2017 Program – Connect Security World 2017
Connect Security World - Embedding Trust in IoT Systems and Connected Hardware | Sept. 25-27, 2017 – Marseille, France

2017 Program

DAY 1 - Monday September 25 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

Cooperative Cybersecurity for our Connected World
Chaired by: Jon Shamah, Chair of EEMA ; Principal Consultant, EJ Consultants, UK

Common to the co-located conferences forming Smart Security Week, the Grand Opening will give a global view of public and private Cybersecurity initiatives to forge a united response to cyber threats, from policies and regulations to PPP, from industry solutions to best practices. The European Union’s responses to cyber threats has paved the way to cooperative cybersecurity between Member States with the NIS Directive, cPPP, IoT “Trust Label”, Privacy, GDPR, eIDAS and a renewed cybersecurity framework in preparation. On the other side of the Atlantic, the US NIST’s Framework also aims to the convergence of cybersecurity responses. The recent development of these initiatives, and others from around the globe, will be presented and discussed in the first part of the Opening. The second part will focus on private sector cybersecurity responses with focuses on Digital Identity management and IoT security challenges.

Day 1
25 Sep 2017
Jon Shamah

Introduction: Keeping Safe in a Digitally Connected World

Part 1 – Large Scale Cybersecurity Initiatives Worldwide
Day 1
25 Sep 2017
Alar Streimann

Securing the Digital Society: e-Estonia Lessons

Slawomir Górniak

Cybersecurity Strategies in the EU

● Policies for cooperation at EU level: Cooperation and protection of infrastructure, Crisis management
● Emerging EU policy areas
● Strategies: Cooperation, Preparedness, Certification

James Clarke

Accelerating EU-US Dialogue in Cybersecurity and Privacy

● H2020 EU project AEGIS presentation: stimulating cooperation around cybersecurity
● EU-US Cybersecurity reflection on Research and Innovation
● EU-US Cybersecurity reflection on policy and legislation challenges in cybersecurity and privacy

Donna Dodson

US NIST Cybersecurity Framework 1.1: Achievements & Road Ahead (Title TBD)

Donna Dodson
James Clarke
Andrew Churchill
Claudio Caimi

PANEL DISCUSSION: Transatlantic Cybersecurity Cooperation: Forging an United Response to Universal Cyber Threats

Part 2 – Preparing to Cyber Attacks: Security Industry Responses to Protect Data, Assets and People
Day 1
25 Sep 2017
Helmut Scherzer

Reload the Responsible Internet Citizen

• Personal Identity Card with free Digital Signature
• Signature for Internet Communication
• Wiki-Reality
• Name the ‘dark side’ of the power
• Privacy Initiative
• Back to the responsible Citizen
• Reality Check

Dr. Detlef Houdeau

ECIL recommendations to EU Commission

European Cyber Security Leaders (ECIL): harmonization replace fragmentation, NIS2.0 should follow NIS, rapide action force is indicated, incentive for private actors to participate on security information sharing, recommendations for asset protection of SMEs in EEA, security algo based on guidelines from EU, staged security and mutual acceptance is needed, backdoor for illegal use must be prevented, EU regulatory sandboxing is recommended, new cyber security innovation via economic incentives.

Raghu K Dev

Cognitive Security and Threat Intelligence (Title TBD)

Patrice Slupowski

Future of Identity for a Global Connected World

• Life is becoming more digital so crime is following the trend
• With 15 connected objects for each user are we going to be physically hacked and harassed by things?
• Passwords are dead and new tools are absolutely required
• Privacy will become absolutely essential to protect our digital patrimony

Alain Ducass
Patrice Slupowski
Mohammed Murad
Michiel Loeff

PANEL DISCUSSION – Next Massive Attacks of Biometric Databases: Are We Ready?

