View
5
Download
0
Category
Preview:
Citation preview
1 © 2018 FUJITSU LABORATORIES LTD.
Human Centric Innovation
Co-creation for Success
Fujitsu Innovation Gathering & Fujitsu World Tour 2018 Social Innovation through Security
2 © 2018 FUJITSU LABORATORIES LTD.
Social Innovation through Security Cutting Edge Advances to Secure Our Future World
Dr. Hiroshi Tsuda Head of Security Research Laboratory Fujitsu Laboratories Ltd.
3 © 2018 FUJITSU LABORATORIES LTD.
Security?
Protection from Malware, Cyber attack, targeted attack,
intentional data leak, ….
Security, however, is not only for “protection” purpose
4 © 2018 FUJITSU LABORATORIES LTD.
Social Changes for “Co-Creation”
n Changes in data management n For Co-Creation, Data are utilized among multiple organizations
n Cyber-attacks affect physical world: virtual currencies, self-driving cars, etc.
n Changes of customers’ risks n Risk of Personal data misuse penalty: 4% of sales in GDPR n Risk of social flaming: Facebook privacy scandal, JR SUICA in Japan, ... n Risk of AI → Incorrect outputs from untrusted data
Security for co-creation and social innovation
5 © 2018 FUJITSU LABORATORIES LTD.
Security for Social Innovation n Innovative services are emerging through security technologies
BingoBox in China Unmanned CVSs
Diversification of Trust
Biometric (face) Mobile payment (Alipay) Scoring (Sesami Credit)
Trust
Security Techs
X-Road in Estonia Advanced e-Government
Trust by Government
eID cards Blockchain (transparency) Cyber-security (NATO)
P2P Blockchains Mining (Hash)
Decentralized Trust
Bitcoin Virtual currencies
Trusted Social Innovation has emerged through security tech.
6 © 2018 FUJITSU LABORATORIES LTD.
Security in Fujitsu Technology & Service Vision
Securing information comprehensively
Secure and safe information utilization
Biometrics NFC1 Anonymi-zation Encryption
Vulnerability managemen
t
Digital forensics
Authentication and
Authorization
Data Security and Privacy Protection
Cyber Security
• Blockchain • Trustworthiness of Data
7 © 2018 FUJITSU LABORATORIES LTD.
Security R&D in Fujitsu Lab. and FIG demos
London
Madrid
Texas (Richardson
)
Beijing
Suzhou Shanghai
Japan
Fujitsu R&D Center Co., Ltd. (China)
Fujitsu Laboratories of America, Inc. (U.S)
Fujitsu Laboratories Ltd. (Japan)
California (Sunnyvale)
Fujitsu Laboratories of Europe Limited (Europe)
Connected Car: Protecting in-vehicle Networks from Cyber Attacks
Blockchain Technologies for Data and Value Exchange
Innovative Blockchain-based Social Welfare Distribution
Securing the Blockchain with Latest Threat Analysis
Privacy Risk Assessment technology for GDPR
demo
demo
demo
demo
Data Security Cyber Security Authentication Blockchain
Data Security Blockchain
Data Security Blockchain
Blockchain
8 © 2018 FUJITSU LABORATORIES LTD.
Cutting Edge Technologies of Fujitsu Lab.
Human
Data
System
Authentication
ID Federation
Device Auth
Data Protection Secure Collab.
Privacy Personal Data
Cyber-security Vuln. Monitoring
Identify Protect Manage
Targeted attack
Vuln. assessment
Vuln. c’measures
Biometric
Terminal auth
Hardware auth
Auth’n protocol
ID federation
Anonymization
Encryption Blockchains
Privacy impact
Privacy by design
Behavior analysis Info tracing
Authentication & Auth. Data Security
Cyber-security
demo
demo
demo
ID-based auth.
PUF
k-anonymization
Homomorphic enc.
Mail missending
High Speed Forensics
Connection Chain
Privacy Risk Assessment
PDS/Info bank
VPX
FIDO
Smart Contract
Palm-vein
Connected Car
1. Trusted CPS
2. Trusted Data Utilization
3. New Trust with Blockchain
9 © 2018 FUJITSU LABORATORIES LTD.
