Cybersecurity - mess@ge The magazine for telecom insiders - Social versus professional Internet
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
3/2013
mess@ge
The magazine for telecom insiders
NEWS
i l d
includes
Cybersecurity
The Kennedy Perspective
Social versus
professional Internet
Events
ICT 2013 in Vilnius
European Issues
Horizon 2020
EURESCOM mess@ge
Celtic-Plus Event
Co-located with WIMA 2014
Monaco, 23 – 24 April 2014
Hosted by the Principality of Monaco, WIMA Monaco, the international Highlights of the programme and the new Celtic-Plus research
conference for NFC & Proxy Solutions, and the Celtic-Plus Event 2014 will areas are in particular:
organize their events at the same location in Monaco. ■ New service challenges
■ Get connected (telecommunications infrastructure challenges)
From 23 to 24 April 2014 the 9th Celtic-Plus Event will be organized at ■ Internet of Things and Smart City concepts
the Grimaldi Forum in Monaco. ■ Cloud services
■ Sensor-based networks
A co-located exhibition area, open to attendees from both events, will high- ■ E-Health
light synergies and offer new insights between Celtic-Plus research proj- ■ High-level views on future challenges from industry perspective
ects and the ready for market solutions and use cases presented at WIMA, ■ Future Internet
in areas such as mobile payment, transport, healthcare, marketing, retail, ■ Green-ICT, CleanTech, Smart Grids
access-control and ID management. ■ Inter-disciplinary challenges for a better, cleaner, energy-efficient world
■ New approaches towards Horizon 2020
Interested researchers and high-level managers from industry and public
authorities are invited to attend. The number of participants is limited to Heinz Brüggemann
200. Director Celtic Office
www.celticplus.eu
Funding Opportunity for European R&D Projects
Celtic-Plus Spring Call for Proposals – Deadline: 15 May 2014
Celtic-Plus is a EUREKA Cluster dedicated to realising the vision of a Green-Internet relations
smart connected world through an industry-driven R&D programme. ■ Consider environmental issues in ICT
There are two calls per year, in spring and in autumn, with a total fund- ■ Encourage better energy efficiency
ing of up to 100 million euro. The funding is orchestrated via the Celtic- ■ Consider Smart Grid, Water management & ICT
Plus programme and provided by Public Authorities from 47 EUREKA ■ Develop multi-disciplinary approach
member countries.
User friendly call process
Eligible topical areas The Celtic-Plus programme gives proposers the opportunity to submit
proposals twice in the year – Spring Call and the Autumn Call. The Spring
Get Connected
■ Infrastructure and connectivity aspects
Call submission deadline is 15 May 2014. Celtic-Plus has an acceler-
ated one-stage call process to ensure the shortest possible time between
■ Fixed/Wireless, optics, energy-efficiency
proposal submission and start of selected projects.
■ Network architecture, autonomic networks
Celtic-Plus proposals should be complete and clearly present the technical
While Connected
objectives, timescales, participants, manpower, and expected results. These
■ End-to-end services and applications, like
proposals are evaluated by independent evaluators and the proposals
■ Digital home, digital enterprises
meeting the required standards will be retained and given the Celtic-Plus
■ Digital City (incl. digital school, digital transport)
label. To be eligible for funding, project partners need to be located in
■ E-Health
EUREKA member countries.
■ Security, privacy, identity
Further information
Future Internet relations Please visit the Celtic-Plus website at www.celticplus.eu for call details and
■ Complement Future Internet (FI-PPP) program by the Celtic-Plus Purple Book for details on the R&D priorities of Celtic-Plus.