Smart Security Week Innovation Live
2.00pm: Exhibition Opening

DAY 2 - Tuesday September 26

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition

Track 1: Technology Advances
IoT Networks:
Security Architectures to Address Future Attacks
Session Chair: Gil Bernabeu, Technical Director, GlobalPlatform
Day 1
26 Sep 2017
Ana-Maria Fimin

KEYNOTE European Commission Action Plan on Securing the Internet of Things

Raimo Kantola

Cooperative Security for the Internet and 5G

• New experimental security architecture for the Internet and 5G
• Replacing NATs with Customer Edge Switches
• Manage all flows with policy so that all network security functions are on network edge
• Detection and sharing of security intelligence is ubiquitous in trust domains

Jakob Buron
Smart Home

Securing the IoT for the Smart Home (Title TBC)

• Security threats to the IoT devices
• Protocols to prevent hacks to IoT systems beyond the device level
• Smart home market adoption in-line with consumer confidence in device security

Mikael Dautrey

Working around the Security Versus Privacy Dilemna

• Internet traffic has massively shifted to ciphered (SSL) protocol
• Unciphering the internet traffic to filter it raises many concerns (privacy, security…)
• A different approach that combines both trust verification and traffic pattern analysis to avoid SSL gateways
• Modest evolutions of proxy protocols that may facilitate this nondeciphering traffic analysis approach

Dr. Stephan Spitz

Security Challenges with (Narrow Band) IoT

• IoT security requires a holistic approach with special attention on the endpoints
• LPWAN IoT, especially NB IoT, have special challenges regarding endpoint security
• SIM technologies seem a good fit for solving endpoint security, but modifications are required

Track 2: Implementation & Standards
IoT Cybersecurity:
From Common Principles to Standards
(Jointly with Security Automation World)
Session Chair: Dr. Gisela Meister, Head of Technology Consulting R&D, Standardisation Manager C-TO, Giesecke+Devrient, Germany
Day 1
26 Sep 2017
Dr. Gisela Meister

Cybersecurity Standards Challenges – Are the current standards ready to meet the EU regulations?

• Cybersecurity – Terms and Definitions
• Cybersecurity Strategy of the EU/E U Regulations and Action Plan
• Current international and European Standardisation Activities
• Challenges and Outlook

Francois Ennesser

IoT Security, a New Dimension for Cybersecurity

• oneM2M and IoT common requirements behind the diversity
• ICT driven “IoT 1.0” deployments: Privacy as a main driver for security
• Industry driven “IoT 2.0” deployments: Safety as the driver for security
• Combining physical world “real things” safety considerations with dynamic software based “cyber world” security approach

Salvatore Francomacaro

Cybersecurity Standardization effort for IoT and Mobile ID

• Security and Privacy in the Identity space
• Current IoT standardization efforts
• Blockchain encounters the ISO world
• Mobile ID and Driver License: the future of the eID

Naum Spaseski

Testing Security in oneM2M

• Standardized security in oneM2M
• Testing approach
• Conformance testing of security aspect

Securing the IoT for the Entreprise (Part I)
(Jointly with Security Automation World)
Session Chair: Dr. Gisela Meister, Head of Technology Consulting R&D, Standardisation Manager C-TO, Giesecke+Devrient, Germany
Day 1
26 Sep 2017
Janne Uusilehto

KEYNOTE How do I secure my IoT solution?

In this session, we’ll discuss IoT security as a global phenomenon and cover some of its specific characteristics. Particular focus will be on what steps industry players can take when building IoT solutions and how Microsoft Azure can help make their IoT businesses more successful. Additional topics will include relevant IoT security standards, certifications, identifying key players in IoT end-to-end systems, and what kinds of help are available for businesses interested in building robust IoT solutions on a global scale.

Martin Wimmer

Blueprints for Industrial IoT Security

• Industrial IoT (IIoT) and Operational Technology (OT) provide distributed systems. Distributed system security has a long history.
• Well-known security mechanisms address other domains e.g. Web applications accessed by humans.
• IIoT and OT demand new as well as adopted security mechanisms/solutions
• No single, one-fits-all solution for IIoT/OT security will emerge but there can be common blueprints

Sylvain Barbeau

Product Security in Complex System Engineering

• Most of security concepts and regulation come from IT world. Challenge: transpose to flight ready industrial objects,
• Novelty : apply security concepts and technologies to entire system engineering,
• Interest : “inject” complex system engineering process with security, return of experience

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

Scaling Embedded Security Technologies for the IoT
Session Chair: Jean-Paul Thomasson, Security Expert, Strategies Telecoms & Multimedia
Day 1
26 Sep 2017
Derek Atkins

A Lightweight, Quantum-Resistant IoT Authentication Solution

• How to add public-key authentication services into constrained devices
• Small code size, fast-running, quantum-resistant public-key authentication for IoT
• The interesting (and different) math that is the foundation of these techniques
• How to incorporate low-resource cryptography into your own IoT devices

