400 likes | 575 Views
French (Network) Security Research Activities Serge Fdida University Paris 6 & CNRS Contributions from Michel Riguidel (ENST) French/Japanese Joint Symposium on Computer Security Tokyo – September 2005. Research activity on Security in France was quite fragmented Some strong communities
E N D
French (Network) Security Research Activities Serge Fdida University Paris 6 & CNRS Contributions from Michel Riguidel (ENST) French/Japanese Joint Symposium on Computer SecurityTokyo – September 2005
Research activity on Security in France was quite fragmented Some strong communities Cryptography (Research Action “ACI”) Proof & Formal methods Dependability, Reliability Industrial / Gov interests Limited public funding Security (at large) not recognized as a noble area and found to be limited in scope! Lack of programs in Education Background
Security is multidisciplinary, Incentives to bring researchers into this area Expose this area as a priority Initiatives launched in 2003 : ACI (Joint Incitative Research Action) – Ministry of Research/INRIA/CNRS Head by Claude Kirchner RNRT (National Research Network in Telecommunications) – special focus Monitored by Michel Riguidel (ENST) Strong link with Europe IST FPs STIC/Asia Program Expert Committee on Security at CNRS Background (2)
Homeland (Defense) Critical Infrastructures (semi public, semi private) Trust to fight against cyber terrorism, strong cybercriminality Safety, Security, Dependability Crisis management, public awareness Resilience Cybersecurity (public, private) Trust to fight against hackers, cybercriminality, espionage, etc Security, Dependability Privacy Resilience Security Targets
Critical infrastructure protection Large scale complex systems (ICT + physical infrastructure) with interdependencies: Electricity power, water supply, networks, etc We need robust and resilient infrastructures to reduce vulnerabilities Security of Smart spaces or Ambient Intelligence Pervasive and ubiquitous computing Electronic devices, sensors : disseminated, not supervised We need to introduce ambient security Global Localization Information, Global Identification Emergence of new security challenges
Networked communication systems (self-x architectures) Self organizing networks, architectures of Internet caches & mirrors, DNS-Sec, Self healing architecture, privacy in mobile networks Grid security Reconfigurable distributed organization to provide a service Spontaneous real time organization We need To secure the grid (components & infrastructure) To be protected from malicious grids (ethical computations) Content protection Video distribution, DRM, … Require Fundamental research Application & Test-Beds (measurement, honeyspots, …) Emergence of new security challenges (2)
http://www.telecom.gouv.fr/rnrt/index.htm RNRT Security Call For Projects in 2005
Created in 1998 Fund 212 projects, 200 M€, Cost 440 M€ Funding to launch calls in the area of Telecommunications and Networking Joint projects : Industry, Academia, SMEs Budget of about 30Me for 2005 Peer with RNTL (Software), RIAM (Multimedia) Linked with ARA SIASE (C. Kirchner) RNRT
The 2005 Call for Projects addresses the new practices & modern approaches in Security Security of software & Content Distribution Digital Rights Management, Intellectual Property Rights, … Security of New Architectures & Paradigms Grids, P2P, Ad-hoc, … ”Just-in-Time” Security Downloading patches, weekly or daily Software upgrades, reconfigurability Security Crisis Management Security (1)
The Call for Projects is focused on security of Complex Systems or Infrastructures With heterogeneous technologies Taking into account non functional properties (mobility, interoperability, flexibility, …) Infrastructures, Networks, Very Large Information Systems Networks & Information Systems (enterprise, personal) Multimedia Content Security (2)
IT networks Internet, WiFi, Enterprise LANs, Bluetooth, RFId, Sensors, … Telecom Infrastructures Satellites constellations, telecom networks, mobile networks (GSM, GPRS, UMTS, WiMax) Broadcast networks (TV, Radio) Content protection, digital movies … (trust digital chain) Information Systems Government, Enterprise, Home & Personal Networks Security (3)
Security Functions’ point of view Identity of a physical person biometry, with trusted personal entity – smart cards, etc Authentication with digital signature, labeling or watermarking Audit facts accountability, personal accountability, traceability Management of rights, privilege, etc Authorizations with security policy Security Management tools administration, overall assessment of the security assurance level Security (4)
Follow-on of the ACI Security Presentation by Claude Kirchner … ARA SIASE
National / European projects French academic & Industry are largely involved Integrated Projects Networks of Excellence STREPs Security in FP6 Security in FP7 Europe