■ Making the Internet a high-quality service platform For further information, please contact Heinz Brüggemann, director of the
■ Introduce the ‘Celtic-Plus Use-Case Factory’ Celtic Office, at brueggemann@celticplus.eu
■ Extend the program by additional use cases not covered in the
FI-PPP program
■ Contribute to future internet capacity building and test cases/
platforms
www.celticplus.eu
2 Eurescom mess@ge 3/2013
EDITORIAL
Dear readers,
In May 2013, former NSA contractor Edward In the introductory article, Milon Gupta and the major features of the new programme in a
Snowden started revealing secrets on the mas- Anastasius Gavras give an overview on cyber- dedicated article by Uwe Herzog.
sive surveillance of global communications net- security. In an exclusive interview with Eurescom This issue also includes a variety of further ar-
works by the NSA and other national intelligence mess@ge, IT security expert Joachim Posegga ticles on different, ICT-related topics. See, for ex-
organisations. Ever since, the question of how explains why the Internet is a glass house and ample, the new opinion article by Eurescom di-
citizens and organisations can protect their data what this means for the security of individuals rector David Kennedy in his column "The
against snooping has received widespread atten- and organisations. The next article present secu- Kennedy Perspective" on the difference between
tion. Protection against surveillance activities of rity solutions for future communication networks, the social and the professional Internet. Or read
intelligence agencies is, however, only one of the which are currently developed by a strong indus- the latest "A bit beyond" article and learn about
many facets of cybersecurity. try consortium in Celtic-Plus project SASER. what happens in the area of digital money.
Already in spring 2013, the editorial team had These cover theme articles can only provide a My editorial colleagues and myself would ap-
planned to make cybersecurity the cover theme glimpse of the manifold developments in the area preciate your comments on the current issue as
of the current issue. This was triggered by the of cybersecurity. Nevertheless, we hope that the well as suggestions for future issues.
EC’s presentation of its cybersecurity strategy in contributions give you some useful insights on
February. At that time, cybersecurity did not get the topic.
too much attention. This changed due to The other main topic in this issue is the Euro- Milon Gupta
Snowden’s revelations, and there is now political pean Union’s new framework programme for re- Editor-in-chief
pressure to develop European solutions to make search and innovation, Horizon 2020, which was
network infrastructures more secure. Eurescom officially launched at the ICT 2013 event in Vil-
mess@ge would like to contribute to this neces- nius, Lithuania. In addition to the event report by
sary debate, highlighting some issues and solu- Milon Gupta and Peter Stollenmayer, we present
tions.
Eurescom mess@ge 3/2013 3
EURESCOM mess@ge
Headline
Events calendar
Subhead
24 – 27 February 2014 23 – 24 April 2014
Mobile World Congress 2014 Celtic-Plus Event
Barcelona, Spain Co-located with WIMA 2014
http://www.mobileworldcongress.com/ Monaco
http://www.celticplus.eu
10 – 14 March 2014
CeBIT 2014 5 – 10 September 2014
Hanover, Germany IFA 2014
http://www.cebit.de/en/CeBIT-2014 Berlin, Germany
http://b2b.ifa-berlin.com/en/
18 – 20 March 2014
Future Internet Assembly 17 – 18 September 2014
Athens, Greece 2nd European Conference on the Future Internet –
http://ec.europa.eu/digital-agenda/en/future-internet-assembly ECFI
Munich, Germany
2 – 3 April 2014 http://www.ecfi.eu
1st European Conference on the Future Internet –
ECFI
Brussels, Belgium
http://www.ecfi.eu
Sn@pshot
Heating via wrist
© Photo: Alper Bozkur, NC State University
© Source: Wristify
Wristify is a bracelet that allows its wearers to control their comfort. Wristify was developed by four members of the Materials
individual thermal levels through highly localized and rapid Science & Engineering department at the Massachusetts Institute
cooling or heating. The Wristify prototype delivers pulsed thermal of Technology (MIT).
