2016 Program – Connect Security World 2017
Connect Security World - Embedding Trust in IoT Systems and Connected Hardware | Sept. 25-27, 2017 – Marseille, France

2016 Program

Download the program
PROGRAM AT A GLANCE
DAY 1 – Monday Sept. 26 Afternoon
CONNECT SECURITY World Innovation Live
PLENARY GRAND OPENING
SECURING GLOBALLY CONNECTED SOCIETY

2.00pm: EXHIBITION OPENING

DAY 2 – Tuesday Sept. 27
Track 1:
Technology Advances
Track 2:
Implementation & Ecosystem
Innovation Live
Rethinking Security Approach:
360° Views on IoT Security
Automotive Exhibition & Demos
Embedded:
New SoC Design
Privacy Engineering
Exhibition & Demos
AWARD CEREMONYGALA EVENING
DAY 3 – Wednesday Sept. 28
New Industry Models Exhibition & Demos, Business meetings
Embedded:
TEE & TPM for IoT Security
Exhibition & Demos, Business meetings

DAY 1 - Monday September 26 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

PLENARY OPENING
SECURING GLOBALLY CONNECTED SOCIETY
Chaired by Jon Shamah, Principal Consultant, EJ Consultants, UK
The Opening addresses transversal topics of the 3 Smart Security Week conferences: World e-ID & Cybersecurity, Connect Security World and Security Automation World.
INTRODUCTION
Day 1
26 Sep 2016
Jon Shamah

Introduction

PART 1: IoT Security
Day 1
26 Sep 2016
Art Swift

KEYNOTE What’s Wrong with IoT Security and How Can We Fix It?

  • Recent major life-threatening vulnerabilities discovered in IoT
  • Key commonalities in attack patterns
  • Hardware-based approach designed to overcome the IoT security challenges
    identified

INNOVATION LIVE

PART 2: Introducing Security Automation World
PANEL: “From breach prevention to acceptance:
defining a sustainable security strategy to protect data”

PART 3: Identity & Access
Keynote: Cognitive Access Management
PANEL: “Identity on the blockchain”
Day 1
26 Sep 2016
Raghu K Dev.

KEYNOTE Cognitive Access Management

Today’s dynamic nature of organizations contributes to complexity for monitoring and controlling access and identity cyber-risks. Solution: Apply continuous learning, reasoning and human interact-ability to Identity and Access management domain.

  • Apply machine learning and cognitive approach on identity and access data
  • Aim at providing risk aware identity analytics
  • Recommend peer reviewed analysis to reviewers, administrators and business executives.
Peter Went

KEYNOTE World Citizen Card, a ‘token’ and/or ‘blockchain’?

Mr. Went will present his holistic view on ‘identity’, from the why an identity, the impact of no identity, the right to an identity and the ‘foodchain’ of an identity. The latter is relevant in that there are layers of identity, from ‘simple’ breeder documents, to national ID documents to international (traveler) documents. Conventionally international (traveler) documents are physical documents like a passport, but ‘blockchain’ could be a consideration here.

Peter Went
Jon Shamah
John Erik Setsaas
Jim Dray
Raghu K Dev.

IDENTITY ON THE BLOCKCHAIN
PLENARY PANEL

Setup and moderated by Jim Dray, Senior Computer Scientist, Information Technology Laboratory, National Institute of Standards and Technology (NIST)

Blockchains have the potential to revolutionize business on the Internet and will undoubtedly impact the identity management world. However, the nature of this impact is not yet clear. This panel will explore the intersection of blockchain technology and identity management:

  • What capabilities does blockchain technology offer that can improve identity management?
  • What are the drawbacks of blockchain technology in the identity space?
  • Who is currently experimenting with identity on the blockchain?
  • What commercial offerings are available?
  • Are there opportunities for international collaboration?

INNOVATION LIVE
Welcome Cocktail

DAY 2 - Tuesday September 27

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition

Track 1: Technology Advances
Rethinking Overall Security Approach – Part 1:
360° Views on IoT Security
Session Chair: Eric Vetillard, Senior Security Architect, Prove & Run
Securing the IoT requires looking at the whole ecosystem, not just individual points and devices. From silicon to software and from platforms to management, this session’s insights give a 360° view on IoT security: the obstacles involved in securing (billions) IoT devices, concept ideas for implementing security in the Internet of Things, the latest vulnerabilities attacks patterns, the privacy issues…
Day 1
27 Sep 2016
Frédéric Sauvayre

What’s the Right Security for IoT?