NoE FP6 - ECRYPT : Cryptography, J Stern (LIENS). INRIA. IP FP6 - SEINIT : Network Security. M Riguidel (LTCI) head of the project IP FP6 - SECOQC : Quanta cryptography. Philippe Grangier (CNRS, Laboratoire C Fabry de l’Institut d’Optique) and M Riguidel involved IP FP6 - PRIME : Privacy (Privacy) and Identity management. Y Deswarte (CNRS) and R Molva (GET) involved. IP FP6 - e-JUSTICE : Common secured exchange platform for administrative information's. R Molva (GET). IP FP6 – INSPIRED : Personal data authentication. INRIA involved. NoE FP6 – Biosecure : Biometry (GET). Europe FP6 – some examples
To define, develop, teach, test and prepare the deployment of a complete and innovative system to improve security of the communities and the privacy of the bearers, and to provide interoperable keys to digital information. Research on security will focus on smart identity cards, on-chip combined biometrics, cryptography and PKI interoperability, and rights management. Eurecom, Thales, Greffe Tribunal Paris e-JUSTICE : Towards a global security and visibility framework for Justice in Europe
To specify and develop a new generation of secure portable devices called Trusted Personal Device (TPD), addressing the main requirements for trust and security of the information society The TPD technology can provide devices that will combine a fully integrated security architecture (HW, SW, OS, communications…) with ultra-portability, low-cost, and advanced networking and mobile communication features. INRIA, Gemplus, Schlumberger, … INSPIRED : Integrated Secure Platform for Interactive Personal Devices
To research and develop approaches and solutions for privacy-enhancing identity management, The project will address foundational technologies (human-computer interface, ontologies, authorisation, cryptology), assurance and trust, and architectures. Application scenarios, including on-line healthcare systems, location based services, privacy preserving customer databases, anonymous access to infrastructure for mobile workers, privacy enhancing ambient intelligence. IBM fr, LAAS-CNRS, Eurecom PRIME : Privacy and Identity Management for Europe
To promote the early adoption of Automated Travel Document Control and Risk Assessment systems during the various phases of the travel, including the border control, Technologies such as advanced biometrics, contactless chip circuits, digital certificates and scoring systems to both automate the flow of no-risk passengers and allow detecting potential risky ones, France Telecom, Gemplus, Sagem s-BORDER : Privacy respectful and threat tuneable traveller smart monitoring system
To specify, design and validate the feasibility of an open Quantum Key Distribution (QKD) infrastructure dedicated to secure communication as well as to fully develop the basic enabling technology. The S&T objectives are: to design physical devices ready to allow applicable Quantum Key Distribution University Nice, Thales, Laboratoire d’Optique, ENST SECOQC : Development of a Global Network for Secure Communication based on Quantum Cryptography
To ensure a trusted and dependable security framework, ubiquitous, working across multiple devices, heterogeneous networks, being organization independent (interoperable) and centered on the ambient intelligence around an end-user. The project will explore new security models and build the architecture and components to address the nomadic, pervasive, multi-players communicating world (IPv6) Thales, ENST, 6Wind SEINIT : Security Expert INITiative
To ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in these areas. 35 leading players will integrate their research capabilities within 5 virtual labs focused on : symmetric key algorithms, public key algorithms, protocols, implementation, watermarking. These labs will advance the state of the art in their domains and develop common tools, ENS, Gemplus, Cryptolog, CNRS ECRYPT : European Network of Excellence in Cryptology
A proposal for Strategic Objectives of the FP7 : “embracing all the security paradigms of the past 30 yrs and the next 10 years” Security, Trust & Dependability of the new pervasive digital landscape & ambient intelligence Infrastructures of the digital urbanization Interdependencies, survivability, robustness, resilience, maintenance of trust Massive passive and low-energy wireless autonomous computers (RFIds, etc) Peer to peer and new spontaneous architectures (grids…) Security of distributed virtual operating systems embedded systems & end-user terminals Security of hardware (smart cards, low energy, …) Security of new nanokernels & operating systems Security in FP7
Privacy of European citizens with a set of profiles of virtual identities Biometry, personal attributes History elements (Tracing activities to be checked, that can be deactivated) And with trusted personal entities Security of complex and/or massive computing & services & data & knowledge Large databases, web services, semantic web Grids of computations Distribution of content, mobile code Virtual communities Security in FP7 (con’t)
Babel Tower : Security Management Thanks How to secure & to manage the security infrastructure ?