waveforms to the user’s wrist to influence perceived thermal Further information: http://wristifyme.com
4 Eurescom mess@ge 3/2013
CONTENTS
Contents
3 Editorial
4 Events calendar
4 Sn@pshot
Cybersecurity
THE KENNEDY PERSPECTIVE 6 Social versus professional Internet
COVER THEME Cybersecurity
7 Cybersecurity – An overview
8 Interview with ICT security expert Joachim Posegga
10 Security solutions for future communication networks –Celtic-Plus project SASER
Celtic-Plus News NEWS
C1 Editorial
C2 Co-located Celtic Event and WIMA in Monaco
C2 About WIMA Monaco 2014
C3 Views from the Monaco Public Authorities
Project Highlights:
C5 SPECTRA
C7 OPERA-NET+
C8 Imprint
C8 About Celtic-Plus
EVENTS 12 New horizons for Europe – ICT 2013 in Vilnius
14 Joining forces for Horizon 2020 – Launch of new
European Technology Platform by Net!Works and ISI
16 Implementing the Future Media Internet – NEM Summit in Nantes
EUROPEAN ISSUES 18 Horizon 2020 – Fostering innovation and simplifying participation
NEWS IN BRIEF 20 EU-wide poll on science and technology ++ Top500 supercomputer
rankings ++ Web Index Report 2013
A BIT BEYOND 22 Paying with bits – The rise of digital money
Imprint
EURESCOM mess@ge, issue 3/2013 (December 2013)
ISSN 1618-5196 (print edition)
ISSN 1618-520X (Internet edition)
Editors: Milon Gupta (editor-in-chief), Peter Stollenmayer, Anastasius Gavras, Uwe Herzog
Submissions are welcome, including proposals for articles and complete articles, but we reserve the right to edit. If you would like to contribute,
or send any comments, please contact:
Eurescom mess@ge · Wieblinger Weg 19/4 · 69123 Heidelberg, Germany
Phone: + 49 6221 989–0 · Fax: + 49 6221 989–209 · E-mail: message@eurescom.de
Advertising: Luitgard Hauer, phone: +49 6221 989–405, e-mail: hauer@eurescom.eu
Eurescom mess@ge is published three times a year. Eurescom mess@ge on the Web: www.eurescom.eu/message
© 2013 Eurescom GmbH. No reproduction is permitted in whole or part without the express consent of Eurescom.
Eurescom mess@ge 3/2013 5
T H E K E N N E DY P E R S P E C T I V E
Social versus professional Internet We will not be able to say to any individual: no
you cannot have sufficient bandwidth for your
remote medical application, as there are a group
Why they are different and how to reconcile them of 12 year olds wanting to watch videos of funny
cats at this time. Sorry guys, but clearly all bits
are not equal.
I am coming to the conclusion that we will
soon need to recognise that the Internet must
Changing requirements and expectations become a two tier structure where there is the
social communications provided on a best effort
What has slowly happened over time is that our basis and a professional Internet where commu-
needs and expectations have changed. We are nications are provided under Service Level Agree-
David Kennedy now asking why my Internet access does not ments (SLAs) that determine minimum perfor-
Director of Eurescom work perfectly all the time. Why am I paying for mance levels for the services.
kennedy@eurescom.eu “up to X Mb/s” rather than a guaranteed X Before I get spammed to death by the Internet
Mb/s. Even then we are moving away from actu- purists, you must realise that this is not new – for
ally caring about the Mb/s as long as our apps years companies have been leasing lines to have
At the core of the endless controversy about and services work as we expect them to. private data networks as performant as they re-
net neutrality and Internet service limita- This new idea of satisfying customers by pro- quire and totally secure as they were not part of
tions is a dichotomy that has been largely viding an agreed quality of experience will the shared infrastructure. This has in many cases
neglected so far: it is the difference between probably be the basis for changing the provider evolved to the use of VPNs (Virtual Private Net-
the social Internet and the professional In- business models and customer contracts in the works) within shared resources but with reserved
ternet. We need to understand and accept future. capacity.
this difference in order to address it in a way I have listened to Internet gurus for years now The only evolution necessary from this to the
beneficial to providers, users, and society. insisting that Internet traffic is sacred and any professional Internet as I see it will be the active
moves to manage or control the traffic would be management of the Internet, and the nodes with-
The social Internet breaking the concept and neutrality of the Inter- in it, to ensure the configuration of the infrastruc-
net. I don’t disagree with this, but I cannot recon- ture is the best possible to have efficient opera-
Karl Marx argued that human beings are intrinsi- cile it to providing guarantees of service to all tions and meet the promises made to the
cally social beings who cannot survive and meet Internet users in the future. I am assured by customers in the SLAs.
