andrea servida deputy head of unit european commission dg information society - unit d/4 ict for...
Post on 18-Dec-2015
214 views
TRANSCRIPT
Andrea SERVIDADeputy Head of Unit
European CommissionDG Information Society - Unit D/4
ICT for Trust and Security
Iniziative dell’Unione Europea per la biometria: il ruolo della ricerca
2
OUTLINE
• Security and dependability: needs & concerns• Towards a comprehensive EU approach to
security• Why is R&D important for policy making on
security• ICT Security R&D in FP5 & FP6 - biometrics• The FP6 projects: BioSec & Biosecure• Supporting the deployment of biometrics: a
Plan for Action
3
The new security needs and concerns ...
• 9/11 has raised the need for “higher levels of security”
• the fears of terrorism make “national security needs” to prevail
• security in AmI is increasingly associated with strong identification (biometrics, unique identifiers, etc.)
• growing policy interests on security of information: economic security, protection of intangible assets and IT investments, etc.
• AmI would not happen without new models of security and privacy
• societal applications and systems call for an holistic reflection on our dependency on technology
• current generation is unable to perceive and feel “digital security”
• in AmI the personal sphere of individuals would be an open and evolving environment (instant networking, smart dust, intelligent agents, etc.)
• new policy challenges posed by technical developments on virtual identity, anonymity, RFID, etc.
• privacy is a human right to be preserved and technology should work to avoid a privacy crisis
• asymmetric power game between “technology” and “humans” may lead to discrimination, exclusion, divide, etc.
• there are no technical means to ensure social accountability of security solutions
4
External security / defence
• Framework Decision on attacks against information systems
• Lawful interception• G8 CIP• e-identification/e-
authentication• biometrics in visas and
residence permit
• Pilot action with DG RTD• Dual use technology
research• Crisis management
International Co-operation• OECD, G8, Council of Europe, UN, ITU, ...
• network security, dependability, cryptography, biometrics, identity management, watermarking, ...
• Electronic Signature• Data protection in elect.
com. • Network & information
security• Culture of security• ENISA• digital right management,
biometrics, smart card, IPv6, open source software
• critical infrastructure protection
Economic, business and social aspects of
security in Information Society
Research and Technology Information and Communication Technologies
Preparatory Action on Security Research
Cyber-crime, Internal security
A comprehensive EU approach to security
5
Lisbon Strategy
“EU: Largestknowledge-basedeconomy by 2010”
Why is R&D important for policy-making on security
EnlargementEnlargement
The candidate countries are full partners in FP6.
ERA: EuropeanResearch Area
ERA: EuropeanResearch Area
FP6, Eureka, COST, National RTD Programmes… towards a
Single Market for Research
Broadband access, e-business, e-government,
security, skills, e-health, ...
Other policiesOther policies
Single Market, Single Currency, Security of
Europeans, Sustainable Development, ...
6
R&D shall
lead to
What’s the mission of EU R&D on ICT security?
Develop knowledge & technology - understanding implications and benefits
secure, dependable, acceptable & respectful (of human rights and dignity)
systems/applications
proper assessment and evaluation
7
Today issuesPoor understanding and
awareness of risks to privacy
Influencing factors• increased “digital powers” of
Governments• globalisation &
interconnectedness• business interest in knowing
more about customers/people• opacity of data gathering vs
inefficient enforceability of law• intrusiveness of technologies:
RFID, location based, profiling, P2P, biometrics, etc.
• unprecedented exposure of users
• de facto impossibility to retain control on personal data
Today issuesPoor understanding and
awareness of risks to privacy
Influencing factors• increased “digital powers” of
Governments• globalisation &
interconnectedness• business interest in knowing
more about customers/people• opacity of data gathering vs
inefficient enforceability of law• intrusiveness of technologies:
RFID, location based, profiling, P2P, biometrics, etc.
• unprecedented exposure of users
• de facto impossibility to retain control on personal data
Ethics in the Information Society
Future objective Ethics of privacy as a key element of the Information
Society
How to go about it• socioeconomic research on
what would be “privacy” in IS• make privacy part of education
programs, training and public debate
• commercial and business conducts must adopt commonly agreed principles
• promote privacy compatible processes, products and systems
• build-in privacy mechanisms to ease “enforceability”
• Innovative R&D to ensure personal control of privacy.
Future objective Ethics of privacy as a key element of the Information
Society
How to go about it• socioeconomic research on
what would be “privacy” in IS• make privacy part of education
programs, training and public debate
• commercial and business conducts must adopt commonly agreed principles
• promote privacy compatible processes, products and systems
• build-in privacy mechanisms to ease “enforceability”
• Innovative R&D to ensure personal control of privacy.
