Transcript Diapositive 1 - Keio University

French (Network) Security
Research Activities
Serge Fdida
University Paris 6 & CNRS
Contributions from Michel Riguidel (ENST)
French/Japanese Joint Symposium on Computer Security
Tokyo – September 2005
Serge Fdida – CNRS – Sept’05
Background
• Research activity on Security in France was
quite fragmented
• Some strong communities
– Cryptography (Research Action “ACI”)
– Proof & Formal methods
– Dependability, Reliability
• Industrial / Gov interests
• Limited public funding
• Security (at large) not recognized as a noble
area and found to be limited in scope!
• Lack of programs in Education
Serge Fdida – CNRS – Sept’05
Background (2)
•
•
•
•
Security is multidisciplinary,
Incentives to bring researchers into this area
Expose this area as a priority
Initiatives launched in 2003 :
– ACI (Joint Incitative Research Action) – Ministry of
Research/INRIA/CNRS
• Head by Claude Kirchner
– RNRT (National Research Network in Telecommunications) –
special focus
• Monitored by Michel Riguidel (ENST)
– Strong link with Europe IST FPs
– STIC/Asia Program
– Expert Committee on Security at CNRS
Serge Fdida – CNRS – Sept’05
Security Targets
• Homeland (Defense)
• Critical Infrastructures (semi public, semi private)
– Trust to fight against cyber terrorism, strong
cybercriminality
– Safety, Security, Dependability
– Crisis management, public awareness
– Resilience
• Cybersecurity (public, private)
– Trust to fight against hackers, cybercriminality,
espionage, etc
– Security, Dependability
– Privacy
– Resilience
Serge Fdida – CNRS – Sept’05
Emergence of new security challenges
• Critical infrastructure protection
– Large scale complex systems (ICT + physical
infrastructure) with interdependencies: Electricity power,
water supply, networks, etc
– We need robust and resilient infrastructures to reduce
vulnerabilities
• Security of Smart spaces or Ambient Intelligence
– Pervasive and ubiquitous computing
• Electronic devices, sensors : disseminated, not
supervised
– We need to introduce ambient security
• Global Localization Information, Global Identification
Serge Fdida – CNRS – Sept’05
Emergence of new security challenges (2)
• Networked communication systems (self-x architectures)
– Self organizing networks, architectures of Internet caches &
mirrors, DNS-Sec,
– Self healing architecture, privacy in mobile networks
• Grid security
– Reconfigurable distributed organization to provide a service
• Spontaneous real time organization
– We need
• To secure the grid (components & infrastructure)
• To be protected from malicious grids (ethical computations)
• Content protection
– Video distribution, DRM, …
• Require
– Fundamental research
– Application & Test-Beds (measurement, honeyspots, …)
Serge Fdida – CNRS – Sept’05
http://www.telecom.gouv.fr/rnrt/index.htm
RNRT Security Call For
Projects in 2005
Serge Fdida – CNRS – Sept’05
RNRT
• Created in 1998
– Fund 212 projects, 200 M€, Cost 440 M€
• Funding to launch calls in the area of
Telecommunications and Networking
• Joint projects : Industry, Academia, SMEs
• Budget of about 30Me for 2005
• Peer with RNTL (Software), RIAM (Multimedia)
• Linked with ARA SIASE (C. Kirchner)
Serge Fdida – CNRS – Sept’05
Security (1)
• The 2005 Call for Projects addresses the new
practices & modern approaches in Security
– Security of software & Content Distribution
• Digital Rights Management, Intellectual Property Rights, …
– Security of New Architectures & Paradigms
• Grids, P2P, Ad-hoc, …
– ”Just-in-Time” Security
• Downloading patches, weekly or daily Software upgrades,
reconfigurability
– Security Crisis Management
Serge Fdida – CNRS – Sept’05
Security (2)
• The Call for Projects is focused on security
of Complex Systems or Infrastructures
– With heterogeneous technologies
