28
Andrea SERVIDA Deputy Head of Unit European Commission DG Information Society - Unit D/4 ICT for Trust and Security Iniziative dell’Unione Europea per la biometria: il ruolo della ricerca

Andrea SERVIDA Deputy Head of Unit European Commission DG Information Society - Unit D/4 ICT for Trust and Security Iniziative dell’Unione Europea per

  • View
    214

  • Download
    0

Embed Size (px)

Citation preview

Andrea SERVIDADeputy Head of Unit

European CommissionDG Information Society - Unit D/4

ICT for Trust and Security

Iniziative dell’Unione Europea per la biometria: il ruolo della ricerca

2

OUTLINE

• Security and dependability: needs & concerns• Towards a comprehensive EU approach to

security• Why is R&D important for policy making on

security• ICT Security R&D in FP5 & FP6 - biometrics• The FP6 projects: BioSec & Biosecure• Supporting the deployment of biometrics: a

Plan for Action

3

The new security needs and concerns ...

• 9/11 has raised the need for “higher levels of security”

• the fears of terrorism make “national security needs” to prevail

• security in AmI is increasingly associated with strong identification (biometrics, unique identifiers, etc.)

• growing policy interests on security of information: economic security, protection of intangible assets and IT investments, etc.

• AmI would not happen without new models of security and privacy

• societal applications and systems call for an holistic reflection on our dependency on technology

• current generation is unable to perceive and feel “digital security”

• in AmI the personal sphere of individuals would be an open and evolving environment (instant networking, smart dust, intelligent agents, etc.)

• new policy challenges posed by technical developments on virtual identity, anonymity, RFID, etc.

• privacy is a human right to be preserved and technology should work to avoid a privacy crisis

• asymmetric power game between “technology” and “humans” may lead to discrimination, exclusion, divide, etc.

• there are no technical means to ensure social accountability of security solutions

4

External security / defence

• Framework Decision on attacks against information systems

• Lawful interception• G8 CIP• e-identification/e-

authentication• biometrics in visas and

residence permit

• Pilot action with DG RTD• Dual use technology

research• Crisis management

International Co-operation• OECD, G8, Council of Europe, UN, ITU, ...

• network security, dependability, cryptography, biometrics, identity management, watermarking, ...

• Electronic Signature• Data protection in elect.

com. • Network & information

security• Culture of security• ENISA• digital right management,

biometrics, smart card, IPv6, open source software

• critical infrastructure protection

Economic, business and social aspects of

security in Information Society

Research and Technology Information and Communication Technologies

Preparatory Action on Security Research

Cyber-crime, Internal security

A comprehensive EU approach to security

5

Lisbon Strategy

“EU: Largestknowledge-basedeconomy by 2010”

Why is R&D important for policy-making on security

EnlargementEnlargement

The candidate countries are full partners in FP6.

ERA: EuropeanResearch Area

ERA: EuropeanResearch Area

FP6, Eureka, COST, National RTD Programmes… towards a

Single Market for Research

Broadband access, e-business, e-government,

security, skills, e-health, ...

Other policiesOther policies

Single Market, Single Currency, Security of

Europeans, Sustainable Development, ...

6

R&D shall

lead to

What’s the mission of EU R&D on ICT security?

Develop knowledge & technology - understanding implications and benefits

secure, dependable, acceptable & respectful (of human rights and dignity)

systems/applications

proper assessment and evaluation

7

Today issuesPoor understanding and

awareness of risks to privacy

Influencing factors• increased “digital powers” of

Governments• globalisation &

interconnectedness• business interest in knowing

more about customers/people• opacity of data gathering vs

inefficient enforceability of law• intrusiveness of technologies:

RFID, location based, profiling, P2P, biometrics, etc.

• unprecedented exposure of users

• de facto impossibility to retain control on personal data

Today issuesPoor understanding and

awareness of risks to privacy

Influencing factors• increased “digital powers” of

Governments• globalisation &

interconnectedness• business interest in knowing

more about customers/people• opacity of data gathering vs

inefficient enforceability of law• intrusiveness of technologies:

RFID, location based, profiling, P2P, biometrics, etc.

• unprecedented exposure of users

• de facto impossibility to retain control on personal data

Ethics in the Information Society

Future objective Ethics of privacy as a key element of the Information

Society

How to go about it• socioeconomic research on

what would be “privacy” in IS• make privacy part of education

programs, training and public debate

• commercial and business conducts must adopt commonly agreed principles

• promote privacy compatible processes, products and systems

• build-in privacy mechanisms to ease “enforceability”

• Innovative R&D to ensure personal control of privacy.