1. Cyber-security of Connected-cars n Security for Cyber-Physical System
n Connected vehicles, factories, etc.
n Security-by-design Operation
Trusted CPS Connected-car Safety Market: 16B$
In-vehicle attack detection Less false-positives No need to tweak for car types Attack device CAN-controlled
vehicle
Display of detection tool
Suppliers
Attack Info
Analysis
Detector
Recover: Online update Security Operation monitoring for vehicles
Detection
Log
Forensics Continuous safety service Fujitsu
Demo
Emergency treatment
10 © 2018 FUJITSU LABORATORIES LTD.
2. Secure Personal Data Utilization
n “New oil”, but tradeoff between privacy and utilization
Trusted Data Utilization
Market: 200B$
Regulations x Advanced Techs Safe utilization of personal data PI protect laws EU GDPR
New Data Exchange Business emerges via Data Security
Risk Assessment Visualize GDPR compliance and data loss risks PDS (Personal Data Store) Information Bank under users’ consents (Personium)
Fastest k-anonymization (NESTGate)
Anonymization
AI / Personal Data Utilize
Real name data
Health data
Purchase data
Other vendors
register
Purchase
Anonymous data
Segmented purchase data
Shopping malls
Hospitals ×
Inspection agency
Anonymization
PDS / consent
Retails
Portability
Blockchain
Demo
11 © 2018 FUJITSU LABORATORIES LTD.
3. New Trust with Blockchain
Creating Disruptive Cross-Border Innovation
Creating Disruptive Cross-Industry Innovation
Blockchain Connects the World and Industries for Co-Creation 1. Digital Currency
2. Trusted Information
Exchange
Decentralized Immutable
3. Connected Autonomous Organization
Smart Contract
Blckchain
12 © 2018 FUJITSU LABORATORIES LTD.
Fujitsu Blockchain Activities
Blockchain Plat-form
Hyperledger Fabric
Blockchain OSS Standardization
Standards Contribution
Premier Member of Hyperledger Project
Accelerated Processing
Faster transaction processing (2017.7)
Enhanced Security Key Sharing (2016)
Smart Contract Validation (2018)
VPX Technology Secure Data Sharing (2017)
Virtuora DX (2018)
Business Logic
Security, Dev. Environment
Connection Chain
cryptocurrency exchange(2017)
Busi-ness
Appli-cation
Reward Program
Regional Revitalization trial (Chiba City, Odakyu Rail, etc.)
Information Bank
Personal data exchange trial (2017)
Cross-border Transaction
Trial with Mizuho-bank (2016) P2P money transfer (2017)
IOTA (Fujitsu CE) Blockchain Innovation Center(Fujitsu Benelux)
*
* *
*
*
*
* *
* Fujitsu Lab.
demo
demo
13 © 2018 FUJITSU LABORATORIES LTD.
(1) Cross-border securities transactions (2016)
n Shorten cross-border securities transactions (POC with Mizuho BK) n Transactions had to go through multiple financial institutions n The settlement time: 3 days (max) to 1hour using Blockchain n Also applied to supply chain etc., information sharing where central control
requires high cost. Transaction
Settlement
Asset management co. Securities firm
Cust
omer
Sub-securities Administration co.
Securities administration co.
Exchange Transaction
Transaction
Blockchain Transaction Contract
Contract
Japan
Overseas Check
Check Securities firm Trust by Decentralized, Immutable Information Sharing
14 © 2018 FUJITSU LABORATORIES LTD.
(2) Secure Data Exchange (VPX/Virtuora DX)
n Transparent & Distributed data exchange without disclosing data itself n Blockchain manage metadata and access policy/sales records
Access authority setting
Data owner
View
View & request data
Not viewable
Share metadata on BC Request data from user Exchange actual data Control for data transfer directly
(off-chain) after both agreed Buyer request data attribute.
Disclosure policy applied automatically
Access authority setting
Disclosable
Disclosable Not to be disclosed
Owner disclose data attribute info. and policy.
Data owner
Data user Attribute info indicate the
content of data
Trust Data Exchange Market by Decentralized and Immutable log
2017,18
15 © 2018 FUJITSU LABORATORIES LTD.
(3) Data Market by Connection Chain (2017)
n Connection Chain connects different Blockchains, for example, Data Exchange and Money Exchange.