– Taking into account non functional properties
(mobility, interoperability, flexibility, …)
• Infrastructures, Networks, Very Large Information Systems
• Networks & Information Systems (enterprise, personal)
• Multimedia Content
Serge Fdida – CNRS – Sept’05
Security (3)
• IT networks
Internet, WiFi, Enterprise LANs, Bluetooth, RFId,
Sensors, …
• Telecom Infrastructures
Satellites constellations, telecom networks, mobile
networks (GSM, GPRS, UMTS, WiMax)
• Broadcast networks (TV, Radio)
Content protection, digital movies … (trust digital chain)
• Information Systems
Government, Enterprise, Home & Personal Networks
Serge Fdida – CNRS – Sept’05
Security (4)
• Security Functions’ point of view
– Identity of a physical person
• biometry, with trusted personal entity – smart cards, etc
– Authentication
• with digital signature, labeling or watermarking
– Audit
• facts accountability, personal accountability, traceability
– Management of rights, privilege, etc
– Authorizations
• with security policy
– Security Management
• tools administration, overall assessment of the security assurance
level
Serge Fdida – CNRS – Sept’05
ARA SIASE
• Follow-on of the ACI Security
• Presentation by Claude Kirchner …
Serge Fdida – CNRS – Sept’05
Europe
• National / European projects
• French academic & Industry are largely
involved
• Integrated Projects
• Networks of Excellence
• STREPs
• Security in FP6
• Security in FP7
Serge Fdida – CNRS – Sept’05
Security in FP6
with France participation
Serge Fdida – CNRS – Sept’05
Europe FP6 – some examples
•
•
•
•
•
•
•
NoE FP6 - ECRYPT : Cryptography, J Stern (LIENS).
INRIA.
IP FP6 - SEINIT : Network Security. M Riguidel (LTCI)
head of the project
IP FP6 - SECOQC : Quanta cryptography. Philippe
Grangier (CNRS, Laboratoire C Fabry de l’Institut
d’Optique) and M Riguidel involved
IP FP6 - PRIME : Privacy (Privacy) and Identity
management. Y Deswarte (CNRS) and R Molva (GET)
involved.
IP FP6 - e-JUSTICE : Common secured exchange
platform for administrative information's. R Molva
(GET).
IP FP6 – INSPIRED : Personal data authentication.
INRIA involved.
NoE FP6 – Biosecure : Biometry (GET).
Serge Fdida – CNRS – Sept’05
e-JUSTICE : Towards a global security
and visibility framework for Justice in Europe
• To define, develop, teach, test and prepare the
deployment of a complete and innovative system
to improve security of the communities and the
privacy of the bearers, and to provide
interoperable keys to digital information.
• Research on security will focus on smart identity
cards, on-chip combined biometrics,
cryptography and PKI interoperability, and rights
management.
• Eurecom, Thales, Greffe Tribunal Paris
Serge Fdida – CNRS – Sept’05
INSPIRED : Integrated Secure Platform for
Interactive Personal Devices
• To specify and develop a new generation of
secure portable devices called Trusted Personal
Device (TPD), addressing the main
requirements for trust and security of the
information society
• The TPD technology can provide devices that
will combine a fully integrated security
architecture (HW, SW, OS, communications…)
with ultra-portability, low-cost, and advanced
networking and mobile communication features.
• INRIA, Gemplus, Schlumberger, …
Serge Fdida – CNRS – Sept’05
PRIME : Privacy and Identity Management
for Europe
• To research and develop approaches and solutions for
privacy-enhancing identity management,
• The project will address foundational technologies (humancomputer interface, ontologies, authorisation, cryptology),
assurance and trust, and architectures.
• Application scenarios, including on-line healthcare
systems, location based services, privacy preserving
customer databases, anonymous access to infrastructure
for mobile workers, privacy enhancing ambient
intelligence.
