Transcript No Slide Title

ISSS / LORIS 2004 Conference
[email protected]
ISSS / LORIS 2004
eSecurity:
How is Europe Facing the New Challenges?
1
Agenda
•
•
•
•
ICT in the Future
Two Alternate Futures
e-Security: Vision 2015
e-Security 2015: Four Big Challenges
–
–
–
–
Elimination of Epidemic-style Attacks
Trustworthy Societal Applications
Quantitative Risk Management
Security and Privacy
• Trust and Security in FP6 IST - Call 1 Year 2003
– MEDSI
– FIDIS
– SECOQC
• Conclusions
2
ICT in the Future
• Smaller, cheaper, embedded computing
• Ubiquitous computing, ubiquitous communication,
intelligent interfaces (Ambient Intelligence)
• Global reach and global participation
• Growing volumes of data
• Growing population of user-centric services
–
–
–
–
–
Internet commerce
eGovernment
On-demand services
Telework
Individualised entertainment
3
Two Alternate Futures
• Overwhelming
unsolicited, junk
emails
• Rampant ID theft
• Frequent network
outages
• Frequent manual
intervention
• Largely unchecked
abuses of laws and
rights
• No ‘spam’ or viruses
• User-controlled
privacy
• Uninterrupted
communications
• Hassle-Free
computing
• Balanced regulation
and law-enforcement
4
e-Security: Vision 2015
•
•
•
•
•
•
•
Intuitive, controllable computing
Reliable and predictable
Supports a range of reasonable policies
Adapts to changing environment
Enables rather than constrains
Supports personal privacy choices
Security not as an afterthought, but as an
integral property
5
e-Security 2015: Four Big Challenges
1) Eliminate epidemic-style attacks within the next
decade
• Develop tools and principles that enable
development of large-scale systems for highly
trustworthy societal applications
• Quantitative risk management of informationsystems
• An Ambient Intelligence Space that gives endusers security they can understand and privacy
they can control
6
Elimination of Epidemic-style Attacks (1)
• Viruses and worms
• ‘SPAM’
• Denial of Service attacks (DOS)
7
Elimination of Epidemic-style Attacks (2)
• Epidemic-style attacks can be fast
• Price of entry is low for adversaries
• Unpredictable attack techniques and sources
– Polymorphic worms and viruses
– Anonymous attackers
• No organised active defence
– Poor visibility into global Internet operations
– No emergency global control
8
Elimination of Epidemic-style Attacks (3)
• Cost of attacks are tremendous
– Costs to enterprise operations
– Decreased productivity
– Loss of confidence in information infrastructure
• Internet is being used today for critical
infrastructure
– Hospitals, ATM networks, utilities, Air Traffic Control
• Eliminating malicious software will:
– Support emerging applications in areas of general
interest (e.g. telemedicine)
– Increase trust and confidence
9
Elimination of Epidemic-style Attacks (4)
• Nobody ‘owns’ the problem
– Finger-pointing among developers, network operators,
system administrators, and users
• Lack of Internet-scale data
• Lack of Internet-sized testbeds
• Lack of legislative support
• Conflicting economic interests
10
Elimination of Epidemic-style Attacks (5)
No more:
– Internet worms
– Internet-wide service interruptions
– Massive spam attacks against ISPs, email providers,
and businesses
Internet protection:
– Supplied standard on all new computers, routers, large
& small appliances
– A mitigation strategy is available for existing
infrastructure
11
Trustworthy Societal Applications (1)
• Patient medical record databases
• Fully supported electronic elections
• Law enforcement databases, ...
12
Trustworthy Societal Applications (2)
• Ambient intelligence pervades all aspects of
society
• Systems are being built and deployed now that
may not be fully trustworthy
• Critical applications must be trustworthy
13
Trustworthy Societal Applications (3)
• Reconciling various legal regimes with
technological capabilities
• Provision with acceptable cost
• Achieving balance of privacy with security in
record-keeping
• Integration/replacement of legacy applications
having lesser (or no) protections
14
Trustworthy Societal Applications (4)
• e.g., create online medical databases that survive
severe disasters and attacks without human
intervention
–
–
–
–
Confidentiality: no authorised disclosure of records
Integrity: no unauthorised alteration of records
Auditability: record all attempts to access online info
Availability: maximum downtime less that 2 minutes per
day, and an average of less that 5 minutes per month
– Accessible globally
15
Quantitative Risk Management (1)
• There is no sound and efficient management
without measure: if you don’t have a measure,
either you under-protect or you over-spend
• What you measure is what you get
– Measuring the wrong thing is as bad or worse as not
measuring anything at all
– The measures ultimately need to be consistent,
unbiased, and unambiguous
16
Quantitative Risk Management (2)
• Getting the model right, picking the right
measures, gathering the right data
• No one wants to be first to disclose information
• Data sharing and common terminology are
required
• Legal, cultural, business, and scientific issues
• The “I don’t want to know” mentality
17
Quantitative Risk Management (3)
• Ability to predict outcomes
• Ability to ‘titrate’ – choosing our point on the cost
vs. risk curve
• Businesses and governments can take more risk
and gain more reward
• Ability to communicate across the boundaries of
shareholders, suppliers, regulators, the market…
• Risk transfer for information security can achieve
liquidity
18
Security and Privacy (1)
• Technology can easily outrun comprehensibility
– Security implementation must not make this
worse
• End-user should not lose control of his/her
information, privacy, location
19
Security and Privacy (2)
• The looming future
– Instant access to information
– Exploiting the benefits of ICT everywhere
– Convenience, safety, empowerment
• Why a challenge for this community?