8
FP6: between continuity and novelty
Deployment through eTENArticulation with and support to EU Policies (ENTR, MARKT, JAI, RELEX…)
eEurope 2002 + 2005,
National Events
Technology assessment & transfer
FP3 FP4 FP5
Budget35M €
Budget88M €
Projects~50
Projects67
ResultsStrategic security
frameworks
User & service requirements
PKI trials
Specifications, standardization,
certification
ResultsICT Security community
high-risk technologies, applications & processes
@@
RACE / ACTS
ESPRIT/IT
TAP
+ INFOSEC / ETS
ISIS
PASTPAST 10 years (1992-2002)
From Security of Information Systems...
NEXTNEXT 10 years (2003-2014)
...to Security in Ambient Intelligent Space
Protection of digital assets
Information infrastructure dependability & CIP
Keywords: ambient networks, nomadic people, mobile things in the environment, intermediation services, ubiquity, distributed interactive infrastructure...
Individuals and open large communities
Mobility and reconfigurability
9
Applications (e-polling, e-government, travel)E-POLL, FASME, (S_TRAVEL)
Sensor - basic technologiesSABRINA, FINGER_CARD, VIPBOB
Technology improvement and validation in applicationsBANCA, U-FACE
Socio-economic aspectsBEE
Shaping the FutureBIOVISION => European Biometrics Forum, Dublin
EU R&D on biometrics: FP5 projects
10
A total portfolio of 16 Projects– 6 Integrated Projects
BioSec, e-Justice, Inspired, Prime, Secoqc, Seinit
– 3 Networks of ExcellenceEcrypt, Fidis, Biosecure
– 6 Specific Targeted Research ProjectDigital Passport, Medsi, Positif, Scard, Secure Justice, Secure Phone
– 1 Coordination ActionSecurIST (under negotiation)
FP6 - R&D on ICT trust and security & biometrics
11
Biometrics and Security– Integrated Project– started December 2003
for 2 years – 23 partners from 9
countries
Two stages– First stage: framework
specification and early integration
– Second stage: late integration and comparison studies
Objectives• Enhance security features of
authentication elements– Performance, robustness and
aliveness detection
– Integrity and data protection
– User acceptance
• Put technology to work in real scenarios– Personal biometric storage:
tokens
– Security framework
– Scenarios: physical and remote access
– Evaluation
BioSec Projecthttp://www.biosec.org/
12
Scenarios
and applications
Review Scenarios and applications
Biometric technologies Specs
Prototypes with BioSec
technology
Current Technology
BioSec Results
BioSec interfaces
State-of-the-art technology
BioSec Technology
BioSec interfaces
BioSec technology
First Prototypes
First year
BioSec Project (2)
13
BioSec Project (3)
• Approaching the end first year• Technical achievements
– Specification of interoperability framework: sensors and storage– First prototypes: aliveness detection in fingerprint, 3D recognition, Voice
noise models, Iris recognition– Multimodal database acquisition tools– Two scenario setups:
• Network access with remote authentication• Physical access: Helsinki airport
• Dissemination achievements– BioSec Web site and Interest Group: www.biosec.org– BioSec Workshop (June 2004): 100 delegates– IST 2004 (Nov 2004) Exhibition– Contact with standardisation bodies and international organizations
14
The Network of Excellence BioSecure
• Coordinator– GET (Groupement des Ecoles de Télécommunication)– CDC (Caisse des Dépôts et Consignation)
• 29 Core Partners– Main academic actors in the field– Satisfy excellence criteria : publications, PhD, etc…– Involved in different aspects of Biometrics– With experience in evaluation campaigns
• Relations with Industrials, small companies... through a Forum of Industrial and end user partners– ST-Microelectronics, France Telecom, Bouygues Telecom,
Gemplus, OPSIS, ELRA/ELDA, ORGA, etc…
15
Objectives
• Integrate the research and infrastructures developed in different teams involved in the biometric field
• Identify and meet the scientific and technical challenges in the Biometric field
• Explore the technical and non-technical issues arising during the deployment of applications in relation with the industrials and end-users
• Facilitate dissemination and training activities
BioSecure NoE (2)
16
Sharing databases and algorithms
Creation of a virtual multimodal Database and related assessment protocols
Software integration and production of reference systems
Preparation of the first summer institute for algorithms evaluation (July 2005)
Active participation to international standardization instances
BioSecure NoE (3)
17
Research Focus:• security and dependability challenges arising from
complexity, ubiquity and autonomy• resilience, self-healing, mobility, dynamic content and
volatile environments• strategic and solid research on security and trust for
new societal applications• interoperable content and digital rights management
Key Objectives & Breakthroughs– build on EU technical and scientific excellence on
security, dependability and resilience– meet EU demands for privacy and trust– strengthen the interplay between research and
policy
The next step: S.O. 2.4.3 Towards a global dependability