  • Typical security threats in IoT
  • Potential countermeasures
  • Concept ideas for implementing security in the Internet of Things
Ciaran Bradley

Trust, Liability and Security – Considerations for a ‘Connected’ Future

  • The IoT ecosystem requires a new security architecture
  • Detecting threats at scale, using a combination of lightweight telemetry and anomaly detection to give early indicators of compromise
  • Liability is not yet defined, and needs to be a consideration in this new architecture
  • Unique visualisations and use-case scenarios to demonstrate real-world implications
Vincent Lefebvre

Levelling Up IoT Security by App Built-In Protection

  • MIL-Grade code security for both Java and native executables
  • Saturate the hacker (without saturating your platform)
  • Protect ANY code (yours and 3rd party integrated)
  • 0-friction with ANY existing security features (hardware and operating system).

Track 2: Implementation & Ecosystem
Automotive – Part 1
Session Chair: Ludovic Privat, Co-Founder, CROWDLOC – Founder, ConnecteDriver
Modern cars are one of the biggest cyber-threats of tomorrow as they increasingly embed computing platforms that are also connected to the outside world. Security infrastructures are required within the vehicle and from the vehicle to the backend infrastructures. This session will address the security challenges of the automotive industry that need to protect connected cars while keeping competitive cost and time-to-market.
Day 1
27 Sep 2016
Petros Efstathopoulos

KEYNOTE Building Comprehensive Security Into Cars

Herve Roche

How the Digital Security Technologies can be developed to enable Security and Privacy?

  • The IoT security threat, risk examples through the transport industry use case
  • The different solutions to secure the devices, including a Secure Element
  • How this Secure Element can be efficiently deployed in the IoT chain in a competitive manner
Dominique Bolignano

Remote Car attacks: the Problem and the Proposed Security Architecture

  • Current security issues and challenges of the IoT can be addressed using a few key security software components
  • Illustration with representative examples drawn mainly from the automotive car use case

Rethinking Overall Security Approach – Part 2
Session Chair: Eric Vetillard, Senior Security Architect, Prove & Run
Day 1
27 Sep 2016
Dr. Eric Vétillard

IoT Security: Transforming Simplicity into Trust?

  • There are some good news about IoT security: IoT devices are in most cases specialized for a very specific use, and this specialization can be exploited to simplify the security problems associated to the deployment of devices, mostly by minimizing the attack surface.
  • Examples from recently published attacks How classical security problems can be simplified to see in the context of IoT, both on devices and on the backend side, and how this simplification can enable the development of trusted devices.
  • Among the questions asked: How much network support do we need? How much crypto do we need? How can we transform simplicity into trust?
Dr. Eric Vétillard
Florian Pebay-Peyroula
Vincent Lefebvre
Ciaran Bradley
Corentin Boé

PANEL DEBATE: Mapping the New IoT Security Threats

Moderated by Eric Vétillard

Discussions over IoT security often remain stuck between the sensational “that big thing got broken” and the trivial “IoT security is a big issue”, but it often remains hard to see clearly where the problem is. This panel will look at the source of the security problem: threats. A threat analysis is often considered as the first step in the establishment of a sound security strategy. Here, the panellists will confront their respective threat analyses:
– What are their vision of the threats facing the IoT industry
– How do they mitigate these threats
– What are the strong trends emerging

Automotive – Part 2
Session Chair: Ludovic Privat, Co-Founder, CROWDLOC – Founder, ConnecteDriver
Day 1
27 Sep 2016
Jerome Dern

KEYNOTE Impacts of Cyber Security on vehicle development and life

  • Cars are highly attractive targets 
  • CS brings a lot of new risks for the automotive industry
  • CS impacts car development and the whole car life
  • CS and Safety are not the same!
  • Automotive industry needs norms to better address CS
Helmut Scherzer
Ingo Rudorff

Automotive Security Architecture is Different: the New Rules of the Game

  • How far are we from really secure cars?
  • Security issues and challenges of the automotive sector
  • Too many standards vs. few security standards
  • Combining performance and security
Ludovic Privat

