: Security audit and Service integrity
2. Vision from the user on interaction with the trust.
• Transversal Approach 1. the educational and training actions seems to be disperse over subsection that could be more
clearly related. Curricula and training programs
2. multidisciplinary research in security. It is important to introduce some reference to the
collaboration between disciplines to take into account the different perspectives.
CyberSecurity Challenges in a fully
connected World
3 TDL Madrid 2015
Trust, Security and Privacy
challenges
• Requirements from Security
– Lightweight design and efficient implementation of security
mechanisms and cryptographic algorithms
– Secure implementations in hardware and/or software
– Interoperable and scalable security mechanisms
• Requirements from Privacy
– Need for considering privacy in earlier stages (privacy-by design)
– Scenarios managing particularly sensitive information, access
control mechanisms are essential
– Mechanisms supporting minimal or selective disclosure of PII
– Requirements from Trust
– From privacy by design to trustworthy by design
– Dynamic Trust Management
4 TDL Madrid 2015
Automated Key Management &
Credentialing
• Automated key management is always harder than
the cryptographic primitives
– And the weak link is usually credentialing
• Pre-shared keys aren’t a realistic option
– The sheer number of devices in the IoT demands
automated key management
• Need to consider Usability
• Should support dynamic scenario and mobility
issues
5 TDL Madrid 2015
Motivation: Moving towards an user’s
environment connected Internet
Servers & PCs Internet
Humans & People Internet
Smart objects Internet
Extend Identity to Things
Right delegation
Add things temporarily to their personal space
Current Internet
evolving towards a
global network of
interconnected smart
objects affecting our
everyday lives Development of
wireless
communications
accelerating this
trend
Unprecedented
economic and social
opportunities for
companies and
people
6 TDL Madrid 2015
But this evolution presents challenges
Unprecedented growth in the number of devices and users connected to the Internet
Inherent scalability risk Increasing management
and interoperability complexity
Preserving the robustness and security of the new
systems and services
Openness and ubiquity features
Security Privacy
7 TDL Madrid 2015
• Participatory sensing and in general citizen involvement in the data
sharing is a new challenge to manage from the trust in smart cities.
• Business models around cities will evolve from improving actual services
and reducing cost to a more user-centric service vision
• Authentication and authorization paradigms need to be tunned for smart
cities and sensor integration due to the complexity of the scenarios and
data sharing and gatherings
• Need of research in the area of security specifically focus on sensors due
to the constrained capabilities in order to have effective solutions
• OpenData as a way of innovation in the services creations based on data
from Smart Cities
• Need to move from actual model of privacy and security to a more vision
of securities privacies or different level of privacy and security, where
concepts like circles of trust will affect the way trust is managed.
Smart Cities and IoT Challenges
8 TDL Madrid 2015
Security and Privacy challenges
• Standard security and access control mechanisms are used over the
Internet today
– These proposals often based on heavy primitives, difficult application on
resource-constrained devices
– Unlike current Internet, smart objects are working in harsh and uncontrolled
environments, prone to attacks and misuse and being controlled by non-
expert users
– Control on information sharing in IoT sharing requires advanced privacy-
preserving IdM techniques
• Requirements from Management
– Scenarios with millions of heterogeneous devices can not be managed by
centralized and out-of-band approaches self-management techniques
should be supported
– It includes the application of scalable mechanisms for bootstrapping,
configuration, upgrading and key management
9 TDL Madrid 2015
Gemalto, Microsoft, Nokia and Philips
founded the Trust in Digital Life research and
innovation consortium (TDL) in 2009 to
stimulate the development of Trustworthy
ICT solutions.
10 TDL Madrid 2015
Trust in Digital Life Action Plan
TDL Promise
4 step action plan
1. Consumer and industry needs
TDL bundles multidisciplinary and cross-sectoral expertise and
provides knowledge via public and industry debates
2. Challenging Strategic Research and Innovation
Agenda
Reference platforms and architectures, user stories, use
cases, white papers and research questions until 2020
3. Innovation project portfolio
Short and long term projects on the innovation lines: Trusted Stack, Service Integrity, Data life cycle
management
4. Short term pilot projects
Applied research & test bed focusing on the introduction of innovative solutions in consumer domains.
Taking away barriers, creating trust and awareness through tangible
trust/health indicators
11 TDL Madrid 2015
The Cost problem
Impact of transparent incidents = number times effect
Number of trustworthy ICT systems
Price level for trustworthy ICT
• Who is going to pay for trust?
• Will a trustable service survive?
12 TDL Madrid 2015
Net user value for
trustworthy ICT
Impact of transparent incidents =
number times effect Trust = Benefit Trust Paradigm Shift
Trust = Burden
Net user value for
trustworthy ICT
Can we bridge the gap?
• This is one of the objective of TDL
TDL objective
13 TDL Madrid 2015
The TDL Framework
End-2-End Trust Challenges Landscape
Research & Innovation
building blocks
TDL Framework
(fundamental) Research
Concept demonstrators
Pilot validation
Deployment
Research questions
Project portfolio stakholder roadmap
Architecturalframework
DataLifecyclemanagement
Pla orm&ServiceIntegrity
TrustedStackRegula on
PrivacybyDesign
PeopleenagagementAwareness
Transparency
14 TDL Madrid 2015
15 TDL Madrid 2015
The Roadmap for Horizon 2020
Horizon
Key
stakeholder 2012 2013 2014 2015 2016 2017 2018 2019 2020 Beyond
Trustedstack Industry
Government
Research
Government
Research
Datalifecycle Industry
management
Industry
Research
Industry
Platformand Industry
serviceintegrity
Research
Industry
Government
Industry
Managingtrustviareputationsystems
Distributedenforcementbypolicies
MeaseurmentEnd-to-endtrustworthiness
HarmonisedE-identityInfrastructure/TrustFramework
Trafficanalysisonprivacyaspects
Privacyfriendlydisclosure&userfriendlyaccess
ManagingSecuretransactions&traceability
Userawareness/TrustDashbaord
ConsentinH(ealth)&W(elness)
Transparancy&accountabilityforproviders
end-to-endindicator
Integrityforsmartphoneplatform
WebPKI
AssistedLivingKey
16 TDL Madrid 2015
COSTAR a “Trust in Digital Life”
incubator project
The COSTAR mission is to provide cybersecurity solution to SMEs more
resilient to cyber-attacks, by:
• Provisioning affordable managed cyber-security services
• Actively monitoring the health of SME infrastructure on subscriber
devices
• Providing remedial action to assist subscribed SMEs who have been
attacked
• Mounting training and awareness programs for the SME sector
• Collating cross border evidence of cyber-attacks to assist in effective
prosecutions by Criminal Justice organisations
17 TDL Madrid 2015
Conclusion Architecture need to
provide security and
privacy with a dynamic
trust model,
Need for an
infrastructure focused
on interoperability and
plug and play security
Security, and credential
management is
essential adapted to
cybersecurity
restrictions
Security and privacy
as first class objects