Date post: | 01-Nov-2014 |
Category: |
Documents |
Upload: | servicewave-2010 |
View: | 662 times |
Download: | 0 times |
13-15 December 2010
23-27 November 2009 ICSOC-ServiceWave 2009
Security & Privacy trends for Urban
& transport applications
Martine Lapierre
Vice President, Technical Director
Defense & Security C4I Systems
Division
Security and Privacy technologiesA key element for urban multi-modal transportation
23-27 November 2009
Agenda
• Future applications & services addressed
• What Security & Privacy issues face this
example?
• Bringing FI PPP project into context
• Approach toward Content Driven Security
23-27 November 2009
23-27 November 2009
•Future Internet will enable the so called “Internet of Services”(IoS)
•New trends pushed by end-users:
•On demand intelligent/smart services
•Service personalization
•Increased QoS exigencies but also QoE (Quality of Experience!)
•Respect of Users right (new legislation..)
•Service provider in “Co-opetition” (collaboration and competition)
•Urban applications may use this : e.g. Urban Multi-Modal Transportation
•universally available geo-localisation
•universally available mobile communications
•fully individualized service offer
•Technology enablers are there as well
•Content-driven security and privacy enablers
become reality
23-27 November 2009
Future Internet - Urban transport Application exemple• 17:11 : Bring me to my next meeting
•Your contact is Daniel Gidoin From Thales
•Verification of agendas
•Calculation of both positions
•Meeting point proposition
•17h12 : Multi-Modal travel Proposition
•Take Bus 126 in 4mn for 2 stops
•Take shared car xwz4 at bus stop in 7 mn
•Shared car will drop you at Velizy station in about 40 mn
•Walk with gps to final destination (10mn)
•Arrival around 18:07
23-27 November 2009
Future Internet - Urban transport Application exemple• 17:11 : Bring me to my next meeting
•Your contact is Daniel Gidoin From Thales
•Verification of agendas
•Calculation of both positions
•Meeting point proposition
•17h12 : Multi-Modal travel Proposition
•Take Bus 126 in 4mn for 2 stops
•Take shared car xwz4 at bus stop in 7 mn
•Shared car will drop you at Velizy station in about 40 mn
•Walk with gps to final destination (10mn)
•Arrival around 18:07
•Automatic Update
•A Thales Employee declared a travel to Velizy
•Calculating travel optimization
•New arrival proposition 18:00 with direct car share
•Accept to switch car
•Travels achieved
•Automatic Payment
ServiceWave 201013-15 December 2010
23-27 November 2009
•Online services offer
•a wide range of transports incl. walking
•Customized : Emphasis is on QoS and QoE
•shortest journey time and greatest convenience;
• Or / And best cost (minimal);
• Or /And greatest energy efficiency and reliability.
•Applications stakeholders are:
•multimodal travelers (any means to reach the target)
•public and other collective transport operators
•road operators and traffic managers
•Taxis, private fleets, car rentals, and sharing drivers
•The itinerary is continuously monitored in real-time and is adjusted
whenever conditions or options change.
• Various context-aware services are “pushed”
to the traveler just when needed:
•Monitoring, rentals, ticketless mobile fare payment…
Multimodal travel made easy, Itinerary updated in real time
23-27 November 2009
•Challenges which apply
•To propagate the geo-localisation information in a time compatible with real-
time dynamic adaptation of multi-modal traveler : Localisation PRIVACY
•To process the collected information fast enough (e.g. using cloud technology)
in a context of massive simultaneous constrained and/or contradictory
requests, keeping CUSTOMER DATA PRIVACY & INTEGRITY
•To efficiently integrate user preferences and constraints so as to provide user
acceptable multi-modal proposal in all situations
• To ENSURE SAFETY of drivers & travellers as well as PAYMENT INTEGRITY &
CERTIFICATES- allowing proportional automatic contribution to journey
•(semi-)Automated and very effective negotiation functions between travelers
and drivers based on CERTIFIED cross-rating of participant, including geo-
localisation based rendez-vous (LOCATION ACCURACY & Perm. Of Service)
Efficient multimodal
travel : issues
As a resume, Security functions ensuring the safety of all participants through a careful
set of preventive, en-route and forensics functions
• 17:11 : Bring me to my next meeting
•Your contact is Daniel Gidoin From Thales
•Verification of agendas
•Calculation of both positions
•Meeting point proposition
•17h12 : Multi-Modal travel Proposition
•Take Bus 126 in 4mn for 2 stops
•Take shared car xwz4 at bus stop in 7 mn
•Shared car will drop you at Velizy station
in about 40 mn
•Walk with gps to final destination (10mn)
•Arrival around 18:07
•Automatic Update
•A Thales Employee declared a travel to
Velizy
•Calculating travel optimization
•New arrival proposition 18:00 with direct
car share
•Accept to switch car
•Travels achieved & Automatic Payment
Security & privacy issues : more details
23-27 November 2009
•Corporate data interaction
•Geo-localisation Privacy
•Tier service activation
•Customization based on
private data (profile..)