PANEL DEBATE: The future of the connected car security

Moderated by Ludovic Privat, Co-Founder & Editor of GPS Business News

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

Embedded: New SoC Design
Session Chair: Eric Vetillard, Senior Security Architect, Prove & Run
Silicon market has to change to effectively address security in future IoT devices. Review of the new architectures for next generation SOCs and secure IP.
Day 1
27 Sep 2016
David Bak

KEYNOTE PUF for the Highest Security

  • Introduction of the classical PUF (Physical Unclonable PUF) and why they could not succeed for the mass production & commercialization
  • The innovative ICTK’s VIA PUF introduction
  • Use cases for VIA PUF for the higher security
  • Design philosophy of VIA PUF to meet the highest degree of repeatability and randomness without any error correction circuit
  • Design concept to achieve low cost and easy volume production
Mike Borza

Securing IoT Systems with a Root of Trust

Mikael Dubreucq

Reinventing the Security Architecture for Next-Generation SOCs

  • Selecting the appropriate level of security and security certification for IoT devices
  • Limiting the impacts on power consumption, performance and cost
  • Tools to manage and provision the security during the entire device life cycle

Privacy Engineering
Session Chair: Gil Bernabeu, Technical Director, GlobalPlatform
Trust in devices and systems is paramount to IoT success. This trust relies on not only data security but also on privacy in both the cyber and physical worlds. Applying the security principle of ‘Privacy by Design’ is a key IoT security challenge for companies engaged in the IoT space.
Day 1
27 Sep 2016
Michelle Dennedy
Sagi Leizerov

KEYNOTE Privacy Engineering and the IoT

  • How to build privacy engineering into the R&D process for IoT
  • How to build effective privacy programs in a global IoT company
  • How to define the IoT challenge in a fashion that is conducive for identifying solutions
Janne Uusilehto

Privacy in the Era of Cloud Computing (Title TBC)

PANEL DEBATE: How to Design the Internet of Things for Privacy?

Protecting the data with adequate security means also protecting the privacy of customers, citizens, friends…With billions connected smart objects comes the creation of massive data collection from which personal information could be derived from for various unwanted purposes.
– How to build privacy engineering into the R&D process for IoT?
– What are the appropriate frameworks and standards for IoT developers and implementers in IoT enabled companies?
– How to ensure the user’s awareness and control of privacy risks?

IoT Networks Security
Session Chair: Eric Vetillard, Senior Security Architect, Prove & Run
5G, LPWAN and other new IoT network technologies enable new possibilities for a connected world but have their own constraints in terms of security implementation. M2M/IoT operators need to become experts in Cybersecurity to ensure that network devices and services meet the data security needs of their clients from device to core network.
Day 1
28 Sep 2016
Dr. Stephan Spitz

Narrow Band IoT Security IoT Use Cases

  • IoT landscape from a connectivity and security point of view
  • Advantages and characteristics of LPWAN IoT solutions in the Narrow Band
  • Security demands of Narrow Band IoT for smart metering, goods and asset tracking, smart cities
  • End-2-end security identity management and OTA (Over-the-Air management) with IoT devices

Coffee & Refreshments Break – Networking – Exhibition

Maurice (Mo) Cashman

KEYNOTE Hyper-Connected Future – 5G Security

  • Security challenges from a large number of connected devices
  • Security challenges from increased data transfer speeds
  • More severe consequences of security breaches due to the nature of technology enabled by 5G
David Dufour

The Architecture of a Secure IoT Gateway: A Technical Deep Dive

  • The inner workings of IoT Gateways: SSL Decryption, DPI, Policy Management
  • How Cyber Threat Intelligence can be applied to IoT Gateways
  • How technology such as Separation Kernels can be applied to Gateways
Larry LeBlanc

Secure Device-to-Cloud Architecture for IoT

  • IoT Security challenges compared to “typical” enterprise security
  • End-2-End encryption
  • How secure device-to-cloud architecture helps Device authentication, Access control, Layered encryption, Advanced network intelligence
  • Supporting services: Credential management, Software upgrade, Threat tintelligence
Florian Pebay-Peyroula

