A cross-disciplinary day including panels to outline the next five years changes and challenges for the connected consumers, citizens, employees, cities and smart devices. The Plenary Opening is common to the five World Smart Week conferences (Smart Contactless Word, M2M Innovation World, World e-ID & Cybersecurity, Connect Security World and Smart Cities Day): their delegates are invited to meet and exchange on common themes!
The connected security in 5 years First keynotes announced • Donna Dodson, Chief Cybersecurity Advisor and Executive Director CCoE, US NIST • Samia Melhem, Lead Policy Officer, Global ICT Group, World Bank • Helmut Scherzer, Senior Technology Manager CTO Office, Giesecke & Devrient • Dr. Angelika Steinacker, IAM Competency Leader Europe / Global Security Practice, IBM
1.00 – 2.00pm: Lunch – Networking - Opening of the Smart Innovation Show Exhibition
The connected city in 5 years First keynote announced • Liora Shechter, CIO, (Smart) City of Tel Aviv
The connected objects and systems in 5 years First keynotes announced • Dirk Slama, Director of Business Development, Bosch Software Innovations Germany • Pr. Janusz Filipiak, Founder & CEO, Comarch • Jim Morrish, Founder & Chief Research Officer, Machina Research • Dr. Mohan Reddy, Founder & Chairman, Cyient
EKSISTENZ combats the identity thief by creating a real and strong link between the citizen and its primary identity document.
The partners of this EU funded project will share their latest findings and innovative responses.
Securing IoT Devices, Infrastructure and Ecosystems
The world of connected “everything” offers an exciting future, but it presents unprecedented challenges in the way we secure and manage devices, the data they produce, and entire systems themselves. This session reviews the different options to integrate security in the IoT context at device, infrastructure, standards and ecosystems levels. Multiple focuses on specific use cases will show also the evolving needs.
Threat Modelling for the Internet of Things Eric Vetillard, Product Manager, Java Card and IoT Security, Oracle, France
• Identifying the specific threats to Internet of Things More
• Mitigation of threats around an IoT Cloud Service
• Countermeasures applied on an IoT Gateway
• Determining the appropriate level of security for a deployment
Creating a 'Fabric of Trust' for IoT Phil Attfield, CEO, Sequitur Labs, USA
• Scalable management framework with highly flexible deployment options: data center/cloud, gateways, mobile devices, Internet of Things, or other embedded devices More
• Distributed, end-to-end device and service management of IoT and mobile devices via trusted-execution-environment (TEE) and/or secure element, backed by hardware root of trust
• Programmable policy enabling real time, event driven, context aware security & management
• Use-case scenarios that position the management & control framework in terms of enterprise, industrial & consumer applications.
Rethinking Security for the Internet of Things Mikael Dubreucq, IoT Marketing Director, Inside Secure, France
• The IoT ecosystem will require flexible levels of protection: optimized and adapted for the object to object environment More
• Which IoT security solution (chip, HW platform, software & applications) is best depends on the use case
• The right security architecture for IoT will secure the root of trust in the value chain
Developing the Right Architecture for Secure IoT Devices Kerry Maletsky, Senior Director, Cryptographic Products, ATMEL, USA
• IoT designers cannot ignore the accelerating rate of publicized security problems More
• IoT Systems can be re-architected to include cost effective hardware security
• Most current systems can be easily attacked in multiple ways
• Every IoT device, no matter how small, needs to include hardware security
Privacy Issues in 6LoWPAN Wireless Sensor Networks Florian Pebay-Peyroula, Head of connected objects/systems security Laboratory, CEA, France
• Description of 6LoWPAN standard and protocols More
• Analysis of privacy information contained in the headers when no security is used
• Study of private information still disclosed when security is enabled
• Synthesis of information intercepted in a 6LoWPAN network with a proper use of the security
Connected Health and Cybersecurity Edmond Cisse, IS Risk Manager, URAEUS Consult, France
• IoT and BYOD concepts growing implantation in healthcare industry More
• Focus on new intentional cyber-threats against healthcare organizations
• The cybersecurity threats mitigation tools (regulations, risk management, controls… )
The sessions address the latest issues in security and privacy ofcloud services/data, mainly seen from a client-side security perspective. Besides virtualization risks and HSMs, "end -to-end encryption vs client-side encryption for cloud" debate is on the agenda.
Cloud Centric Data Security Michael Osborne, Manager Cloud Solutions and Security, IBM Research Division, Zurich Research Laboratory
· Extracting business insights from big data using cloud technologies More
• The uniqueness of data
• The challenges with protecting data, approaches to desensitising data
• Insight into the future data protection technologies
How One to One Sharing Enforces Secure Collaboration Laurent Henocque, Founder and CEO, Keeex, France
• Cloud and sharing solutions abound, but do not make our life easier More
• Collaborating over heterogeneous clouds or systems is impossible in confidentiality
• Secure One2one sharing over legacy cloud/technical solutions solves the problem
End-to-End Encryption Vs Client-Side Encryption for Cloud
Data Protection for the Perimeterless Enterprise
Strong Authentication on the move
DIY ID – Self-Service Models for Secure Mobile Credentials Chris Edwards, Chief Technology Officer, Intercede, UK
• How can ‘bring your own ID’ work? More
• How can we derive verifiable credentials from a range of breeder documents?