their needs other than through social co-opera- “experts” that such guarantees can be provided Luckily SDNs and NFV are arriving now to help
tion and association. The advent of the Internet by increasing the capacity of the infrastructure us achieve this, but we are still missing vital parts
has allowed us to interact and associate in ways and they are right too. of the picture. What are the Inter-Internet service
that were never foreseen even one generation However, what they neglect to consider is that provider agreements needed to share the con-
ago. infrastructure has a real cost of provision and straints of the SLAs and ensure the end-to-end
Today it is technologically simple to remain in operation. At some point in time, if the costs of experience is as expected? How are the SLA
contact and informed about your friends and operation exceed the revenue being generated, parameters supported and shared between the
their activities, your business interests, your sur- then the operator goes out of business. The in- domains to ensure end to end performance?
roundings and your points of interest wherever stant reply is that the operators need a new busi- These are not trivial problems and professional
you or they may be – but it is hard to have this all ness model – and I love the innocence of that users of communications services will soon be
the time and everywhere in practice. We can reply. Clearly none of the future services and driving us hard to meet their demands.
now watch TV, shop, listen to music and do lots apps will work without an infrastructure, and if it
of other exciting things as long as our peers are is not economic to provide and operate such an The inclusive digital society – for work
not consuming too much of the shared resources infrastructure, then no one will do it. and play
that is the Internet. But we should not get depressed – let us
This exposure to communication and informa- assume that low cost Internet access will pay for If we take this idea further into the future, we can
tion is also feeding on our collective needs for a reasonable best effort Internet infrastructure foresee that there will be two parallel business
approval and respect for our actions from our and turn our thoughts to the customers who models supporting Internet provision: one based
peers. We like it when our friends “like” what we want more. on a possible maximum rate in a best effort
like. It is also documented that the fastest shared resource and the other based on a guar-
spreading emotion in the Internet is anger, so The professional Internet anteed rate in a managed but also shared
obviously we really like to dislike what our friends resource.
and peers dislike. The point is that current gen- The new generation of customers will be the The professional users who place most value
erations have the virtual presence of their friends people and the organisations who want guaran- on availability and reliability will be happy know-
with them all the time in a way that the previous teed availability, reliability and throughput from ing they get what they pay for, and the societal
generations cannot understand. their data and communications services. These users who are tolerant of performance deviations
This is the social Internet, and it has func- are the up and coming professionals, probably will be happy that they pay for what they get.
tioned very well as a non-critical best effort infra- Cloud Service users, who demand 99.999% What cannot succeed in the long term is that
structure for our communications. The key point availability and reliability when accessing their we keep pretending that a social Internet can be
being that we do not expect it to be perfect and digital work and life in the Cloud. There will also the professional Internet, as this assumes that
we are generally understanding of delays, inter- be societal bodies demanding such quality infra- providers and operators are working on an altru-
ruptions and generally poor performance. structures for medical, education, security and istic non-profit model, and we all know that the
many more applications. survivors will be the ones with viable commercial
models and happy customers.
6 Eurescom mess@ge 3/2013
Cover Theme: Cybersecurity
Cybersecurity – An overview
tutions falls into the area of cyber crime. Next in More recently ENISA, the European Union
terms of volume is probably hacktivism, meaning Agency for Network and Information Security, has
cyber attacks motivated by political reasons. Cy- conducted many studies only to conclude that the
ber warfare and cyber espionage can be consid- cybersecurity strategies across Europe and glob-
Milon Gupta ered small in volume but considerable in terms ally differ significantly. There is a major effort un-
Eurescom of potential impact. derway to analyse these strategies and identify
gupta@eurescom.eu Now that we defined the scope of cyber the common elements that could potential lead to
threats, let us have a look at what cybersecurity an agreement at European level.
really means. In February 2013, the European Commission
and the High Representative of the Union for For-
What is cybersecurity anyway eign Affairs and Security Policy presented their
proposal for a European cybersecurity strategy
The term cybersecurity came up in 1994, when (see Eurescom mess@ge 1/2013). The proposed
Anastasius Gavras the Internet was still in its infancy. By that time cybersecurity strategy is based on five "strategic
Eurescom there had already been a few Internet incidents priorities": 1. Achieving cyber resilience, 2. Drasti-
gavras@eurescom.eu including malware that appear relatively harm- cally reducing cybercrime, 3. Developing cyberde-
less in comparison to what we are facing today. fence policy and capabilities related to the Com-
The Merriam Webster dictionary defines cyberse- mon Security and Defence Policy (CSDP), 4.
