measurable security in mobile systems
Post on 21-Oct-2014
1.350 views
DESCRIPTION
The Presentation focusses on the development from current mobile networks into the future sensor-driven mobile networks. A special focus is given on security aspects, especially measurable security of systems. The presentation was given at the IDC Mobility Series 2012 in Budapest.TRANSCRIPT
Center for Wireless Innovation Norway
cwin.no
CWINorway IDC Enterprise Mobility
Budapest, Nov 2012
Measurable Security in Mobile Networks
Josef NollProf. at University of Oslo/UNIK
Member of CWI [email protected]
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Outline
! About the Center for Wireless Innovation (CWI) Norway! Mobile Network Evolution
– From People– To Things
! The way ahead: Internet of Things– connection of sensors to mobile– business decisions based on information
! Security Challenges– BYOD “bring your own device”– Be aware of the value of information– Measurable security
! Use case for – From Entertainment to Socialtainment– Sensor data fusion
! Conclusions 2
CWI
Nov 2012, Josef Noll
Center for Wireless InnovationA facilitator for industry and seven research institutions to form strategic partnerships in
wireless R&D
B3G BS
Home/Office
Car Offshore
Aggregation
SensorNetworks
SensorNetworks
SensorNetworks
SensorNetworks
Sensor NetworkAbstraction &
Monitoring
From col
laboratio
n to
collabo
rative re
search
Nov 2012, Josef NollMeasurable Security in Mobile Networks 4
Generations of Mobile Networks
1G:
1970 1980 1990 2000 2010
3G:
2G:
4G?
Mobile telephony
Mobile telephony, SMS, FAX, Data
Multimedia communication
Personalised broadband wireless services
NMT
GSM
UMTS
LTE
Service view
[adapted from Per Hjalmar Lehne, Telenor, 2000]
Nov 2012, Josef NollMeasurable Security in Mobile Networks 4
Generations of Mobile Networks
1G:
1970 1980 1990 2000 2010
3G:
2G:
4G?
Mobile telephony
Mobile telephony, SMS, FAX, Data
Multimedia communication
Personalised broadband wireless services
NMT
GSM
UMTS
LTE
Service view
[adapted from Per Hjalmar Lehne, Telenor, 2000]
tap the line, connect in
One way authentication, encryption visibility, “obscurity”
Open, modular security architecture - force 2G
IP security with heterogeneous access,
sensors
Security view
Nov 2012, Josef NollMeasurable Security in Mobile Networks
IoT paradigm• The present "Internet of PCs" will move towards an "Internet of
Things" in which 50 to 100 billion devices will be connected to the Internet by 2020. [CERP-IoT, 03.2010]
• “We are entering a new paradigm where things have their own identity and enter into dialogue with both other things and humans mediated through processes that are being formed today. [IoT Europe 2010 conf., 06.2010]
source: Gerhard Fettweis, TU Dresden
! The speed of development
stor
age
on s
ingl
e ch
ip
"Now we have roughly 5.2 Mio mobile
subscribers. In some year we will have
30...50 Mio devices on the mobile network”
– Hans Christian Haugli, CEO, Telenor Objects
2010
“In 2012 there were more devices than
people on the mobile network of Telenor”.
– Hans Christian Haugli, CEO, Telenor Objects
Nov 2012, Josef NollMeasurable Security in Mobile Networks 6[Source: J. Schaper, FI PPP Constituency Event Nice, March 2010]
Nov 2012, Josef NollMeasurable Security in Mobile Networks
The IoT technology and application domain
7
privacy
businessdecisions
reliability
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Outline
! About the Center for Wireless Innovation (CWI) Norway! Mobile Network Evolution
– From People– To Things
! The way ahead: Internet of Things– connection of sensors to mobile– business decisions based on information
! Security Challenges– BYOD “bring your own device”– Be aware of the value of information– Measurable security
! Use case for – From Entertainment to Socialtainment– Sensor data fusion
! Conclusions 8
Nov 2012, Josef NollMeasurable Security in Mobile Networks
The security challenge of the Internet
911 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
How come these guys didn’t think of that?
Source: http://www.michaelkaul.de/History/history.html
1973 Kjeller
Jon Postel
Steve Crocker
Vinton Cerf1972
“If we would have
known how Internet
developed, ...”
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Security in the Internet of Things?
10
Source: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010
Text
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Security in the Internet of Things?
10
Source: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010
Text
* context-aware, * “privacy”* personalised
Trust
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Contacts
Calendar
SMS, ...
Security challenges! Sensors everywhere
– Service Oriented Architecture
! Bring your own device (BYOD)– 30-100 devices/employee– “phone in the cloud”
! virtualisation! security, e.g. apps
11
PC, MAC, phone, tab,
pod, pad, embedded...
medical, home,
industrial sensors
Request
Service
Mobile/Proximity/Sensor services
Mobile,
Proximity,
Sensor
Internet
Service Registry
sensors
Semantic layerSemantic layer
sensors
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Measurable Security! Value of information
– Identify– Analyse– Evaluate Risk
! Measurable security– “Banks are secure”– IETF working group: Better
than nothing security– Cardinal numbers?
12
Risk Analysis &
Assessment
Cost - Benefit analysis
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Security Challenges in sensor-enabled clouds
! Security, here– security (S)– privacy (P)– dependability (D)
! across the value chain– from sensors to
services! measurable security?