Ephemeral: Lightweight Pseudonyms for 6LowPAN Mac Addresses

  • Privacy issues in 6LoWPAN WSN
  • SLAAC and IPv6 privacy leaks
  • Tunnel-like mode for constrained network
  • Introduction of Ephemeral: novel scheme for preserving privacy in constrained networks

Smart City & Smart Home
Session Chair: Gil Bernabeu, Technical Director, GlobalPlatform
Connected Homes and Cities are full of promises to make our lives easier. While consumers are not yet fully embracing them, while cyberthreats are rising, trust and security become even more crucial to success. This session will explore through insights and concrete case studies how to address security in Smart City and Smart Home environments.
Day 1
27 Sep 2016
Régis Hourdouillie

KEYNOTE Will IoT Platform Enable IT and OT Security Convergence?

  • IoT solutions are already widely used in Energy & Utilities use cases
  • IoT solutions are great platforms for Smart Cities as they can easily integrate many silo applications
  • IoT Security is one major concern – example in the energy sector (OT security, meter data privacy etc.)
  • Hints for OT and IT security convergence

Security of IoT Data from Connected Objects in our Homes (provisional title)

Speaker from Safran Identity & Security (name tbc)
Sebastien Dudek

Intercoms Hacking: Call the Front Door and Install Your Back Door

  • Intercoms security
  • Break into buildings and houses protected by recent intercoms
  • Spy on building entries remotely
  • Installing backdoors on intercoms remotely

Cashless Payment & Ticketing
Session Chair: Gil Bernabeu, Technical Director, GlobalPlatform
Day 1
27 Sep 2016
Thierry Crespo

The New Way to Pay and Play! Using Wearable for Payment and Consumer Application in a Secure Manner!

In a rapidly evolving world where contactless cards are ubiquitous and most wearables need to be fun, connected and trendy, payment is a new way to play.
Device manufacturers and banking service providers are increasingly faced with challenges to offer payment services that ensure security and flexibility as well as a fast time to market at little cost.
After a brief overview of the market and actors, we will analyze the necessary technological bricks and their availability to help developers find the quickest route to mass deployment of secure wearable solutions.

Silvana Pintão

Smart Ticketing on the Path of Dematerialization

  • Smart ticketing: drivers, benefits and issues
  • The value chain, stakeholders and their business models
  • Ticketing solutions: magnetic, contactless, mobile and open loop
  • The future: account-based ticketing solutions

DAY 3 - Wednesday September 28

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

Embedded: SIM & eUICC for IoT Security
Session Chair: Dean Bubley, Director, Disruptive Analysis
The device is the weak point of the security chain and the easy path for hackers to enter into the network. This session reviews the key hardware-based approaches and scenarios to secure IoT Devices.
Day 1
27 Sep 2016
Patrick Biget

Will embedded UICC (EUICC) replace SIM CARDS?

  • The IoT/M2M use cases addressed by the eUICC and SIM/USIM technologies
  • The benefits of the eUICC technology both from a technical and business angle
  • Multi-IMSI SIM cards are still a solution of choice for a number of IoT use cases
Pr. Pascal Urien

COAP Secure Elements: Use Cases for the IoT

  • Using Constrained Application Protocol (CoAP) DTLS/TLS client/servers embedded in secure elements
  • The three benefits of secure elements in an IoT context
  • Some server/client objects controlled by trusted service providers need secure elements
Cesare Garlati

Examining the Critical Security Challenges of Embedded Computing and Proposals for a New Approach

  • The key flaws undermining security in embedded systems
  • Hardware-based solution based on open source and interoperable standards, SoC virtualization and security through separation.
  • How the IoT’s fundamental security flaws can be mitigated

New Industry Models – Part 1
Session Chair: Jean-Paul Thomasson, Security Expert, Strategies Telecoms & Multimedia
Bringing trust in the IoT entails new ways of providing security at ecosystem level. The security industry and other IoT stakeholders are defining new standards, changing the mobile security ownership to enhance IoT service and ultimately minimize deployment and operating cost. This session in two parts will decrypt this new industry landscape and its evolution scenarios.
Day 1
28 Sep 2016
François Ennesser

How Standards Can Help Securing the Internet of Things?