Cybersecurity has gained central impor- curity as “measures taken to protect a computer Develop the industrial and technological resourc-
tance for the functioning of our society in or computer system (as on the Internet) against es for cybersecurity, 5. Establish a coherent inter-
the digital age. In developed countries there unauthorized access or attack.” national cyberspace policy for the European
is almost no area of production, consump- ITU-T offers a more detailed, but also much Union and promote core EU values.
tion, transportation, and information stor- wider definition: “Cybersecurity is the collection These priorities in their general form are prob-
age and sharing that is not directly or indi- of tools, policies, security concepts, security safe- ably agreeable to most Member States, but when
rectly dependent on networked information guards, guidelines, risk management approach- it comes to translating them into concrete action,
and communication systems. In parallel to es, actions, training, best practices, assurance fundamental differences occur. Thus, not surpris-
the growing dependency on networked digi- and technologies that can be used to protect the ingly, since the EU cybersecurity strategy was pre-
tal systems, the variety and quantity of cy- cyber environment and organization and user’s sented, there has not been much progress among
ber-threats has rapidly increased. In this assets.” According to ITU-T these assets include Member States in agreeing on the adoption of the
article we will explore the different aspects “connected computing devices, personnel, infra- suggested EU-wide security policies.
of cybersecurity as well as the challenges, structure, applications, services, telecommunica-
approaches and solutions for maintaining it. tions systems, and the totality of transmitted The price of cybersecurity
and/or stored information in the cyber environ-
Rising security threats ment.” One aspect that has been mostly neglected in
public debates on cybersecurity is the fact that it
According to Symantec’s “Internet Security Approaches to achieving cybersecurity comes at a price. Built-in security of devices and
Threat Report 2013”, threats to online security networks can be expensive and has thus been of
have grown considerably. The report particularly ITU-T defines three general security objectives for secondary priority in the deployment of informa-
highlights constant innovations from malware information and communication systems: avail- tion and communication technologies. ICT com-
authors in areas like cyber-espionage and indus- ability, integrity, and confidentiality. These objec- panies have been developing and deploying sys-
trial espionage as well as malware and phishing, tives can be pursued on different levels: the level tems and networks with the functional
which permanently raise the bar for cybersecurity of the individual user, the level of individual or- requirements in mind, and only when everything
efforts. Furthermore, traditional threats have ex- ganisations, the national level, and the multina- was working, they considered how to secure these
panded into new areas. In particular, social me- tional level. systems and networks.
dia and mobile devices have come under in- Since the mid-1990s, government bodies like Not only companies and public institutions, but
creasing attack recently, while spam and phishing the UK’s British Standards Institution, Germany’s also users shy away from investing effort and
attacks via traditional routes have fallen. BSI (Bundesamt für Sicherheit in der Informa- money into protecting the integrity of their com-
Despite the huge public attention that cyber tionstechnik – federal office for security in infor- munication. Most people do not use encrypted
espionage received after the scope of snooping mation technology) as well as major international communication, as it is inconvenient and requires
by the NSA and other intelligence agencies came standards organisations like ISO and ITU-T have time-consuming effort. In any case, expecting us-
to light in 2013 after Edward Snowden’s revela- been working on ICT security topics, ranging ers alone to handle the huge cybersecurity threats
tions, it can be safely assumed that cyber espio- from cryptographic protocols, security architec- would be unrealistic. However, protection against
nage is the smallest type of cyber threats in tures, to best practices to protect information and cybercrime could certainly be increased through
quantitative terms. The largest share of cyber at- communication systems. better education of users and the implementation
tacks on individuals, companies and public insti- of basic safeguards.