Future objective Ethics of privacy as a key element of the Information

Society

How to go about it• socioeconomic research on

what would be “privacy” in IS• make privacy part of education

programs, training and public debate

• commercial and business conducts must adopt commonly agreed principles

• promote privacy compatible processes, products and systems

• build-in privacy mechanisms to ease “enforceability”

• Innovative R&D to ensure personal control of privacy.

8

FP6: between continuity and novelty

Deployment through eTENArticulation with and support to EU Policies (ENTR, MARKT, JAI, RELEX…)

eEurope 2002 + 2005,

National Events

Technology assessment & transfer

FP3 FP4 FP5

Budget35M €

Budget88M €

Projects~50

Projects67

ResultsStrategic security

frameworks

User & service requirements

PKI trials

Specifications, standardization,

certification

ResultsICT Security community

high-risk technologies, applications & processes

@@

RACE / ACTS

ESPRIT/IT

TAP

+ INFOSEC / ETS

ISIS

PASTPAST 10 years (1992-2002)

From Security of Information Systems...

NEXTNEXT 10 years (2003-2014)

...to Security in Ambient Intelligent Space

Protection of digital assets

Information infrastructure dependability & CIP

Keywords: ambient networks, nomadic people, mobile things in the environment, intermediation services, ubiquity, distributed interactive infrastructure...

Individuals and open large communities

Mobility and reconfigurability

9

Applications (e-polling, e-government, travel)E-POLL, FASME, (S_TRAVEL)

Sensor - basic technologiesSABRINA, FINGER_CARD, VIPBOB

Technology improvement and validation in applicationsBANCA, U-FACE

Socio-economic aspectsBEE

Shaping the FutureBIOVISION => European Biometrics Forum, Dublin

EU R&D on biometrics: FP5 projects

10

A total portfolio of 16 Projects– 6 Integrated Projects

BioSec, e-Justice, Inspired, Prime, Secoqc, Seinit

– 3 Networks of ExcellenceEcrypt, Fidis, Biosecure

– 6 Specific Targeted Research ProjectDigital Passport, Medsi, Positif, Scard, Secure Justice, Secure Phone

– 1 Coordination ActionSecurIST (under negotiation)

FP6 - R&D on ICT trust and security & biometrics

11

Biometrics and Security– Integrated Project– started December 2003

for 2 years – 23 partners from 9

countries

Two stages– First stage: framework

specification and early integration

– Second stage: late integration and comparison studies

Objectives• Enhance security features of

authentication elements– Performance, robustness and

aliveness detection

– Integrity and data protection

– User acceptance

• Put technology to work in real scenarios– Personal biometric storage:

tokens

– Security framework

– Scenarios: physical and remote access

– Evaluation

BioSec Projecthttp://www.biosec.org/

12

Scenarios

and applications

Review Scenarios and applications

Biometric technologies Specs

Prototypes with BioSec

technology

Current Technology

BioSec Results

BioSec interfaces

State-of-the-art technology

BioSec Technology

BioSec interfaces

BioSec technology

First Prototypes

First year

BioSec Project (2)

13

BioSec Project (3)

• Approaching the end first year• Technical achievements

– Specification of interoperability framework: sensors and storage– First prototypes: aliveness detection in fingerprint, 3D recognition, Voice

noise models, Iris recognition– Multimodal database acquisition tools– Two scenario setups:

• Network access with remote authentication• Physical access: Helsinki airport

• Dissemination achievements– BioSec Web site and Interest Group: www.biosec.org– BioSec Workshop (June 2004): 100 delegates– IST 2004 (Nov 2004) Exhibition– Contact with standardisation bodies and international organizations

14

The Network of Excellence BioSecure

• Coordinator– GET (Groupement des Ecoles de Télécommunication)– CDC (Caisse des Dépôts et Consignation)

• 29 Core Partners– Main academic actors in the field– Satisfy excellence criteria : publications, PhD, etc…– Involved in different aspects of Biometrics– With experience in evaluation campaigns

• Relations with Industrials, small companies... through a Forum of Industrial and end user partners– ST-Microelectronics, France Telecom, Bouygues Telecom,

Gemplus, OPSIS, ELRA/ELDA, ORGA, etc…

15

Objectives

• Integrate the research and infrastructures developed in different teams involved in the biometric field

• Identify and meet the scientific and technical challenges in the Biometric field

• Explore the technical and non-technical issues arising during the deployment of applications in relation with the industrials and end-users

• Facilitate dissemination and training activities

BioSecure NoE (2)

16

Sharing databases and algorithms

Creation of a virtual multimodal Database and related assessment protocols

Software integration and production of reference systems

Preparation of the first summer institute for algorithms evaluation (July 2005)

Active participation to international standardization instances

BioSecure NoE (3)

