View
221
Download
0
Tags:
Embed Size (px)
Citation preview
Serge Fdida – CNRS – Sept’05
French (Network) Security Research Activities
Serge FdidaUniversity Paris 6 & CNRS
Contributions from Michel Riguidel (ENST)
French/Japanese Joint Symposium on Computer Security Tokyo – September 2005
Serge Fdida – CNRS – Sept’05
Background
• Research activity on Security in France was quite fragmented
• Some strong communities – Cryptography (Research Action “ACI”)– Proof & Formal methods– Dependability, Reliability
• Industrial / Gov interests• Limited public funding• Security (at large) not recognized as a noble
area and found to be limited in scope!• Lack of programs in Education
Serge Fdida – CNRS – Sept’05
Background (2)
• Security is multidisciplinary,• Incentives to bring researchers into this area• Expose this area as a priority• Initiatives launched in 2003 :
– ACI (Joint Incitative Research Action) – Ministry of Research/INRIA/CNRS
• Head by Claude Kirchner
– RNRT (National Research Network in Telecommunications) – special focus
• Monitored by Michel Riguidel (ENST)
– Strong link with Europe IST FPs– STIC/Asia Program– Expert Committee on Security at CNRS
Serge Fdida – CNRS – Sept’05
Security Targets
• Homeland (Defense)• Critical Infrastructures (semi public, semi private)
– Trust to fight against cyber terrorism, strong cybercriminality
– Safety, Security, Dependability– Crisis management, public awareness– Resilience
• Cybersecurity (public, private)– Trust to fight against hackers, cybercriminality,
espionage, etc– Security, Dependability– Privacy– Resilience
Serge Fdida – CNRS – Sept’05
Emergence of new security challenges
• Critical infrastructure protection – Large scale complex systems (ICT + physical
infrastructure) with interdependencies: Electricity power, water supply, networks, etc
– We need robust and resilient infrastructures to reduce vulnerabilities
• Security of Smart spaces or Ambient Intelligence– Pervasive and ubiquitous computing
• Electronic devices, sensors : disseminated, not supervised
– We need to introduce ambient security• Global Localization Information, Global Identification
Serge Fdida – CNRS – Sept’05
Emergence of new security challenges (2)
• Networked communication systems (self-x architectures)– Self organizing networks, architectures of Internet caches &
mirrors, DNS-Sec, – Self healing architecture, privacy in mobile networks
• Grid security– Reconfigurable distributed organization to provide a service
• Spontaneous real time organization– We need
• To secure the grid (components & infrastructure)• To be protected from malicious grids (ethical computations)
• Content protection– Video distribution, DRM, …
• Require– Fundamental research– Application & Test-Beds (measurement, honeyspots, …)
Serge Fdida – CNRS – Sept’05
RNRT Security Call For Projects in 2005
http://www.telecom.gouv.fr/rnrt/index.htm
Serge Fdida – CNRS – Sept’05
RNRT
• Created in 1998– Fund 212 projects, 200 M€, Cost 440 M€
• Funding to launch calls in the area of Telecommunications and Networking
• Joint projects : Industry, Academia, SMEs• Budget of about 30Me for 2005• Peer with RNTL (Software), RIAM (Multimedia)• Linked with ARA SIASE (C. Kirchner)
Serge Fdida – CNRS – Sept’05
Security (1)
• The 2005 Call for Projects addresses the new practices & modern approaches in Security– Security of software & Content Distribution
• Digital Rights Management, Intellectual Property Rights, …
– Security of New Architectures & Paradigms• Grids, P2P, Ad-hoc, …
– ”Just-in-Time” Security• Downloading patches, weekly or daily Software upgrades,
reconfigurability
– Security Crisis Management
Serge Fdida – CNRS – Sept’05
Security (2)
• The Call for Projects is focused on security of Complex Systems or Infrastructures– With heterogeneous technologies– Taking into account non functional properties
(mobility, interoperability, flexibility, …)• Infrastructures, Networks, Very Large Information Systems• Networks & Information Systems (enterprise, personal)• Multimedia Content
Serge Fdida – CNRS – Sept’05
Security (3)
• IT networksInternet, WiFi, Enterprise LANs, Bluetooth, RFId,
Sensors, …
• Telecom InfrastructuresSatellites constellations, telecom networks, mobile
networks (GSM, GPRS, UMTS, WiMax)
• Broadcast networks (TV, Radio)Content protection, digital movies … (trust digital chain)
• Information SystemsGovernment, Enterprise, Home & Personal Networks
Serge Fdida – CNRS – Sept’05
Security (4)
• Security Functions’ point of view– Identity of a physical person
• biometry, with trusted personal entity – smart cards, etc
– Authentication• with digital signature, labeling or watermarking
– Audit• facts accountability, personal accountability, traceability
– Management of rights, privilege, etc– Authorizations
• with security policy
– Security Management• tools administration, overall assessment of the security assurance
level
Serge Fdida – CNRS – Sept’05
ARA SIASE
• Follow-on of the ACI Security
• Presentation by Claude Kirchner …
Serge Fdida – CNRS – Sept’05
Europe
• National / European projects• French academic & Industry are largely
involved• Integrated Projects• Networks of Excellence• STREPs• Security in FP6• Security in FP7
Serge Fdida – CNRS – Sept’05
Security in FP6with France participation
Serge Fdida – CNRS – Sept’05
Europe FP6 – some examples
• NoE FP6 - ECRYPT : Cryptography, J Stern (LIENS). INRIA.