• IBM fr, LAAS-CNRS, Eurecom
Serge Fdida – CNRS – Sept’05
s-BORDER : Privacy respectful and threat
tuneable traveller smart monitoring system
• To promote the early adoption of Automated
Travel Document Control and Risk Assessment
systems during the various phases of the travel,
including the border control,
• Technologies such as advanced biometrics,
contactless chip circuits, digital certificates and
scoring systems to both automate the flow of norisk passengers and allow detecting potential
risky ones,
• France Telecom, Gemplus, Sagem
Serge Fdida – CNRS – Sept’05
SECOQC : Development of a Global Network for Secure
Communication based on Quantum Cryptography
• To specify, design and validate the feasibility of
an open Quantum Key Distribution (QKD)
infrastructure dedicated to secure
communication as well as to fully develop the
basic enabling technology.
• The S&T objectives are: to design physical
devices ready to allow applicable Quantum Key
Distribution
• University Nice, Thales, Laboratoire d’Optique,
ENST
Serge Fdida – CNRS – Sept’05
SEINIT : Security Expert INITiative
• To ensure a trusted and dependable security
framework, ubiquitous, working across multiple
devices, heterogeneous networks, being
organization independent (interoperable) and
centered on the ambient intelligence around an
end-user.
• The project will explore new security models and
build the architecture and components to
address the nomadic, pervasive, multi-players
communicating world (IPv6)
• Thales, ENST, 6Wind
Serge Fdida – CNRS – Sept’05
ECRYPT : European Network of Excellence in
Cryptology
• To ensure a durable integration of European
research in both academia and industry and to
maintain and strengthen the European
excellence in these areas.
• 35 leading players will integrate their research
capabilities within 5 virtual labs focused on :
symmetric key algorithms, public key algorithms,
protocols, implementation, watermarking. These
labs will advance the state of the art in their
domains and develop common tools,
• ENS, Gemplus, Cryptolog, CNRS
Serge Fdida – CNRS – Sept’05
Security in FP7
• A proposal for Strategic Objectives of the FP7 : “embracing all
the security paradigms of the past 30 yrs and the next 10 years”
• Security, Trust & Dependability of
– the new pervasive digital landscape & ambient
intelligence
• Infrastructures of the digital urbanization
– Interdependencies, survivability, robustness, resilience,
maintenance of trust
• Massive passive and low-energy wireless autonomous
computers (RFIds, etc)
• Peer to peer and new spontaneous architectures (grids…)
– Security of distributed virtual operating systems
– embedded systems & end-user terminals
• Security of hardware (smart cards, low energy, …)
• Security of new nanokernels & operating systems
Serge Fdida – CNRS – Sept’05
Security in FP7 (con’t)
• Privacy of European citizens
– with a set of profiles of virtual identities
• Biometry, personal attributes
• History elements (Tracing activities to be checked, that can
be deactivated)
– And with trusted personal entities
• Security of complex and/or massive computing &
services & data & knowledge
–
–
–
–
Large databases, web services, semantic web
Grids of computations
Distribution of content, mobile code
Virtual communities
Serge Fdida – CNRS – Sept’05
Thanks
Babel Tower : Security Management
How to secure & to manage the security infrastructure ?
Serge Fdida – CNRS – Sept’05
CNRS STIC
Presentation
Serge Fdida – CNRS – Sept’05
Serge Fdida – CNRS – Sept’05
Key elements
• Around 26 000 employees of whom
 11 600 are researchers
 14 400 are engineers and administrative staff
• 1 170 research units
(85 % are associated with universities)
• An annual budget of 2,6 billion euros
Serge Fdida – CNRS – Sept’05
(for 2006)
Board of Trustees
President
National council on
scientific research
Regional Director
IDF
Regional Director
NE
Regional Director
NW
Regional Director
SE
Regional Director
SW
Strategic Planning Mission
General Director
General Secretary
And DRH
Deputy
General
Secretary
General Scientific
Director
Regional European
International
Director
Director of industrial
and technology transfer
Communication
director
Serge Fdida – CNRS – Sept’05
Scientific department
- MIPPU - 1
Scientific department
C-2
Scientific department
V-3
Scientific department
- HS - 4
Transversal Department
EDD – 1
Transversal Department
I–2
Institute –
IN2P3 - 1
Institute
- INSU - 2
The STIC Department
http://www.cnrs.fr/STIC/
Serge Fdida – CNRS – Sept’05
Our partners
• Universities
• INRIA (The French national institute for research
in computer science and control
• CEA (Atomic Energy Commission)
• GET (Education et Research in Information and
Communication Technologies)
• etc.