Eurescom
E
Eur
Euresc
u escom
esc
scom
o me
mess@ge
mes
e s@ge
g 3/2
3
3/2013
0
013 7
Cover Theme: Cybersecurity
For all organisations, both public Further information:
and private, implementing state-of- ■ Symantec’s “Internet Security Threat Report
the-art security solutions should be- 2013”
come a high priority, despite the cost http://www.symantec.com/about/news/
and effort. Waiting for European or release/article.jsp?prid=20130415_01
even global cybersecurity measures ■ ENISA website
to take effect appears at the moment http://www.enisa.europa.eu/
too optimistic and might come at a ■ The EU cybersecurity strategy – Why Europe
higher price than implementing secu- needs a more concrete plan, by Milon Gupta,
rity solutions right now. Eurescom mess@ge 1/2013
In view of the importance of ICT http://www.eurescom.eu/news-and-events/
infrastructures for our society, we eurescommessage/eurescom-
need to invest more into research messge-1-2013/the-eu-cybersecurity-strategy-
and development of cybersecurity why-europe-needs-a-more-concrete-plan.html
solutions. In addition, national gov- ■ Special Eurobarometer Report 404: Cyber
ernments and the EU need to put the Security. European Commission, November
agreement and implementation of a 2013
Europe-wide cybersecurity strategy http://ec.europa.eu/public_opinion/
Only 44 % of EU citizens feel well informed about cybercrime high on the political agenda. Beyond archives/ebs/ebs_404_en.pdf
(Source: Eurobarometer 404, November 2013) Europe, we need in the longer term a
global cybersecurity strategy, if we
A recent Eurobarometer survey indicates that want to contain at least cybercrime and cyber
there is scope for improvement in regard to cy- warfare. Otherwise, we can expect serious cyber
bersecurity education: while 76 % of respondents attacks on critical infrastructures to succeed in
are concerned about cybercrime, only 44 % feel the near future, which will make the interception
well informed about the risks of cybercrime. of German chancellor Merkel’s phone look in-
credibly harmless in comparison.
“The Internet is a glass house”
Interview with ICT security expert Joachim Posegga
Everybody is talking about cybersecurity
nowadays. Beyond heated public debates
Eurescom mess@ge tries to explore, what
the underlying issues and challenges are
that will impact Europe’s cybersecurity in
the coming years. Editor-in-chief Milon
Gupta asked professor Joachim Posegga,
who is heading the IT-Security group at the
University of Passau. Before changing to
academia he was leading the Security Re-
search Program at SAP Corporate Research
and worked on security at Deutsche Tele-
kom Research.
Which challenges to cybersecurity in
Europe and worldwide do you consider
the most important? Joachim Posegga
Posegga: The biggest challenge is clearly a politi- undertaking to map these into a coherent posi- How will trust in ICT services and their
cal one: we need a pan-European vision for cy- tion. Unless this has been achieved at least to usage be affected by news on data spying
bersecurity and, most importantly, the objectives some extent, there will be no credible European by agencies from the US and the UK?
underlying it. Consider just privacy requirements position the rest of the world would respect.
alone: There are very diverse opinions on this in Posegga: Does anyone seriously believe that only
the different European societies, and it is a major such agencies in the US and the UK do invest in
8 Eurescom mess@ge 3/2013
Cover Theme: Cybersecurity
intelligence gathering on the Internet? What be- quite worried about European research, as I did What recommendations do you have
came known so far about the activities of the not spot much IT Security in the upcoming for the EU cybersecurity strategy?
NSA [National Security Agency of the US – the Horizon 2020 programme. In order to create Eu-
editor] and the GCHQ [UK Government Commu- ropean security solutions, we obviously need Posegga: My first recommendation would be to
nications Headquarters – the editor] confirmed more research and innovation in this field. have a consistent EU cybersecurity strategy sup-
an old insight: what can be done, will be done. ported by all Member States in the first place. If
Although many security experts, including me, How secure are Europe's critical infra- you follow the debate and just consider the huge
were surprised about the scale and amount of structures, and what should be done to differences between the positions of, for exam-
intelligence gathering activities, the individual better protect them? ple, Germany and the UK, it appears that it will at
bits and pieces uncovered could hardly surprise. least be very difficult to achieve.