• IP FP6 - SEINIT : Network Security. M Riguidel (LTCI) head of the project
• IP FP6 - SECOQC : Quanta cryptography. Philippe Grangier (CNRS, Laboratoire C Fabry de l’Institut d’Optique) and M Riguidel involved
• IP FP6 - PRIME : Privacy (Privacy) and Identity management. Y Deswarte (CNRS) and R Molva (GET) involved.
• IP FP6 - e-JUSTICE : Common secured exchange platform for administrative information's. R Molva (GET).
• IP FP6 – INSPIRED : Personal data authentication. INRIA involved.
• NoE FP6 – Biosecure : Biometry (GET).
Serge Fdida – CNRS – Sept’05
• To define, develop, teach, test and prepare the deployment of a complete and innovative system to improve security of the communities and the privacy of the bearers, and to provide interoperable keys to digital information.
• Research on security will focus on smart identity cards, on-chip combined biometrics, cryptography and PKI interoperability, and rights management.
• Eurecom, Thales, Greffe Tribunal Paris
e-JUSTICE : Towards a global security and visibility framework for Justice in Europe
Serge Fdida – CNRS – Sept’05
INSPIRED : Integrated Secure Platform for Interactive Personal Devices
• To specify and develop a new generation of secure portable devices called Trusted Personal Device (TPD), addressing the main requirements for trust and security of the information society
• The TPD technology can provide devices that will combine a fully integrated security architecture (HW, SW, OS, communications…) with ultra-portability, low-cost, and advanced networking and mobile communication features.
• INRIA, Gemplus, Schlumberger, …
Serge Fdida – CNRS – Sept’05
PRIME : Privacy and Identity Management for Europe
• To research and develop approaches and solutions for privacy-enhancing identity management,
• The project will address foundational technologies (human-computer interface, ontologies, authorisation, cryptology), assurance and trust, and architectures.
• Application scenarios, including on-line healthcare systems, location based services, privacy preserving customer databases, anonymous access to infrastructure for mobile workers, privacy enhancing ambient intelligence.
• IBM fr, LAAS-CNRS, Eurecom
Serge Fdida – CNRS – Sept’05
s-BORDER : Privacy respectful and threat tuneable traveller smart monitoring system
• To promote the early adoption of Automated Travel Document Control and Risk Assessment systems during the various phases of the travel, including the border control,
• Technologies such as advanced biometrics, contactless chip circuits, digital certificates and scoring systems to both automate the flow of no-risk passengers and allow detecting potential risky ones,
• France Telecom, Gemplus, Sagem
Serge Fdida – CNRS – Sept’05
SECOQC : Development of a Global Network for Secure
Communication based on Quantum Cryptography
• To specify, design and validate the feasibility of an open Quantum Key Distribution (QKD) infrastructure dedicated to secure communication as well as to fully develop the basic enabling technology.
• The S&T objectives are: to design physical devices ready to allow applicable Quantum Key Distribution
• University Nice, Thales, Laboratoire d’Optique, ENST
Serge Fdida – CNRS – Sept’05
SEINIT : Security Expert INITiative
• To ensure a trusted and dependable security framework, ubiquitous, working across multiple devices, heterogeneous networks, being organization independent (interoperable) and centered on the ambient intelligence around an end-user.
• The project will explore new security models and build the architecture and components to address the nomadic, pervasive, multi-players communicating world (IPv6)
• Thales, ENST, 6Wind
Serge Fdida – CNRS – Sept’05
ECRYPT : European Network of Excellence in
Cryptology
• To ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in these areas.
• 35 leading players will integrate their research capabilities within 5 virtual labs focused on : symmetric key algorithms, public key algorithms, protocols, implementation, watermarking. These labs will advance the state of the art in their domains and develop common tools,
• ENS, Gemplus, Cryptolog, CNRS
Serge Fdida – CNRS – Sept’05
Security in FP7
• A proposal for Strategic Objectives of the FP7 : “embracing all the security paradigms of the past 30 yrs and the next 10 years”
• Security, Trust & Dependability of– the new pervasive digital landscape & ambient
intelligence• Infrastructures of the digital urbanization
– Interdependencies, survivability, robustness, resilience, maintenance of trust
• Massive passive and low-energy wireless autonomous computers (RFIds, etc)
• Peer to peer and new spontaneous architectures (grids…)– Security of distributed virtual operating systems
– embedded systems & end-user terminals• Security of hardware (smart cards, low energy, …)• Security of new nanokernels & operating systems
Serge Fdida – CNRS – Sept’05
Security in FP7 (con’t)
• Privacy of European citizens – with a set of profiles of virtual identities
• Biometry, personal attributes• History elements (Tracing activities to be checked, that can
be deactivated)– And with trusted personal entities
• Security of complex and/or massive computing & services & data & knowledge– Large databases, web services, semantic web– Grids of computations– Distribution of content, mobile code– Virtual communities
Serge Fdida – CNRS – Sept’05
ThanksBabel Tower : Security Management
How to secure & to manage the security infrastructure ?
