Program – Connect Security World 2018
Connect Security World - Embedding Trust in IoT Systems and Connected Hardware | September 24-26, 2018 – Marseille, France


DAY 1 - Monday September 24 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

Connecting the World with the New Privacy Reality
Heaven or Hell?
Chaired by: Jon Shamah, Chair of EEMA ; Principal Consultant, EJ Consultants, UK

Common to the co-located conferences forming Smart Security Week, the Grand Opening will be addressing the global move to put the consumer and citizen back in control of their data at multiple levels (citizen ID, customer ID, IoT devices ID, social network ID etc.).

This non-technical plenary session will explore both the latest privacy and data protection initiatives –policies, regulations, standards…– and their related societal and economic challenges.

On stage, several keynotes from high-level representatives of the EU, US, international organizations and other countries, as well as private sector representatives.

Day 1
24 Sep 2018
Jon Shamah

The New Privacy Reality

Part 1 – The Impact on Service Providers
Day 1
24 Sep 2018
Orlando Scott-Cowley

Enhancing Privacy and Compliance in the Cloud with AWS

● Service providers perspective of helping customers deliver privacy and compliance in the cloud
● The mechanisms AWS offers its customers to help with their compliance programs and the GDPR

Dr. Detlef Houdeau

Progress report of European Cybersecurity Industry Leadership (ECIL) recommendation to EC

● Digital Sovereignty- as answer to the behavior of China and US
● Security Certification (in reflection of the Cybersecurity Act)
● Role of ENISA
● Further Harmonization in EEA
● Incident Shaping and Reporting
● Encryption – cooperation with law enforcement

PANEL: Is it the end of the information-based “mega $ corporate”?

While some IT companies are arguing that the very concept of privacy is dead in a digital world, public authorities are pushing new regulations to protect customers and citizens. Privacy enhancing techniques enable new data monetizationbusiness models while ensuring compliance to various data protection legislations.
- Can information based corporations survive with the new legislations?
- What responsibility will they gain or lose?
- What sort of business models?
- What models are emerging for blockchain identity management?
- Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
- Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
- It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
- How do blockchains impact privacy?
- Will standards in this area help? If so, what standards are needed?
Martin Claich, Privacy Solution Consultant, OneTrust, UK
Mark Lizar, CEO & Founder, Open Consent, UK
Jon Shamah, Chair of EEMA
Martin Claich
Mark Lizar
Jon Shamah

Part 2 – The Impact on the Citizen and Digital Society
Day 1
24 Sep 2018
Slawomir Górniak

EU Cybersecurity Act (Title TBC)

PANEL: The eternal debate – privacy or security? CCTV, Cyberwars, Politics and GDPR

- What more can we do to protect the citizens and society from direct cyberthreats?
- How can we reduce the impact of privacy invading techs such as CCTV and cross-domain communications?
- How can governments maintain privacy while improving efficiency?
- What models are emerging for blockchain identity management?
- Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
- Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
- It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
- How do blockchains impact privacy?
- Will standards in this area help? If so, what standards are needed?
Slawomir Górniak, Expert, Security Tools and Architecture Section, ENISA
Didier Serra, EVP, Sales & Marketing, SecureKey, Canada
Jon Shamah, Chair of EEMA
Oliver Väärtnõu, CEO, Cybernetica, Estonia
Slawomir Górniak
Didier Serra
Jon Shamah
Oliver Väärtnõu

Smart Security Week Innovation Live
2.00pm: Exhibition Opening

DAY 2 - Tuesday September 25

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition

360° Views on IoT Security
Day 1
25 Sep 2018
Asaf Ashkenazi

Keeping IoT Secure: Preempting Emerging Cyber Attacks of Tomorrow

• Emerging security challenges, such as compromised IoT devices or malicious actors attempting to manipulate the flow of information
• Three step approach for IoT Security that can be easily implemented, maintained and upgraded
• Turnkey device to cloud solution

Telemaco Melia

IoT Security Foundations for Long-Term ROI

• IoT Security requires a variety of approaches to be successful
• IoT Security is also not a “one and done” approach, it requires active, long-term security lifecycle management
• Holistic approach to IoT security that includes security design and evaluation, a robustsecurity technology foundation and an ongoing security lifecycle management approach to protect IoT investments

Dr. Eric Vétillard

Different Paths to Security Certification for IoT

• IoT certification to provide some assurance that a product’s security is sufficient starts from a blank page, with limited incentives, no dedicated schemes, and a large number of high-level recommendations that are in many cases quite useless in practice.
• Review of some incentives, including regulation with the EU Cybersecurity Act and its limitations, business requirements with the Charter of Trust
• Guidelines and assessment packages, like the one provided by the IoT Security Foundation, and to standards like IEC62443
• Approaches for building certification of complex products and services, such as ECSO’s proposed meta-scheme

Salvatore Francomacaro

IoT Standards efforts (Title TBC)