At the end of the day, what would you expect an Posegga: My good friend Dieter Gollmann [pro- Beyond immediate actions for strengthening
intelligence agency to do in the age of the Inter- fessor and head of department for security in cybersecurity, there is also a cultural aspect that
net? Analyse the wording of governmental Twitter distributed application at the technical university politicians and EU officials should be aware of.
feeds? of Hamburg – the editor] once remarked that Currently, we see something like a global culture
The good side of it is that it is now obvious to there are no critical infrastructures just critical of digital natives in the Internet evolving, and
everyone: the Internet is a glass house, and any- applications. There is a lot of truth in this. So let cybersecurity in its various facets is a major issue
thing inside is easily observable. Attaching blinds me ask what is your favourite critical application for them. Europe is very well positioned among
to this glasshouse is extremely difficult, even for – controlling the power grid or water supplies, digital natives; just figure why someone like
the big players in industry who are increasingly managing civil aviation, or the traffic on streets? Jacob Appelbaum, the driving force behind the
worried about the consequences of being subject Most of these applications come with barely any Tor network [free software for enabling online
to surveillance as the average citizen appears to security at all these days, and we are just begin- anonymity – the editor], moved to Berlin? A high
be. Clearly, we must react to this and learn how ning to understand what we actually want to level of cybersecurity in Europe could become an
to better protect citizens and businesses against achieve here. important competitive factor.
mass surveillance. This is primarily a technical Let me point you to a trivial example: messag- It is not the digital immigrants or people from
challenge, particularly in regard to foreign agen- ing has always been the number one killer appli- the analogue age who will shape the next de-
cies. cation, and it meets the definition of a critical cades of society and economy. It will be the digi-
But coming back to your original question on application. So, can we today provide secure tal natives, and Europe must attract the most
trust in ICT, on what basis would you trust Google e-mail at large? The answer is: no no. clever
clev
cl er brains
ever bra
r ininss of them!
the
hem!m! AAny
ny ccybersecurity
yber
yb erse
secu ty sstrategy
curirity tratteg
tr egyy
more than the NSA? ICT is used to deliver value. Many people argue fo for
or en encrypted
encr
crypypte e-mails.
tedd e-
e-ma mailils.
s. I considering
cons
co nsid
ider
eriningg the
the bi picture
bigg pi
pict uree should
ctur shou
sh ould ld take
akee the
tak the rorole
le
This implies risk. It is here more useful to think in believe in a few decaddecades adeses oour ur ccurrent
urrre nt ppractice
rent ract
ra ctic
ct icee of
ic of cybersecurity
cyb
yber
erse
er secu
se curiririty
cu tyy aass a co competitive
comp
mppet ivee factor
etitititiv
iv fact
fa or iinto
ctor
ct ntoo
nt
terms of risk, rather than trust. encrypting e-maill bodiesbodi
bo es and
dies and the corresponding
the cor orrre
resp
spon
sp o di
on d ngg aaccount.
c ou
cc ount
nt..
nt
So, let me rephrase your question: is the risk key management
managemeent will wililll remind
remi
remind
mi nd us us off the
the ““duck
duck
du ckk aand
ndd
of using ICT services affected by news on data cover”-strategy
cover”-strateg gy against
agai
ag ainsnstt atomic
ns atom
at
tomic ic bombs
bom mbsb in in the
thhe fif-
spying by agencies from the US and the UK? The ties. We cover
cover single
over sin glee aspects
ingl
gl aspe
as pectctss of the
ct thee problem,
pro
robl
bllemem, butbuut
answer is, quite obviously: no. But, thanks to we largelyy ffail
aill too ccover
ai o err ccrucial
ov ruci
ru cciial aaspects
spec
sp ts llike
eccts ikke me
ike meta-
m eta
t -
ta
what was published, we are now better in esti- transport
data, trannsp
spor routes,
orrt ro
rout
utes
ut ess, ininformation
nfoormrmat a ioon flow,
at oww, anaand
nd cecen-
en-
mating the risk involved. This is the good side of tralized aarchitectures.
rchi
rchiiteect
c ur
ures
es.
what happened.