and security framework
Indicative budget> 63 MEuro
------------ Call published on 19/11/2004 ------------
18
The next step: S.O. 2.4.3 Towards a global dependability
and security framework
Priority areas• integrated frameworks and technologies for
resilience, dependability and security• modelling/simulation techniques and synthetic
environments for interdependencies, recovery and continuity
• technologies and architectures for secure computing and interoperable management and trustworthy sharing of digital assets
• secure and interoperable biometrics • security and privacy technologies and
architectures for future wireless and mobile scenarios
• security assurance and certification of complex networked systems and infrastructures
• interoperable content and digital rights management
InstrumentsIPs, NoEs, STREPs, CAs
IPs, NoEs, STREPs, CAs
IPs, STREPs
IPs, STREPs
STREPs
STREPs, SSAs
------------ Work in progress ------------
19
• Identification – biometrics are based on probability assumptions, no “absolute” identification
• Performance Limitations – this bear the not negligible risks of not being applicable to some percentage of population
• Distributed Enrolment – may undermine accuracy and performance of large scale systems
• Interoperability - not yet supported by standards nor technology
Deployment of biometrics:open technology issues
20
• Security vs performance – enhancing security by very low failure rate may lead to low performances, not acceptable to users
• Availability of algorithms - no “open source” policy yet although desirable
• Scalability - no experience of large scale field trials
• Data Control - need of effective safeguards and remedial actions with respect to the risk of misuse
Deployment of biometrics:open technology issues
21
Supporting the deployment of biometrics:a Plan for Action
Motivation:– The political agenda: integration of biometrics
identifiers in visas, residence permits and European passports
– The technical state-of-the-art• diverse context specific solutions available only• problem of scalability and interoperability
– Urgent need for• Technical advise (to decision makers)• Common assessment and evaluation criteria• Exchange of information on deployment activities
22
The planbuilds upon
A Plan for Action on biometrics: the background
Internaldiscussion & consultation
External consultation workshops
Roadmap projects and studies
23
A Plan for Action on biometrics: outline
• Support for the establishment of a European Authoritative Technical Body on Biometrics
• Launching of an European Web Portal for the exchange of information on deployment activities between Member States
• Support for the creation of a European network on testing and assessment of biometric technology
Presented by Commissioner Ján Figel’ at the Conference “Biometrics for the benefit of the citizen: a European
Perspective“, Dublin 14 June 2004http://europa.eu.int/comm/commissioners/figel/speeches_media/doc/Figel_Dublin_biometrics.pdf
24
Technical Body
• Objective: To assist decision makers in taking informed decisions on issues involving biometrics (e.g. passports)
• Status– Draft Terms of Reference available– Workshops planned for near future with relevant
stakeholders (academia, industry, industrial and policy oriented fora, governmental bodies, etc.)
• Proposed outline– Network of experts: European Biometrics Expert
Group (EBEG)
25
The European Web Portal on biometrics
• Objective: To share information of large scale deployment activities (pilots, trials, etc.) among the Member States
• Status– Recent call for tender– Selection of tenderer in progress– Launching of web portal summer 2005
• Expected results– a common framework for data collection– schemes to define and evaluate trials– collection of good practices and lessons learnt
26
Assessment & Testing Network
• Objective: To establish a European network for testing and assessment of biometrics technology.
• Status– Discussion started with relevant stakeholders (centres of
excellence in testing and assessment, certification bodies, etc.)
– Plan to propose a Network of Excellence in FP6 based on open research issues in testing of biometrics.
• Expected results– a common framework for testing, assessing and
certifying biometric technology
27
Complementary activities
• Follow closely the international work on technical standards for biometrics
• Stimulate and facilitate the participation of EU industry to on-going international standardization (ICAO, ISO/IEC, etc.)
• Promote further R&D on secure and interoperable biometrics (ref. Call 4 for proposal of IST priority)
28
Web sites
IST Programme:
www.cordis.lu/ist
ICT for Trust & Security
www.cordis.lu/ist/so/dependability-security/home.html
FP5 Roadmap projectswww.cordis.lu/ist/ka2/rmapsecurity.html
PASR Consultation on new Work Programme http://europa.eu.int/comm/research/security/news/article_1571_en.html
IST helpdeskIST helpdeskFax : +32 2 296 83 88Fax : +32 2 296 83 88E-Mail : [email protected] : [email protected]