Embedded Security Frameworks Advances
Day 1
25 Sep 2018
Gil Bernabeu

Embedding Trust in IoT Systems and Connected Hardware

• Today’s digital IoT landscape and the challenges it faces due to the level of new players, devices and cloud platforms.
• The roles service providers, IoT device makers and cloud platform providers need to play for the IoT landscape to reach its full potential
• Why GlobalPlatform is calling on industry stakeholders to collaborate on their efforts to secure the IoT ecosystem

Stéphane Di Vito

Software Isolation Solution Protects IoT Devices

• Lightweight Software Security solution for internet-facing embedded devices
• Lightweight OTA secure firmware update
• Increased reliability, security and maintainability of embedded software
• Limited impact on memory footprint and performances

Dr. Eric Vétillard

The Root of Trust as Abstraction for Device Security

• Overcoming the discrepancy between the technical complexity of the devices and their security features and the technical expertise of the connected device developer
• Using the notion of Root of Trust as abstraction of the security features
• Extending the Root of Trust to the notion of IoT Platform,
• How this layered approach allows us to organize a security supply chain with a clear definition of responsibility between stakeholders, enabling efficient development and certification for connected devices.

IoT in the Entreprise: Best Practices
Day 1
25 Sep 2018
Piotr Ciepiela

Title TBC

Caleb Crable

“I Social-Engineered a Screwdriver”

• Physical security a major problem, but physical security awareness is even bigger
• The typical employer/employee security awareness relationship is a quarterly “date night” at maximum.
• The mere physical presence of employees in an office means instant firewall bypass
• Empowering your headcount with security knowledge tailored to their level of understanding is some of the most important training an organization can provide

Mona Mustapha

Is your IoT Solution Secure End-to-End?

• IoT customers are often unsure of the security measures implemented for their solution
• GSMA developed a free-to-use IoT security assessment scheme
• The scheme can help expose weak links in IoT solutions
• The scheme can also be used to measure the security of IoT services

Martin Claich

Operationalise Accountability and Privacy by Design: What to Automate in Your Privacy Programme

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

Home & Consumer IoT Devices Security
Day 1
25 Sep 2018
Dr. Stephan Spitz

Minimal Security Requirements for Home IoT Devices- Is a Standard possible for Europe?

• Standardisation  activities in Germany on Home  IoT Devices
• Regulatory aspects
• Certification  issues and labelling for IoT devices

Lars Lydersen

Security of the Context-Aware IoT

• Growing concerns for security of IoT and smart home devices of consumers
• Recent advancements in IoT technology enabling new smart home functions
• How new devices can be added into an ecosystem with legacy, backwards-compatible devices in a secure way

Marion Andrillat

First Automated Tool of Security Assessment on IoT Products: Application to the Smart Home

• First automated testbench on security assessment for the communication channels on
connected devices
• First offer in the mainstream for security (self-) assessment
• First use case applied to the smart home connected products
• Available demonstration on a HUE lamp (known vulnerabilities)

Josh Fu

Memory-Based Attacks and AI for Evil: What You Should Know

• Memory based attacks are on the rise because they offer criminals the most ROI
• Learn two of the most relevant, common ways memory attacks occur
• Learn how the exact techniques to be better protected against memory attacks immediately

Crypto Advances in IoT Context
Day 1
25 Sep 2018
Tomas Gustavsson

Using Best Practice PKI to Secure IoT Solutions

• PKI is one of the fundamental technologies for IT security
• PKI can be applied with existing best practices to IoT
• PKI assist in securing the whole IoT product lifecycle, including…
• Secure supply chain, bootstrapping, operations and software updates

Helmut Scherzer

BitFlip symmetrical encryption method

• A disruptive symmetric encryption algorithm based on provable security and not using a crypto algorithm
• Attractive for the low-end IoT devices who might not be able to afford crypto-hardware to run AES or other crypto algorithms
• A method adding to security where ‘normal’ crypto wouldn’t be applicable anyway

Dr. Christoph Striecks

Advanced Public-Key Cryptography Mechanisms for the IoT

• New standardized mechanism for access control using strong and advanced cryptography, namely Attributed-Based Encryption (ABE)
• Presentation of IoT4CPS and SECREDAS National and H2020 projects dealing with cyber security in the IoT and CPS domain
• Where are those ABE mechanisms most useful?