CNRS STIC Presentation
Around 26 000 employees of whom 11 600 are researchers 14 400 are engineers and administrative staff 1 170 research units (85 % are associated with universities) An annual budget of 2,6 billion euros Key elements
(for 2006) Board of Trustees President National council on scientific research Strategic Planning Mission Scientific department - MIPPU - 1 General Director Regional Director IDF Scientific department C - 2 General Scientific Director Regional Director NE General Secretary And DRH Scientific department V - 3 Scientific department - HS - 4 Regional Director NW Deputy General Secretary Regional European International Director Transversal Department EDD – 1 Regional Director SE Transversal Department I – 2 Regional Director SW Director of industrial and technology transfer Institute – IN2P3 - 1 Communication director Institute - INSU - 2
The STIC Department http://www.cnrs.fr/STIC/
Universities INRIA (The French national institute for research in computer science and control CEA (Atomic Energy Commission) GET (Education et Research in Information and Communication Technologies) etc. Our partners
CNRS researchers 813 Researchers from other organizations 326 5334 Permanent university staff 4195 Ph.Ds. 4778 Post-docs 321 5099 CNRS engineering and administrative support staff 809 from organizations3531746 from universities584 TOTAL 12 179 Staff in the STIC LabsMay 2005
Regional centers Lille Lens Valenciennes Amiens Compiègne Rouen Metz Strasbourg Ile de France Nancy Lannion Brest Troyes Brest Main centers Le Mans Orléans Belfort Vannes Dijon Angers Tours Besançon Nantes Secondary centers Poitiers Lyon Saint-Etienne Grenoble Bordeaux Nice Avignon Montpellier Toulouse Marseille
Resources 23 M€ total budget (excluding salaries) 30 to 35 new permanent research positions per year 40 new engineering and administrative positions per year 16 short-term positions (typically 3 years) 40 post-doc positions (1 year) 40 Ph.D. grants 60 research positions for university staff
114 laboratories 9 federations + 14 joint laboratories with industry 10 international laboratories Research units
International priorities of STIC department • Europe • Asia • China • India • Japan • North America
Main International Institutional Cooperation Russia 1 common lab 1 twinning program 1 scientist exchange program North America International common lab Georgia Tech (Atlanta) Scientist exchange program European communauty 2 european associated laboratories Switzeland and Belgium Japan LIMMS/CIRMM 2 Common labs JRL (project) 1 Scientist exchange program Asia Outside Japan 3 commons labs IPAL : Singapore LIAMA : China MICA : Vietnam 1 Scientist exchange program Central America 2 Associated Laboratoratories LAFMI LAFMAA 3 years term Australia 1 scientist exchange program Information and Communication Sciences and Technologies
Partnerships in Japan JRL : Joint Robotic Laboratory AIST: National Institute of Advanced Industrial Science and Technology with CNRS ISRI : Intelligent Systems Research Institute with STIC LIMMS : Laboratory for Integrated Micro-Mechatronic Systems IIS : Institute of Industrial Science, The University of Tokyo CNRS CIRMM : Center for International Research on Micro-Mechatronics IIS : Institute of Industrial Science