• How can we protect and trust derived credentials?
• When should we use self-asserted identities?
Why we need an Offline Personal Authentication Device Audun Josang, Professor, University of Oslo, Norway
• The OffPAD (offline personal authentication device) concept More
• Portable multilateral authentication
• Id model and device compatibility
• Immunity against malware
Electronic identity is more and more the bond of trust between citizens and online public services, and in some countries banking services. As m-payment industry is looking for stronger customer authentication, Mobile ID solutions can provide a strong level of identity assurance while keeping it simple for end users. Review of the latest mobile ID projects round the world, their convergence with m-payment and the technology requirements.
Mobile Identity – The Fusion of Financial Services, Mobility and Identity in a Hyper-Connected World Rocky Scopelliti, Global Industry Executive – Banking, Finance & Insurance, Telstra, Australia
• In a world where the smartphone has become the link between our human identity and our digital one, how do consumers now prefer to be identified? More
• How can mobile technologies shift the trust paradigm from one of having to prove who we are, to one of being recognised for whom we are?
National Mobile ID Schemes: Learning from Today's Best Practices Coralie Mesnard, Digital Identity Solutions Marketing Manager, Gemalto, France
• Unique study on Mobile ID in 14 countries/regions More
• Give some readability on Mobile ID projects : trends are shown
• Lessons learnt: Learning from past experience and today’s best practices
• Not about Gemalto but countries
Orange & GSMA Mobile ID experience (TBA)
Speaker from Orange TBC
Where e-Payments and Mobile ID Meet David Ruana, Product Manager, Safelayer Secure Communications, Spain
• Using National eIDs, in general, and MobileID, in particular, as a form of identification for e-payments More
• eIDAS contribution to the e-payment industry
• Compliance with SecuRe Pay and Payment Service Directive (PSD2) in the EU
Virtual Secure Element and Digital Driving License, the Future of Electronic Documents Sébastien Bahloul, Product Manager, Morpho, France
• What are the key drivers for shifting from hardware secure and electronic documents to virtual eID? More
• What are the countries/states engaged in this route?
• What are the legal and technical challenges?
Mobile ID – Strong Authentication Tool for e-Services Jana Krimpe, Founder “B.est Solutions” LLC, Head of the Mobile ID project consortium in the Republic of Azerbaijan
• How to establish Mobile ID infrastructure based on private-public-partnership (PPP) model? More
• Asan İmza (Mobile ID) – a technology needed for moving from e-government to m-government
• How Asan İmza functions – the complete description of the Mobile ID ecosystem in Azerbaijan
• Cases of use of Asan İmza – from e-services to cross-border digital signature platforms
Realizing Mobile Identity Solutions with GlobalPlatform Specifications Gil Bernabeu, Technical Director, GlobalPlatform, USA
• An overview of the mobile ID landscape, key use cases and enabling technologies More
• An insight into how GlobalPlatform Specifications can be leveraged to meet the mobile ID needs for a wide variety of markets such as government-to-government, government-to-citizen, enterprise, eHealth, financial and commercial
• An explanation of the key findings from GlobalPlatform’s mobile ID white paper
PANEL DEBATE: e-ID-services goes mobiles: lessons and perspectives
Delivering Secure Mobile Services
Mobile (smart) devices opened a new chapter for the security industry. This session will review the challenge posed to service providers and enterprises to ally security limitations within mobility with the users wish for usability.
Windows 10 Security Approach (title TBC) Janne Uusilehto, Head of Product Security & Privacy for Smart Devices, Microsoft
Mobile Security Technologies Revolutionize Consumer and Enterprise Applications Thierry Spanjaard, CEO & Principal, Smart Insights, France
• Mobile security: an issue More
• TEE: software vs. hardware, functionalities, threats, standardization, etc.
• TEE security applications: corporate security, content management,mobile payment, etc.
• Mobile forecast and market trends
Hookdroid –Dynamic Analysis of Android Applications on Real-World Devices Valerio Costamagna, PhD Student, University of Turin, Italy
• Android applications dynamic instrumentation on real-world devices More
• Supporting latest Android runtime (ART)
• Android application behaviour analysis and anomaly detection at runtime
Mobile Device Security
GlobalPlatform’s Secure Component and the Root of Trust Gil Bernabeu, Technical Director, GlobalPlatform, USA
Gil Bernabeu, Technical Director, GlobalPlatform, USA • Insight into the need for a root of trust in delivering secure mobile services. More
• Overview of the two secure components as defined by GlobalPlatform.
• Details of why a trusted certification and compliance program are needed to support the development of a scalable and interoperable ecosystem.