13
IntelligenceOverlay
Sensors, Embedded Systems
Network
Cloud services
challenge:physics
challenge:physics
Is made byCould be
can be composed
System Components and functionalities
SPD Components, SPD functionalities
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Base of knowledge
SPD Metrics specification
Factors to be considered
•Elapsed Time•Expertise•Knowledge of functionality
•Window of opportunity•Equipmentwith
Essential to build
Factor Value
Elapsed Time
<= one day 0
<= one week 1
<= one month 4
<= two months 7
<= three months 10
<= four months 13
<= five months 15
<= six months 17
> six months 19
Expertise
Layman 0
Proficient 3*(1)
Expert 6
Multiple experts 8
Knowledge of functionality
Public 0
Restricted 3
Sensitive 7
Critical 11
Window of
Unnecessary / unlimited access
0
Easy 1
Moderate 4
Difficult 10
Unfeasible 25**(2)
Equipment
Standard 0
Specialised 4(3)
Bespoke 7
Multiple bespoke 9
where
14
System Functionality
SPD system
Attack scenariosSPDlevel
SPD attributes
SPD threats
Calculated attack potential
Minimum attack potential value to exploit a vulnerability
= SPD value
[source: Andrea Fiaschetti, pSHIELD project, Sep 2011]
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Outline
! About the Center for Wireless Innovation Norway! Security in Mobile Networks
– Privacy– Dependability
! The way ahead: Internet of Things– connection of sensors to mobile– business decisions based on information
! Security Challenges– BYOD “bring your own device”– Be aware of the value of information– Measurable security
! Use case for – From Entertainment to Socialtainment– Sensor data fusion
! Conclusions 15
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Use case:SPD in heterogeneous systems
! Nano-Micro-Personal-M2M Platform – identity, cryptography,
dependability! SPD levels through overlay
functionality– answering threat level– composing services
! Policy-based management– composable security
! Integration into Telecom Platform– from information to business
decisions
16
Nov 2012, Josef NollMeasurable Security in Mobile Networks
The IoT ecosystem
! Creating business– openness, competitive– climate for innovation
! Public authorities– trust, confidence– demand
! Consumers– (early) adapters– education
! Infrastructure– broadband, mobile– competition
17
Academiaresearch,education
PublicAuthoritiesdemand
Entrepreneursideas
Consumersadaptation Business
climate:market
Sensorproviders
IoT - BusinessEcosystem
infrastructure:broadband,
mobile
Creativeprogrammers
software
Trust ?
Nov 2012, Josef NollMeasurable Security in Mobile Networks
40
50
60
70
80
90
100
Tyrk
iaRo
man
iaHe
llas
Bulg
aria
Portu
gal
Kypr
osKr
oatia
Italia
Mal
taLi
taue
nPo
len
Unga
rnSp
ania
Latv
iaSl
oven
iaTs
jekk
iaIrl
and
EU s
nitt
Øst
erik
eEs
tland
Fran
krik
eBe
lgia
Slov
enia
Tysk
land
Stor
brita
nia
Finl
and
Danm
ark
Luxe
mbo
urg
Nede
rland
Sver
ige
Norg
e
Isla
nd
% of people used the Internet
Internet usage across Europe
18
[Robert Madelin, Directorate-General for Information Society and Media, EU commission, Aug 2010]
* “use of IT in a proper way can increase effectiveness with 30-40%”* “we are good in technology development. But access to venture capital is bad in Europe as compared to the USA”.[Aftenposten, 3. October 2011] [email protected]
EU73,7%
IS95,1%
NO94,8%
SE93,2%DK
90,7%
HE47,5%
IT58,8%
Nov 2012, Josef NollMeasurable Security in Mobile Networks
Internet service usage
19
0
30
60
90
Private
homes
with broad
band
Wireles
s PC
used
outside o
f home
Intern
et Ban
king
Online
conta
ct
to public
servi
ces
eCommerc
e
- boug
ht
404136
13
6171
7784
39
83
121663
41
GreeceNorwayEU-average
Priv
ate
hom
es
with
bro
adba
ndW
irele
ss P
C us
ed
outs
ide
of h
ome
Inte
rnet
Ban
king
Onlin
e co
ntac
t
to p
ublic
ser
vice
seC
omm
erce
- bou
ght
Nov 2012, Josef NollMeasurable Security in Mobile Networks 20
Conclusions
• The mobile system is evolving– bring your own devices, heterogeneity– from sensors to business decisions
• Building the IoT architecture– Cross-layer intelligence & knowledge – Accounting for security
• Measurable security– Metrics describing threats– Overlay description for system of systems
• Building the Ecosystem– Human perspective: trust, privacy, context– Security based on measures of components,
attacks and human interaction
The world is wireless
CWI
Nov 2012, Josef Noll
My special thanks to • JU Artemis and the Research
Councils of the participating countries (IT, HE, PT, SL, NO, HU, ES)
• Andrea Fiaschetti for the semantic middleware and ideas
• Inaki Eguia Elejabarrieta,Andrea Morgagni, Francesco Flammini, Renato Baldelli, Vincenzo Suraci for the Metrices
• Przemyslaw Osocha for running the pSHIELD project, Luigi Trono for running nSHIELD
• Sarfraz Alam (UNIK) and Geir Harald Ingvaldsen (JBV) for the train demo
• Zahid Iqbal and Mushfiq Chowdhury for the semantics
• Hans Christian Haugli and Juan Carlos Lopez Calvet for the Shepherd ® interfaces
• and all those I have forgotten to mention
21