17

Research Focus:• security and dependability challenges arising from

complexity, ubiquity and autonomy• resilience, self-healing, mobility, dynamic content and

volatile environments• strategic and solid research on security and trust for

new societal applications• interoperable content and digital rights management

Key Objectives & Breakthroughs– build on EU technical and scientific excellence on

security, dependability and resilience– meet EU demands for privacy and trust– strengthen the interplay between research and

policy

The next step: S.O. 2.4.3 Towards a global dependability

and security framework

Indicative budget> 63 MEuro

------------ Call published on 19/11/2004 ------------

18

The next step: S.O. 2.4.3 Towards a global dependability

and security framework

Priority areas• integrated frameworks and technologies for

resilience, dependability and security• modelling/simulation techniques and synthetic

environments for interdependencies, recovery and continuity

• technologies and architectures for secure computing and interoperable management and trustworthy sharing of digital assets

• secure and interoperable biometrics • security and privacy technologies and

architectures for future wireless and mobile scenarios

• security assurance and certification of complex networked systems and infrastructures

• interoperable content and digital rights management

InstrumentsIPs, NoEs, STREPs, CAs

IPs, NoEs, STREPs, CAs

IPs, STREPs

IPs, STREPs

STREPs

STREPs, SSAs

------------ Work in progress ------------

19

• Identification – biometrics are based on probability assumptions, no “absolute” identification

• Performance Limitations – this bear the not negligible risks of not being applicable to some percentage of population

• Distributed Enrolment – may undermine accuracy and performance of large scale systems

• Interoperability - not yet supported by standards nor technology

Deployment of biometrics:open technology issues

20

• Security vs performance – enhancing security by very low failure rate may lead to low performances, not acceptable to users

• Availability of algorithms - no “open source” policy yet although desirable

• Scalability - no experience of large scale field trials

• Data Control - need of effective safeguards and remedial actions with respect to the risk of misuse

Deployment of biometrics:open technology issues

21

Supporting the deployment of biometrics:a Plan for Action

Motivation:– The political agenda: integration of biometrics

identifiers in visas, residence permits and European passports

– The technical state-of-the-art• diverse context specific solutions available only• problem of scalability and interoperability

– Urgent need for• Technical advise (to decision makers)• Common assessment and evaluation criteria• Exchange of information on deployment activities

22

The planbuilds upon

A Plan for Action on biometrics: the background

Internaldiscussion & consultation

External consultation workshops

Roadmap projects and studies

23

A Plan for Action on biometrics: outline

• Support for the establishment of a European Authoritative Technical Body on Biometrics

• Launching of an European Web Portal for the exchange of information on deployment activities between Member States

• Support for the creation of a European network on testing and assessment of biometric technology

Presented by Commissioner Ján Figel’ at the Conference “Biometrics for the benefit of the citizen: a European

Perspective“, Dublin 14 June 2004http://europa.eu.int/comm/commissioners/figel/speeches_media/doc/Figel_Dublin_biometrics.pdf

24

Technical Body

• Objective: To assist decision makers in taking informed decisions on issues involving biometrics (e.g. passports)

• Status– Draft Terms of Reference available– Workshops planned for near future with relevant

stakeholders (academia, industry, industrial and policy oriented fora, governmental bodies, etc.)

• Proposed outline– Network of experts: European Biometrics Expert

Group (EBEG)

25

The European Web Portal on biometrics

• Objective: To share information of large scale deployment activities (pilots, trials, etc.) among the Member States

• Status– Recent call for tender– Selection of tenderer in progress– Launching of web portal summer 2005

• Expected results– a common framework for data collection– schemes to define and evaluate trials– collection of good practices and lessons learnt

26

Assessment & Testing Network

• Objective: To establish a European network for testing and assessment of biometrics technology.

• Status– Discussion started with relevant stakeholders (centres of

excellence in testing and assessment, certification bodies, etc.)

– Plan to propose a Network of Excellence in FP6 based on open research issues in testing of biometrics.

• Expected results– a common framework for testing, assessing and

certifying biometric technology

27

Complementary activities

• Follow closely the international work on technical standards for biometrics

• Stimulate and facilitate the participation of EU industry to on-going international standardization (ICAO, ISO/IEC, etc.)

• Promote further R&D on secure and interoperable biometrics (ref. Call 4 for proposal of IST priority)

28

Web sites

IST Programme:

www.cordis.lu/ist

ICT for Trust & Security

www.cordis.lu/ist/so/dependability-security/home.html

FP5 Roadmap projectswww.cordis.lu/ist/ka2/rmapsecurity.html

PASR Consultation on new Work Programme http://europa.eu.int/comm/research/security/news/article_1571_en.html

IST helpdeskIST helpdeskFax : +32 2 296 83 88Fax : +32 2 296 83 88E-Mail : [email protected] : [email protected]