Serge Fdida – CNRS – Sept’05
Staff in the STIC Labs
May 2005
• CNRS researchers
813
• Researchers from other organizations 326
• Permanent university staff
4195
• Ph.Ds.
4778
• Post-docs
321
5334
5099
• CNRS engineering and
administrative support staff
809
• from organizations
353
• from universities
584
• TOTAL
12 179
Serge Fdida – CNRS – Sept’05
1746
Regional centers
Lille
Lens
Valenciennes
Amiens
Rouen
Compiègne
Ile de
France
Brest Lannion
Brest
Main centers
Le Mans
Vannes
Angers
Secondary centers
Nantes
Metz
Strasbourg
Nancy
Troyes
Orléans
Belfort
Dijon
Tours
Besançon
Poitiers
Lyon
SaintEtienne
Grenoble
Bordeaux
Nice
Avignon
Toulouse
Montpellier
Serge Fdida – CNRS – Sept’05
Marseille
Resources
• 23 M€ total budget (excluding salaries)
• 30 to 35 new permanent research positions per year
• 40 new engineering and administrative positions per
year
• 16 short-term positions (typically 3 years)
• 40 post-doc positions (1 year)
• 40 Ph.D. grants
• 60 research positions for university staff
Serge Fdida – CNRS – Sept’05
Research units
• 114 laboratories
•
9 federations
+
•
14 joint laboratories with industry
•
10 international laboratories
Serge Fdida – CNRS – Sept’05
International priorities of STIC department
• Europe
• Asia
 China
 India
 Japan
• North America
Serge Fdida – CNRS – Sept’05
Main International Institutional Cooperation
Amérique
du Nord
North America
Un International
laboratoire mixte
international
common
lab
GEORGIA
TECH
(Atlanta)
Georgia Tech (Atlanta)
1 PICS program
Scientist exchange
Amérique centrale
Central America
2 Laboratoires
2 Associated
mixtes: LAFMILaboratoratories
LAFMAA
LAFMI LAFMAA
3 years term
EuropeanEurope
communauty
RUSSIE
1 Russia
Laboratoire Commun
1
common lab
1 jumelage
twinning program
1 1PICS
communautaire
2 european
associated 1 scientist exchange program
2
LEA
laboratories
Japan
JAPON
(Suisse
Belgique)
LIMMS/CIRMM
Switzeland and Belgium
HORS
JAPON
LIMMS/CIRMM
Asia
Outside
JRL
2 Common
labs
Japan
1 PICS
3
Laboratoires
JRL
(project)
3 commons labs
1 Scientist exchange
IPALcommuns
: Singapore
IPAL:
Singapour
program
LIAMA : China
LIAMA:
Chine
MICA
: Vietnam
MICA
:Vietnam
1 Scientist exchange
1 PICS
program
AUSTRALIE
Australia
1
PICSexchange
1 scientist
program
Information and Communication Sciences and
Technologies
Serge Fdida – CNRS – Sept’05
Partnerships in Japan
 JRL : Joint Robotic Laboratory
– AIST: National Institute of Advanced Industrial Science and
Technology with CNRS
– ISRI : Intelligent Systems Research Institute with STIC
 LIMMS : Laboratory for Integrated Micro-Mechatronic Systems
– IIS : Institute of Industrial Science, The University of Tokyo
– CNRS
 CIRMM : Center for International Research on Micro-Mechatronics
– IIS : Institute of Industrial Science
Serge Fdida – CNRS – Sept’05