IoT Certification & Trust Frameworks
(Jointly with Identity & CyberSecurity Innovation World)
Session Chair: Dr. Eric Vétillard, Head of Future Certifications, NXP Semiconductors
Day 1
25 Sep 2018
Stefane Mouille

KEYNOTE Cybersecurity Act and the Impact for the European Smart – Security Industry

Ernst Bovelander

Assessing the Security of ‘Simple’ IoT Devices

• Security of ‘simple’ iot devices explained
• Assuring the security of iot devices
• How to develop secure iot devices

Dr. Beatrice Peirani

Mobile Security with Software, Which Role for the Standards

• Mobile security by software
• The example of cloud-based payment
• The example of FIDO

Abilash Rajasekaran

Internet of Things made secure with Freedombox using Decentralized Architecture

• How to make data secure in Internet of Things
• Freedombox an open source server operating system use case in accessing IoT devices even without internet

PANEL: EU IoT Trust Label and Cybersecurity Act: Status and Challenges

Dr. Eric Vétillard, Head of Future Certifications, NXP Semiconductors
Panel Chair and Moderator
The trilogue discussions have started on the EU Cybersecurity Act (European Commission, Council of the European Union and European Parliament), and we will know the result by the end of the year. One year after the initial announcement, a few things are becoming clearer, but many questions remain unanswered, and we will consider a few with that panel: more

The role of schemes in the EU Cybersecurity Act
The role of governmental entities in the EU Cybersecurity Act
The impact (or not) of non-mandatory certification on IoT devices
The impact on the EU Cybersecurity Act on complex systems like (semi-)autonomous cars
Panellists will include:
- Marion Andrillat, Business Development manager, CEA-Leti, France
- Ernst Bovelander, Chief Business Officer, Brightsight, Netherlands
- Lars Lydersen, Senior Director of Product Security, Silicon Labs, Norway
- Stefane Mouille, President, Eurosmart
- Dr. Stephan Spitz, Technology Director, Mobile Security Technology Office, Giesecke+Devrient, Germany
Eric Vétillard
Marion Andrillat
Ernst Bovelander
Lars Lydersen
Stefane Mouille
Dr. Stephan Spitz

DAY 3 - Wednesday September 26

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

End-to-end Security for IoT Networks
Day 1
25 Sep 2018
Dr. Stephan Spitz

5G Security Considerations

• Overview on 5G services (massive IoT, low latency, ultra-high bandwidth, …)
• Opportunities for new Security Solutions with 5G
• Assessment of the Attack Surface with 5G Networks
• Authentication and Evolution of the SIM with 5G

Lionel Cavalliere

Securing the Edge: The Periphery of IoT

• For the connected era to succeed priority must be given to securing the edge
• Security has traditionally focused on protecting data center infrastructure: that approach needs to change to deliver a holistic approach, from the data centre to the edge.
• Ultimately, applications and data are what we need to protect. Applications are the new focus and alignment with application teams to deploy containers and DevOps will fuel this model

Laurent Gomez

Towards End-To-End Data Protection for Industry 4.0

• End to end data protection from device to industrial applications, leveraging on low power network, targeting compliance with GDPR
• Evaluation done in collaboration with the City of Antibes and Juan-les-Pins, on their water distribution network, and SIGFOX

Blockchain for IoT Security
Day 1
25 Sep 2018
Sebastian Magnusson

Evaluation of Decentralized Alternatives to PKI for IoT Devices

• Distributed ledgers in systems with limited performance.
• Distributed ledgers as platforms for alternatives to PKI
• Advancements required for the technology to become a viable platform
• Discussion regarding the possibilities of creating a fully decentralized certificate authority using smart contracts

Helmut Scherzer

Blockchain – Unchained

• The entire Blockchain idea has several system-immanent contradictions regarding its well-known promises
• A scientific reflection providing critical views on Blockchain open to discussion with the floor

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 4.30pm: Break-out Sessions

Session Chair: Dr. Ilesh Dattani, Director, Assentian, UK; advisor, e-forum – European Forum for e-Public Services
Day 1
26 Sep 2018
Ina Wanca

I, Human: Cognitive Cybercrime Prevention Tools in the Domain of Personal Digital Security

● How do users make decisions that can expose them to cyber-threats?
● Deep dive into the human and psychological factors of the insider threat.
● Detecting cognitive biases in human cybersecurity behavior: user behavior analytics.
● Can cognitive learning applications help online users to self-regulate their cybersecurity behavior?

Johanne Ulloa

Unleashing the Power of Digital Identity

● Breached identity information is changing the nature of global cybercrime
● Merchant-specific trends in global cybercrime
● Different approaches to protect against identity abuse and fraud attacks.

Dr. Ilesh Dattani

FINSEC: Protection of Critical Financial Infrastructure from Emerging and Future Cyber Threats

● Infrastructures of the financial sector are increasingly vulnerable to security attacks
● FINSEC EU project: Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
● Introducing a novel standards-based reference architecture for integrated (cyber & physical) security

Gerd Pflueger

VMware Appdefense – The Future of Application Security for Edge, Branch and DC

● Concept of “Goldilocks Zone” and “Ensuring Good”
● Difference to the established security solutions
● VMware AppDefense solution based on Hypervisor technology
● Usecases with NFV, IoT and EdgeComputing

Josh Fu

Artificial Intelligence: Impact on the World

• Artificial intelligence and machine learning are everywhere, but overused and misunderstood
• Learn about the history and subfields of AI and ML and how the tech applies to various industries
• AI is imperative to solving IoT scalability challenges from worker shortages and overwhelming malware creation

End of the conference