Ullrich Martini

How to Personalize an Embedded Secure Element

• Scalable deployment of secure elements
• Scripted installation and personalization using public key cryptography
• Ecosystem and life cycle of secure IoT device
• Standardization necessity

David Bak

The Innovative IOT Security Solution, VIA PUF

• Importance of endpoint security in IoT
• Security for Closed & open IoT platforms
• Software vs. hardware security
• PUF based hardware security

Olivier Rouit
Pascal Courrier

Verifiable Identity Based Encryption (VIBE): a new-age crypto for new-age security problems

• Everything IBE is new again. Why? It’s now VERIFIABLE IBE. It authenticates. It scales. Discover the difference.
• A new asymmetric encryption technology that simplifies security implementation
• What are VIBE benefits in an IoT application

ARMOUR Workshop
Enabling Security & Trust in the large-scale IoT

The EU project ARMOUR addresses Security and Trust issues on Internet of Things by providing duly tested, benchmarked and certified Security & Trust technological solutions for large-scale IoT
The workshop will gather its partners and IoT security stakeholders around its latest achievements and upcoming challenges.
ARMOUR 3 main goals:
• Enhancing FIRE (Future Internet Research and Experimentation) testbeds with an experimentation toolbox enabling large-scale IoT Security & Trust experiments
• Delivering methods and technologies for enabling Security & Trust in the large-scale IoT
• Defining a framework to support the design of Secure & Trusted IoT applications as well as establishing a certification scheme for setting confidence on Security & Trust IoT solutions
Day 1
26 Sep 2017
Franck le Gall

ARMOUR Project Presentation

• Presentation “large scale expreiments on IoT Trust and security” project
• The 7 experiments
• The vulnerabilities to address

Patrick Guillemin

Status IoT Trust and Security Discussion from AIOTI (Alliance for IoT Innovation)

• Alliance for IoT Innovation (AIOTI) quick presentation
• The activities of the working groups addressing security (WG3 & WG4)
• Status of activities and needs on security

Antonio Skarmeta

Towards a methodology for IoT benchmarking & labelling in IoT Security

This presentation will focus on
• the current status of labelling
• the approach in ARMOUR including benchmarking
• towards an EU-wide labelling adoption

Abbas Ahmad

Test Approaches using Model based Testing-Demo

• Presentation of the architecture of the demo
• Presentation of the two testing scenarios
• Presentation of the benchmarking tool

Franck le Gall

Q&A: Do we need Trust & Security Label

Securing the IoT for the Entreprise (Part II)
Session Chair: Janne Uusilehto, Senior Program Manager, International Compliance, Global Ecosystems US, Microsoft; Advisory Board Member, Oxford University, Centre for Doctoral Training in Cybersecurity
Day 1
26 Sep 2017
Haydn Povey

KEYNOTE Delivering Real World IoT Security Across the Enterprise

• Industry best practices need to be applied within devices and enterprise solutions to enable the tools to manage when thing go wrong; to assume that compromises will happen; and to regain control and fix the systems in the aftermath of attacks
• Advanced frameworks for device ownership and provisioning advanced frameworks for device ownership and provisioning
• How it is possible to manufacture solutions that are fit for purpose across their entire lifecycles

Richard Stamvik
Mark Lambe

Stories from the Edge: Securely Connecting Your Low Power IoT Devices from the Edge to the Cloud

• Challenges and requirements around protecting industrial IoT devices and data from the edge to the cloud
• A security framework for industrial IoT applications
• Case studies and practical steps to secure industrial IoT sensors and actuators using low power wide area and cellular radio technologies; controlling network elements; and managing data

Andrea Chiappetta

Critical Infrastructure Protection: Beyond the Hybrid Port and Airport Firmware Security

• Critical Infrastructure Protection in the field of Transports
• Unsecure firmwares linked to SCADA systems threaten the infrastructure protection
• Hybrid Port and Airport Firmware Security
• Case study on the vulnerability of IP CAMERAS

Christian Damour

The Mobile Payments Security Puzzle – Finding the Right Pieces

• How to limit mobile payment risks?
• Authenticate your customer
• Improve mobile payment security
• Mitigate payment fra