Demo
Corp A’s Data
Corp B’s Data
Corp C’s Data
Virtual Currency (Payment)
VPX (Data Market Service)
Corp A’s Account
Corp B’s Account
Corp C’s Account
Service & payment are separated
Contract for human
Before
Corp A’s Data
Corp B’s Data Corp C’s
Data
Use Data
Corp A’s Account
Corp B’s Account
Corp C’s Account
Smart Contract (Automatic transaction)
Service & payment are integrated After
Charging Connection
Chain
Virtual Currency (Payment)
VPX (Data Market Service) Trust Connection of Heterogeneous Blockchain
16 © 2018 FUJITSU LABORATORIES LTD.
(4) Smart contract verification (2018) n Various attacks to Blockchain “system” is growing
n The DAO attack (2016): $50M Ether stolen from smart contract (program) bugs.
Demo
Web app User
App Transaction
transmission
Response
Risks related to logic
Warnings related to consensus
Risks related to assets
(2) Authenticating the source of a transaction call
(1) Reentrancy
(3) Call stack restrictions
(4) Divide by zero (5) Transaction order dependency
(6) Transaction uncertainty due to reliance on
timestamp Contract A: Risk: Reentrancy Func: Func X Line: 109 Contract B: Risk: Call stack Func: Func Y Line: 57
Contract A
Contract B
Func Y
Func X
Smart Contracts
Syntax analysis
Symbolic execution Risk location
Topology diagram
generation
Static Analysis
n Smart contract risk detection and visualization
n Six kinds of risks that can be detected and visualized before the execution
Trusted Smart Contract Development
17 © 2018 FUJITSU LABORATORIES LTD.
Summary
n Social Innovation through Security n “Trust” is the key for co-creation and social innovation n Security technologies towards Trust3.0 and trusted co-creation
n Trusted Cyber-Physical System n Trusted Personal Data Usage n New Trust from Blockchain:
trusted information sharing, Connection Chain
With our security, you can.
18 © 2018 FUJITSU LABORATORIES LTD.
19 © 2018 FUJITSU LABORATORIES LTD.
(4)Transaction restriction on Blockchain (2016)
n Programmable Economy = Cryptocurrency + smart contract n Restrict transactions if pre-established policies are violated.
n Example: Social welfare payments only for specific usages.
n Policy is verified at nodes in Blockchain.
Demo L15
Trusted Smart Currency by Smart Contract
20 © 2018 FUJITSU LABORATORIES LTD.
(2) Personal information bank (2017)
n Exchange personal data and rewards, POC with a retail company n The user offered his/her personal information on his/her own will and acquired points
(Blockchain-based Fujitsu Coin) according to the info content and quantity
n The company using the personal data provide personalized services based on preferences and behavioral patterns
Exchange your info with Fujitsu coins, good deal!
Info Bank
Consent management restaurant Financial service
Fujitsu Coin
FUJITSU Coin
Blockchain
Usage log
Fujitsu employee
Provide life log
One to One Marketing Fujitsu Info Bank
Personal Data Store (Personium) 従業員A 従業員B 従業員C
従業員D 従業員E 従業員F
従業員G 従業員H 従業員I
従業員J 従業員K 従業員L
従業員M 従業員N 従業員O
従業員P 従業員Q 従業員R
⽒氏名 項⺫⽬目
住所 同意記録 趣味 嗜好
⼭山⽥田太郎 内容
埼⽟玉県 0 xxx xxx
etc
Life log
agree
Data access
Data exchange under uses’ consent
Individual approval Trusted Personal Data Management by Immutable logging and Rewards
21 © 2018 FUJITSU LABORATORIES LTD.
Innovation of Blockchain
Blockchain technology progress
Expa
ndin
g ap
plic
atio
n fie
ld
Phase1: Decentralized Trust
Phase2: Immutable Information Sharing
Phase3: Connected and Autonomous with Smart Contract
Ø Launch of Blockchain Platform Service Ø Enabling sensitive/personal data (KYC)
Ø Connection technologies for digital co-creation Ø Smart contract for distributed autonomous system
Ø Digital Currency Ø Distributed Ledger
Example: ü Financial market
prediction
ü One-stop Healthcare ü Supplychain
Example: ü Digital currency ü Asset management
Recommended