– Avoid the high pain of leaving these concerns for later
• Product-makers should not be the only
stakeholders in the design process
– Threats to privacy are a critical concern
• Multicultural issues
20
Security and Privacy (3)
• It’s important to get in at the beginning
• The Internet experience informs us:
– It’s also a social system, not simply a technology
• Once we give up privacy or security, we may not
be able to regain it
• Important to assert a leadership role while we can
21
Security and Privacy (4)
• User needs are much broader than traditional
security models
• Dynamic environments and device heterogeneity
are challenging
• Multiple competing stakeholders
• Difficulty to make things usable
• Real-life user security requirements and policies
are hard to express in terms of current mechanisms
22
Security and Privacy (5)
• Societal acceptance
– Does the user feel in control of this world she now lives
in?
– Has the user in fact lost control of his information, his
privacy?
• Emergence of a ubiquitous cyber space that is:
–
–
–
–
Simple and easy to use
Dependable, reliable
Trustworthy
Not overly intrusive
23
IST in FP6 - Call 1 Year 2003
• CZ Participation in Proposals
– 12 participations (out of 1127, i.e. 1.06%)
– No co-ordination (PL 2, BG & HU 1)
• CZ Participation in Projects
– MEDSI (STREP)
– FIDIS (NoE)
– SECOQC (IP)
2
1
1
24
MEDSI
“Management Decision Support for Critical Infrastructures”
18 months - 11 participants
• Rationale
– Asymmetric threats ==> it is necessary to provide a new open
framework for data sources fusion and interpretation
• Objectives
– An innovative system providing an integrated set of services to crisis
managers and planners in order to protect critical infrastructures
• Main innovations
– A tool to define and manage crisis scenarios for CIP
– A scalable system inter-operating with other existing or under
development systems ==> huge quantities of information accessible
– A new concept of GIS and simulation integration
• Czech Contractors
– T-SOFT spol. s.r.o. (crisis management)
– GISAT s.r.o. (remote sensing and geoinformation service)
25
FIDIS
“The Future of Identity in the Information Society”
60 months - 24 participants
• Rationale
– New concepts of identity emerge with the development of eSociety, e.g. multiple identity, pseudonymity, anonymity
– At the same time, needs for identification and authentication are
growing, in particular for official activities
• Objectives
– Shaping the requirements for the future management of identity
– contributing to the technologies and infrastructures needed
• Main innovations
– overcome the fragmentation of research into the future of identity
– durable integration of the implementation of research efforts
• Czech Contractor
– Masaryk University Brno (cryptography, privacy, biometrics)
26
SECOQC
“Development of a Global Network for Secure Communication
based on Quantum Crytography”
48 months - 42 participants
• Rationale
– Currently used encryption systems are vulnerable (e.g., increasing
power of computing technology, emergence of new code-breaking
algorithms, imperfections of PKI’s) ==> quantum cryptography
• Objectives
– To specify, design and validate the feasibility of an open Quantum
Key Distribution infrastructure dedicated to secure communication
• Main innovations
– Novel and reliable methods for secure long-range communication
– Increased trust in applications (e.g., e-vote, e-commerce)
• Czech Contractor
– Palacky University (Department of Optics), Olomouc
27
Conclusions
• Europe is confronted with major challenges in
the field of Security
• Immediacy of threat has led so far to excessive
focus on short-term R&D
• Lack of a culture of security across Europe
• Enlargement represents both another challenge
and an opportunity to devise European solutions
• Policy lags innovation
• Problems include yet go beyond national
defence
28
More Information
•
•
•
•
•
http://europa.eu.int/index-en.htm
http://europa.eu.int/information_society
http://eeurope-smartcards.org
http://www.cordis.lu/ist/
http://www.cordis.lu/ist/ka2/smartcards.html
[email protected]
(new Head of ‘Security Research’ Unit)
29
Děkuji!
30