  • IoT security threats easily go unnoticed and may directly affect our safety
  • Proper security solution depends on each application and implies proper Risk Assessment
  • Common IoT security challenges can be identified and proper solutions can be designed
  • Open standards minimize deployment and operating cost for secure and efficient IoT services

IoT Security Guidelines (provisional title)

Speaker from Safran Identity & Security (name tbc)
Thierry Spanjaard

Changing the Security Ownership with Embedded Solutions

  • Security needs of connected devices
  • Drivers for the introduction of more flexible security solutions
  • The move from detachable hardware to embedded software
  • New security ownership models driven by the introduction of embedded solutions

Embedded: TEE & TPM for IoT Security
Session Chair: Dean Bubley, Director, Disruptive Analysis
Day 1
27 Sep 2016
Andreas Steffen

TPM-BASED Mutual Attestation of IoT Devices

  • Use of a hardware TPM on an embedded device (Raspberry Pi)
  • Use of the Trusted Network Connect RFCs 5792/5793/6876 /7171 for attestation
  • Novel mode of the RFC 5793 Posture Broker Protocol enabling mutual measurements
  • Use of ISO/IEC 19770-2:2015 SWID tags for software version control
Gil Bernabeu

GlobalPlatform’s Proposition to Provide Security for the Internet-of-Things

  • Privacy and security concerns in the internet of things (IoT) market
  • Principles necessary for the IoT to be successful
  • How GlobalPlatform Specifications, when properly leveraged, address these security and privacy concerns
Denis Farison

Security in Smartworld: How to Protect your Data in a Connected World?

Every day, the world is becoming “smarter”: more data related to us, our health, our environment, and our way of life are measured and recorded with and without our consent.
These data are analyzed in real time and artificial intelligence systems use this information to make automatic decisions including critical ones.
Ensuring the authenticity and privacy of these data becomes crucial in all activities. Security policies are no longer an option; they are a must!
Secure elements such as STSAFE are part of the solution to ensure your devices are authenticated and your services remain robust against attack and safeguard your privacy.

Paul Wilson

A Robust & Flexible O/S for Securing IoT Devices

  • An alternative secure operating-system standard for devices
  • Secure application provisioning without the need for symmetric key sharing
  • Building secure IoT devices does not have to involve huge investments in infrastructure
  • True whole-life device security

New Industry Models – Part 2
Towards an IoT Security Industry
Session Chair: Jean-Paul Thomasson, Security Expert, Strategies Telecoms & Multimedia
Day 1
28 Sep 2016
Asaf Ashkenazi

Breaking the IoT Security Cost Barrier

  • The cost challenge of adding security to consumer electronic IoT devices
  • New technological approach to cost effective IoT security
  • New economic models to ensure security throughout IoT device lifecycle
Tzvika Zaiffer

Monetize the IoT: Bringing ROI and IP security to the IoT

  • The technology evolution that created the IoT
  • How to monetize in this connected environment
  • Various monetization models

PANEL DEBATE: The cost of security: what are the new economic models to ensure security throughout IoT device lifecycle?

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

Strong Authentication for IoT
Session Chair: Laurent Sourgen, Director – Strategic R&D programs, MMS Group, STMicroelectronics
How to combine simplicity of single-factor authentication with security of multi-factor authentication?
Day 1
28 Sep 2016
Gustavo Tanoni

Bootstrapping Security – the Key to Internet of Things Authentication and Data Integrity

  • The Challenge to provide authentication to billions of devices
  • How to do end –to‐end encryption from sensor to enterprise software in a scalable way for billions of devices
  • Extending the reach of cellular networks to the IoT, for authentication and data confidentiality
Dan Butnaru

The Internet of Identity – What federates IoT?

  • IoT is not one single market, but many different ones.
  • Security needs for different IoT segments (Transport, eHealth, Industry 4.0, etc.) are depicted.
  • Identity and Privacy are the common denominator of all IoT security needs.
  • The contribution explains the security schemes that are or will be adopted in the near future
Sridhar Bhupathiraju
Darmawan Suwirya

Seamless Online Authentication using Bluetooth Devices in Proximity

Speaker: Sridhar Bhupathiraju

  • Hardware tokens deliver strong multi-factor authentication, but are hard to deploy.
  • Offer simplicity of single-factor authentication, but security of multi-factor authentication.
  • No need to distribute dedicated hardware tokens, use any existing Bluetooth device.
  • The second factor based on device that user picks, not the one enforced by service provider.
End of the conference