Serge Fdida – CNRS – Sept’05
CNRS STIC
Presentation
Serge Fdida – CNRS – Sept’05
Serge Fdida – CNRS – Sept’05
Key elements
• Around 26 000 employees of whom 11 600 are researchers 14 400 are engineers and administrative staff
• 1 170 research units (85 % are associated with universities)
• An annual budget of 2,6 billion euros
Serge Fdida – CNRS – Sept’05
Board of Trustees
President
General DirectorRegional Director
IDF
DeputyGeneral
Secretary
Strategic Planning Mission
Scientific department V - 3
National council on scientific research
Regional DirectorNE
Regional DirectorNW
General SecretaryAnd DRH
General ScientificDirector
Regional DirectorSE
Regional DirectorSW
Regional EuropeanInternational
Director
Director of industrialand technology transfer
Communication director
Institute – IN2P3 - 1
Institute - INSU - 2
Scientific department - HS - 4
Scientific department C - 2
Scientific department - MIPPU - 1
Transversal Department EDD – 1
Transversal Department I – 2
(for 2006)
Serge Fdida – CNRS – Sept’05
The STIC Department
http://www.cnrs.fr/STIC/
Serge Fdida – CNRS – Sept’05
Our partners
• Universities
• INRIA (The French national institute for research
in computer science and control
• CEA (Atomic Energy Commission)
• GET (Education et Research in Information and
Communication Technologies)
• etc.
Serge Fdida – CNRS – Sept’05
Staff in the STIC Labs May 2005
• CNRS researchers 813
• Researchers from other organizations 326 5334
• Permanent university staff 4195
• Ph.Ds. 4778
• Post-docs 321 5099
• CNRS engineering and
administrative support staff 809
• from organizations 353 1746
• from universities 584
• TOTAL 12 179
Serge Fdida – CNRS – Sept’05
Regional centers
Brest
Besançon
Compiègne
Strasbourg
Orléans
Rouen
Troyes
Tours
Dijon
Avignon
Belfort
Poitiers
Vannes
Le Mans
Amiens
Ile de France
Grenoble
Toulouse
Brest
LensLille Valenciennes
Nancy
Metz
LyonSaint-
Etienne
Lannion
Bordeaux
Nice
Montpellier
Nantes
Marseille
Angers
Main centersMain centers
Secondary centersSecondary centers
Serge Fdida – CNRS – Sept’05
Resources
• 23 M€ total budget (excluding salaries)
• 30 to 35 new permanent research positions per year
• 40 new engineering and administrative positions per
year
• 16 short-term positions (typically 3 years)
• 40 post-doc positions (1 year)
• 40 Ph.D. grants
• 60 research positions for university staff
Serge Fdida – CNRS – Sept’05
Research units
• 114 laboratories
• 9 federations
++
• 14 joint laboratories with industry
• 10 international laboratories
Serge Fdida – CNRS – Sept’05
International priorities of STIC department
• Europe
• Asia China India Japan
• North America
Serge Fdida – CNRS – Sept’05
Amérique du NordUn laboratoire mixte international
GEORGIA TECH (Atlanta)1 PICS
Amérique centrale2 Laboratoiresmixtes: LAFMI-
LAFMAA
Europe communautaire
2 LEA(Suisse Belgique)
RUSSIE1 Laboratoire Commun1 jumelage1 PICS
HORS JAPON
3 Laboratoires communs -
IPAL: SingapourLIAMA: ChineMICA :Vietnam
1 PICS
AUSTRALIE1 PICS
JAPONLIMMS/CIRMM
JRL1 PICS
Main International Institutional CooperationMain International Institutional Cooperation
Russia1 common lab1 twinning program1 scientist exchange program
North AmericaInternational common lab
Georgia Tech (Atlanta)Scientist exchange program
European communauty
2 european associated laboratoriesSwitzeland and Belgium
Central America2 Associated
LaboratoratoriesLAFMI LAFMAA
3 years term
Asia Outside Japan
3 commons labsIPAL : Singapore
LIAMA : ChinaMICA : Vietnam
1 Scientist exchange program
JapanLIMMS/CIRMM2 Common labs
JRL (project)1 Scientist exchange
program
Australia1 scientist exchange
program
Information and Communication Sciences and Technologies
Serge Fdida – CNRS – Sept’05
Partnerships in Japan
JRL : Joint Robotic Laboratory
– AIST: National Institute of Advanced Industrial Science and
Technology with CNRS
– ISRI : Intelligent Systems Research Institute with STIC
LIMMS : Laboratory for Integrated Micro-Mechatronic Systems
– IIS : Institute of Industrial Science, The University of Tokyo
– CNRS
CIRMM : Center for International Research on Micro-Mechatronics
– IIS : Institute of Industrial Science