Trusted Execution Environment in a Virtual Machine Mike Borza, CTO, Elliptic Technologies, Canada
Mike Borza, CTO, Elliptic Technologies, Canada • Virtualizing the SoC architecture extends the usual notion of virtualization beyond the CPU More
• Virtualization at this level has implications at the lowest levels of the IC architecture
• Hardware virtualization allows enforcement of the separation between virtual machines
TAM for TEE – Trusted Application Delivery Chris Edwards, Chief Technology Officer, Intercede, UK
• Trusted Execution Environments offer significant security benefits" More
• TEE adoption has been held back until recently by the cost and complexity of deployment
• The Trusted Application lifecycle
• Practical experiences of deploying Trusted Applications via a cloud service
HINT’s Technologies for IC Authenticity & Integrity Checking Thomas Hübner, Security Projects Manager, Morpho, Germany
• Final results of European research initiative HINT More
• R&D on hardware integrity checks based on PUFs and Hardware Trojan detection
• Industry-driven use case scenarios on ID cards and PMR
• Presentation and evaluation of application prototypes
Security is a crucial issue for the contactless services adoption especially with sensitive services such as m-payment. From standards and regulation to Secure Element integrations, this session covers the elements of the security chain required to ensure end users' trust.
Comparative Analysis of Information Security in Contactless Transactions Matti Penttila, Senior Researcher, VTT Technical Research Centre of Finland
• Different use cases for contactless transactions give different requirements for security More
• What are the common features of different use cases and what are the differences?
• Privacy-related risks in these transactions
Mobile Transaction Security: What do you need to protect? Robert Fargier, Senior Consultant, ISTIUM, France - Jean-Luc Garnier, Senior Consultant, Knowbile Consulting, France
• Consumers love their smartphones but do not trust it, slowing down mobile services adoption More
• How can we build this trust and which techno do we have at hand to build it?
• Overview of the components that participate the global security fence into mobile devices.
• Value of the data we want to protect: do we need techno or education?
GlobalPlatform’s Value Proposition for mPOS Kevin Gillick, Executive Director, GlobalPlatform, USA
• Overview of the trusted execution environment (TEE) and the value of the TEE for enabling smartphones as MPOS devices. More
• Insight into the role of the trusted user interface in securing payment transactions.
• Snapshot of GlobalPlatform’s work in this area and details of upcoming developments.
End-to-End Security with NFC
Implications of HCE, SE and TEE-Based Security For Mobile Services Christian Damour, Security Business Line Manager, FIME, France
• NFC mobile ecosystem main security risks More
• Security implications for HCE, SE and TEE-based mobile services and market status
• A view to the future in mobile payment regarding security aspects
Providing Chip to Cloud Security to Fight Against Cloning and Gray Market Florent Renahy, Embedded Security Architect IoT, Inside Secure, France
• Provide an innovative and highly secure solution to the counterfeiting problems More
• This solution relies on cutting-edge technologies in the fields of both hardware and software
• The answer to such problems can be achieved by tight combination of relevant products
• The presentation will show different aspects of security, in chip and in mobile phone application
Using Secure Element in the Cloud From HCE-SE Open Platform Prof. Pascal Urien, Telecom ParisTech, France
• Host Card emulation is a promising technology, does it need an open model? We believe yes. More
• An open technology based on secure elements in the cloud and secure elements hosted in the mobile.
• RACS (Remote APDU Call Secure) is a core building block for this technology
• Open mobile software platform based on these concepts
Overcoming Standards Challenges
Security Tokens are still largely dominated by proprietary or not interoperable solutions and new domains like Big Data, Cloud and IoT added to the growing attention to the Privacy aspects are challenging Security experts in the industry and government. This session explores possible convergences among standards across different area of interest but even across different standards organization.
GlobalPlatform: Supporting the Development of a Global TEE Certification Program Gil Bernabeu, Technical Director, GlobalPlatform, USA
• The current mobile threat landscape and how it is evolving. More
• The importance of developing a stable and scalable TEE ecosystem and the benefits this brings to the industry.
• GlobalPlatform Trusted Execution Environment Protection Profile and the steps that association has undertaken to gain support from national certification bodies globally
The Path to Inter-Industry Standards for Utilizing Smart Card in Web Applications Olivier Potonniée, Senior Research Engineer, Gemalto, France
• Web applications using smart cards More
• Review of existing and ongoing standards
• Privacy aware security policies
Privacy and Mobile ID Certification (Title TBC) Dr. Gisela Meister, Head of Technology Consulting R&D, Standardisation Manager C-TO, Giesecke & Devrient
ID Management and Security: Standards convergence Salvatore Francomacaro, Information Technology Lab, Computer Security Division, NIST
• ISO: a national and international standardization collaboration More
• ISO standard and Global Platform Specifications
• Overview of the standardization effort in the ID Management and Privacy space effort
PANEL DEBATE: How Can End-to-End Security Benefit From (and Influence) Regional and International Standards?
Expected panellist include ETSI, ISO representatives
End of the Conference
INSTITUTIONAL FOUNDING PARTNER
PUBLIC LOCAL PARTNERS
CO-LOCATED WORLD SMART WEEK CONFERENCES:
for Connected Consumers
Driving growth through
Identity and Protection Services for Government, Mobility and Enterprise