Cybersecurity ecosystem and TDL Antonio F. Skarmeta

Transcription

1 Cybersecurity ecosystem and TDL Antonio F. Skarmeta University of Murcia (UMU) SPAIN

2 CyberSecurity Challenges in a fully connected World Trust Framework 1. Policies for trust in heterogeneous environment: definition of policies that include technical, organization and business aspects. Auditing and enforcement schemes for policies 2. Trusted environment on the device: device integrity, using TPM, PKI and eid systems. Bootstrapping trust on the device, related functions and protocols 3. Service integrity (ensuring trusted and reliable operations): CA, reputation system as complementary schemes. Methods for the development of trusted services integrity by design. Disaster recovery, graceful recovery from failure 4. Data lifecycle management: access control, secure storage revision management and collaborative schemes and proof of termination. Security and Trustworthiness 1. Transparent of the trust and accountability: Security audit and Service integrity 2. Vision from the user on interaction with the trust. Transversal Approach 1. the educational and training actions seems to be disperse over subsection that could be more clearly related. Curricula and training programs 2. multidisciplinary research in security. It is important to introduce some reference to the collaboration between disciplines to take into account the different perspectives. 2

3 Trust, Security and Privacy challenges Requirements from Security Lightweight design and efficient implementation of security mechanisms and cryptographic algorithms Secure implementations in hardware and/or software Interoperable and scalable security mechanisms Requirements from Privacy Need for considering privacy in earlier stages (privacy-by design) Scenarios managing particularly sensitive information, access control mechanisms are essential Mechanisms supporting minimal or selective disclosure of PII Requirements from Trust From privacy by design to trustworthy by design Dynamic Trust Management 3

4 Automated Key Management & Credentialing Automated key management is always harder than the cryptographic primitives And the weak link is usually credentialing Pre-shared keys aren t a realistic option The sheer number of devices in the IoT demands automated key management Need to consider Usability Should support dynamic scenario and mobility issues 4

5 Motivation: Moving towards an user s environment connected Internet Servers & PCs Internet Humans & People Internet Smart objects Internet Extend Identity to Things Right delegation Current Internet evolving towards a global network of interconnected smart objects affecting our everyday lives Development wireless communications accelerating of this trend Unprecedented economic and social opportunities companies people for and Add things temporarily to their personal space 5

6 But this evolution presents challenges Unprecedented growth in the number of devices and users connected to the Internet Inherent scalability risk Increasing management and interoperability complexity Preserving the robustness and security of the new systems and services Openness and ubiquity features Security Privacy 6

7 Smart Cities and IoT Challenges Participatory sensing and in general citizen involvement in the data sharing is a new challenge to manage from the trust in smart cities. Business models around cities will evolve from improving actual services and reducing cost to a more user-centric service vision Authentication and authorization paradigms need to be tunned for smart cities and sensor integration due to the complexity of the scenarios and data sharing and gatherings Need of research in the area of security specifically focus on sensors due to the constrained capabilities in order to have effective solutions OpenData as a way of innovation in the services creations based on data from Smart Cities Need to move from actual model of privacy and security to a more vision of securities privacies or different level of privacy and security, where concepts like circles of trust will affect the way trust is managed. 7

8 Security and Privacy challenges Standard security and access control mechanisms are used over the Internet today These proposals often based on heavy primitives, difficult application on resource-constrained devices Unlike current Internet, smart objects are working in harsh and uncontrolled environments, prone to attacks and misuse and being controlled by nonexpert users Control on information sharing in IoT sharing requires advanced privacypreserving IdM techniques Requirements from Management Scenarios with millions of heterogeneous devices can not be managed by centralized and out-of-band approaches self-management techniques should be supported It includes the application of scalable mechanisms for bootstrapping, configuration, upgrading and key management 8

9 Gemalto, Microsoft, Nokia and Philips founded the Trust in Digital Life research and innovation consortium (TDL) in 2009 to stimulate the development of Trustworthy ICT solutions. 9

10 Trust in Digital Life Action Plan TDL Promise 4 step action plan 1. Consumer and industry needs TDL bundles multidisciplinary and cross-sectoral expertise and provides knowledge via public and industry debates 2. Challenging Strategic Research and Innovation Agenda Reference platforms and architectures, user stories, use cases, white papers and research questions until Innovation project portfolio Short and long term projects on the innovation lines: Trusted Stack, Service Integrity, Data life cycle management 4. Short term pilot projects Applied research & test bed focusing on the introduction of innovative solutions in consumer domains. Taking away barriers, creating trust and awareness through tangible trust/health indicators 10

11 The Cost problem Price level for trustworthy ICT Who is going to pay for trust? Will a trustable service survive? Number of trustworthy ICT systems Impact of transparent incidents = number times effect 11

12 TDL objective Can we bridge the gap? This is one of the objective of TDL Net user value for trustworthy ICT Trust Paradigm Shift Trust = Benefit Impact of transparent incidents = number times effect Trust = Burden Net user value for trustworthy ICT 12

13 The TDL Framework End-2-End Trust Challenges Landscape TDL Framework Project portfolio stakholder roadmap Research & Innovation building blocks Research questions People enagagement Awareness Transparency Regula on Privacy by Design Trusted Stack Pla orm & Service Integrity Architectural framework Data Lifecycle management (fundamental) Research Concept demonstrators Pilot validation Deployment 13

14 14

15 The Roadmap for Horizon 2020 Horizon Key stakeholder Beyond Trusted stack Data life cycle management Platform and service integrity Industry Government Research Government Research Industry Industry Research Industry Industry Research Industry Government Managing trust via reputation systems Distributed enforcement by policies Measeurment End-to-end trustworthiness Harmonised E-identity Infrastructure / Trust Framework Traffic analysis on privacy aspects Consent in H(ealth) & W(elness) Privacy friendly disclosure & user friendly access Managing Secure transactions & traceability User awareness/trust Dashbaord Transparancy & accountability for providers end-to-end indicator Integrity for smartphone platform WebPKI Industry Assisted Living Key 15

16 COSTAR a Trust in Digital Life incubator project The COSTAR mission is to provide cybersecurity solution to SMEs more resilient to cyber-attacks, by: Provisioning affordable managed cyber-security services Actively monitoring the health of SME infrastructure on subscriber devices Providing remedial action to assist subscribed SMEs who have been attacked Mounting training and awareness programs for the SME sector Collating cross border evidence of cyber-attacks to assist in effective prosecutions by Criminal Justice organisations 16

17 Conclusion Architecture need to provide security and privacy with a dynamic trust model, Need for an infrastructure focused on interoperability and plug and play security Security, and credential management is essential adapted to cybersecurity restrictions Security and privacy as first class objects 17

18 Thanks Antonio F. Skarmeta University of Murcia (UMU) SPAIN 18