•Private travel data anonymi-
sed for public traffic
regulation
•Security Video Recording
•Business Information
recording
•Cyber Attack
•realized service Certification
•Financial Data exchange
•Mobile Identity
federation
•Role Based Access
Control
•Anonymization of data
before statistics
•Data lifecycle managed
by the user
•Sticky policies
•Role-oriented data
usage control
•Accountability
•Claim based ID
•Content Driven
Security
23-27 November 2009
•Security and privacy issues and the consequences
of the strong contextual information collected
•Scalable and pervasive IPv6-based vehicle-to-vehicle (V2V)
communications / Security Video - Mobile Network permanence of service
•guarantee that the personal information provided by users will be
processed in accordance with the user rights and requirements and would
be erased afterwards
•protect commercial required information in case of delegate partial
execution to a third party service operated by another provider:
•PAYMENT integrity and security
• As a consequence : Content-driven security and privacy
•Tag datum elements with dedicated security and privacy meta-information
regarding traceability, propagation and divulgation.
•Such meta-information propagated along with the datum elements
•Technical and legal mechanism to guarantee the compliance of services with
the usage requirements (also legislation and regulation which may apply)
Security & privacy issues
23-27 November 2009
•Lot of expectations on this project …
•Indeed as per FI PPP Call Objective 1.7 the Core Platform project
will help
•design, develop and implement a generic, trusted and open network and service
Core Platform supporting generic enablers with standardized interfaces serving
multiple use cases, and making use of and integrating advanced Internet features.”
•Remember the aim to offer Core Platform functionalities that can
be generically reused in multiple usage contexts to support "smart
applications" of various natures there is no doubt that this project
would make happen new usages in a broad range of application
domains (e.g. Transport, Energy, …)
•Among others this project will deliver the Generic Security services (e.g.
IAM/AAA, Privacy, …) that will enable smart applications (e.g. Multimodal
Transport) to happen and be widely adopted since generating the necessary
Trust and Confidence people or organizations need to have it done.
Bringing FI PPP project into context
23-27 November 2009
•Content Based Security:
Security attached to the data (structured or unstructured)
•with fine-grained partitioning adapted to data owners requirements
•with trust established between services providers
•with trust established between services providers
•With multi-level ciphering at the datum level
•with traceability and accountability at
each step
Using open standards for ubiquitous protection and x-border interoperability
From Content Based to Content Driven Security:
What Thales can contribute?
23-27 November 2009
•As data travel across the Internet
• It will pass through multiple services, processes and users
• It must be protected from misuses, unauthorized
disclosure and harmful aggregation
Approach towards Content Driven security
Security information and requirements should travel along with data elements, to establish Content Driven Security in flexible and virtualized environments.
namegroup
age
Example Claims
BANK PAYMENT
Bank
account #Clear text
• Secure
Handshake
• Never
Propagate
• Report at
each step
Amount to
pay
Cipher
# 1
Account of
receiver
Cipher
# 2
Bloc Signature
Usage and travel constraintsData protection constraintsData element
23-27 November 2009
•CONFIA proposes a set of rules suitable for
controlling the access
• Grant rules: To provide the access to a user on
an object according to some requirements (e.g.
Conditions, obligations)
•Derived rules: To propagate access to a user
through the content and the kind of rights
defined.
•Forced rules: To solve any conflict between
different accesses sharing user and object.
•Non-vulnerability rules: To protect the whole
content of a document of intrusion by a non-
allowed access
Content Driven access rule
ICSOC-ServiceWave 2009
THANK YOU!