Marcus Klische

Connected Cars and IoT Security: Lessons learned from Smartphone Evolution

• Security starts with the Product strategy: Secure Lifecycle plan, Best OS selection, Update strategy (Patches, OS-Updates, 3rd Party updates)
• From HW/SW Development: Secure System Architecture, Secure Coding
• Secure Supply Chain: Protect the product manufacturing from Semiconductor, via OS to updates

Haydn Povey

IoT Security Foundation – Delivering Best Practices for IoT Security

• Best practice guidelines the IoSTF have developed
• Need for support across the industry
• Governmental and international leadership for the secure internet of things

Martin Wimmer
Janne Uusilehto
Haydn Povey
Marcus Klische
Gil Bernabeu
Sylvain Barbeau

PANEL DEBATE: Security challenges of today’s enterprise IoT deployments

DAY 3 - Wednesday September 27

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

Endpoint Security for IoT Devices: SE Approach
Session Chair: Jean-Paul Thomasson, Security Expert, Strategies Telecoms & Multimedia
Day 1
27 Sep 2017
Dr. Eric Vétillard

A High-Resilience Platform for IoT

• Resilience, the ability to recover from an attack, an essential property
• Device authenticity and updatability are key for resilience
• High resilience can be achieved using a TEE and a formally proven isolation kernel
• Resilience is a key aspect for potential IoT security standardization

Gil Bernabeu

Securing the IoT Landscape

• The different levels of security that are required for the IoT world.
• Why a common understanding is required of what can be done in IoT devices from sensors to NFV platforms.
• Overview of the different security services and solutions that are required to deploy a range of services in the IoT world

Endpoint Security Ecosystem
Day 1
27 Sep 2017
Thierry Spanjaard

Security Solutions to Expand Smart IoT Markets

• Internet of Things (IoT) security trends, drivers and challenges
• IoT security solutions: software, hybrid and hardware
• Standardization and interoperability
• IoT security market trends

Jacques Fournier

Short & Long Term Research Agenda for IoT Security

Bernard Vian
Dr. Eric Vétillard
Richard Stamvik
David Bak

PANEL DEBATE: The Economics of IoT Security

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 4.30pm: Break-out Sessions

IoT Security: Trusted ID & Certification
(Jointly with Worlde-ID & Cybersecurity)
Session Chair: Dr. Detlef Houdeau, Senior Director of Business Development, Identification Market, Infineon; Member of Silicon Trust, Eurosmart and BITKOM
Day 1
27 Sep 2017
Scott Choi

New Biometrics based authentication for IoT/Mobile Services in Korea

Jan Rochat

Blurred Boundaries in Physical and Logical Security

● Why boundaries are blurring? / Effect of Internet of Things
● Data collection; Security & Value vs. Privacy
● Governance, Privacy & Security by Design
● End to End Secure ecosystem / Securing physical & logical security
● Continuous trust by adding identity assurance

Ernst Bovelander

Security and Trustworthiness in Connected Devices

● Trustworthiness in critical connected IoT devise, e.g medical devices
● Focused on a practical approach to establish assurance through third party evaluation
● What can we learn from different sectors, e.g. payment industry
● Next steps towards successful certification

Philippe Cousin

Trust IoT Labelling

• Suitable duly tested solutions needed to cope with IoT security, privacy and safety
• challenge in current security certification scheme
• Need for new European certification-labelling scheme for IoT-Trust IoT labelling
• need for automated and formal approach to testing: the model based testing

Bernard Vian

IoT Security through Digital Identity and Reliable Root of Trust

• How can data collected by sensors and edges devices be trusted to be used in IoT application (back-end servers)
• How can devices remain under the controlled of authorized authorities (and not hackers)
• How can stake holders can be protected against attacks (DDoS, men in the middle…)
• A solution through Digital Identity and reliable Root of Trust based on PKI technology

Dr. Detlef Houdeau
Ana-Maria Fimin

PANEL DEBATE: Secure Labelling of Connected Devices: Where does EU Stand, Challenges and Road Ahead

Digital ID for Next Gen Online Services
Day 1
27 Sep 2017
Frederic Reboulleau
Donal Mc Guinness
Cedric Damico
Mikael Breton
Atreedev Banerjee

PANEL DEBATE: Digital ID for Next Gen Online Services

End of the conference