What do you think about currently
discussed plans for a European Cloud?
Posegga: I am afraid I became fairly buzzword-
resistant over the decades. Let us wait until a
concrete plan for a European Cloud is put on the
table, which would allow us to consider aspects
like what sort of architecture and interfaces such
a system has, and how lawful interception is
handled. Then, possible users could make up
their minds about the actual added value of such
a European Cloud.
The so-called NSA scandal clearly is a chance
to position European technology better than be-
fore, not only in cloud services. However, we will
not succeed with marketing strategies only, we
must deliver more value, or less risk, and this
requires better technology. In this respect, I am
Eurescom mess@ge 3/2013 9
Cover Theme: Cybersecurity
Security solutions for future communication networks
Celtic-Plus project SASER
Dr. Eugen Lach, Coordinator
SASER and SASER-SaveNet
Alcatel-Lucent Deutschland AG
eugen.lach@alcatel-lucent.com
Wolfgang Thomas, Leader
Working Committee 2 “Safe
network and node architectures“,
SASER-SaveNet
Alcatel-Lucent Deutschland AG
Wolfgang.thomas@alcatel-lucent.
com
Iris Adam, Leader WP1-Securi-
ty, SASER-SIEGFRIED and New SASER Routing Architecture
Working Committee “Security”
Nokia Solutions and Networks question is how distributed network element ence each other, which guarantees the availabili-
Management International architectures can increase the availability and ty and achieves high quality of service. Denial-of-
GmbH security of optical network elements: service attacks, which aim to overload virtual
Iris.Adam@nsn.com The sub-project SASER-SIEGFRIED has channels, cannot impair other virtual channels.
the aim to increase the safety and cyber security Another virtualization concept is to split large
capability of communication networks. The part- network elements into several smaller distributed
ners of the work package “Security” in SASER- network elements, which behave like one big (vir-
Dr. Marco Hoffmann, Leader SIEGFRIED consist of telecommunication ven- tual) network element. This increases the overall
SASER-SIEGFRIED dors, universities and research facilities from network security as failed or attacked parts of the
Nokia Solutions and Networks Germany and Finland. They focus on the devel- virtual network element can be isolated and cir-
Management International opment of methods to protect networks against cumvented. This may reduce or limit the services
GmbH external and internal attacks. Their activities in- and bandwidth of the virtual node, but does not
marco.hoffmann@nsn.com clude the evaluation of a security concept for a bring down the virtual node as a whole.
new network architecture based on virtualization, One security risk of distributed systems is the
Dr. Ralf-Peter Braun, Leader cloudification and software defined networking. fact that they expose internal communication in-
Working Committee 4 “Refer- Anomaly detection, backdoor detection and visu- terfaces to attackers, as for example two parts of
ence Scenarious, test infrastruc- alization technologies are investigated to detect the network element are interconnected via stan-
tures and system tests“, SASER cyber-crime hidden inside massive data. dard Ethernet cabling. This is not only a problem
DEUTSCHE TELEKOM AG, of distributed telecommunication systems, but a
T-Labs SASER-SaveNet general problem of machine-to-machine interfac-
Ralf-Peter.Braun@telekom.de es. In the mechanical engineering industry, for
The concept of virtualization, which is known example, construction engines are more and
The SASER project for “Safe and Secure Eu- from computing, can also be applied to transport more integrated with IT systems and also there
ropean Routing” has the goal to provide sci- networks. In computing virtual computers are es- the communication interfaces of the machines
entific and technical solutions for future se- tablished on top of a trusted computing plat- must be secured. Although it is in principle
cure networks with a sustainable energy- and forms, which controls the virtual machines and known how to implement encryption and authen-
cost structure. SASER is a multi-national makes sure that they are separated from each tification in embedded systems, interfaces are
research project within Celtic-Plus, the EU- other, so that a failure on one virtual machine often inadequately secured due to a lack of devel-
REKA Cluster for a Smart Connected World. cannot bring down the service of the other virtual opment time, incomplete protocol specification,
machines. Analog to this concept physical trans- incapable implementation, insufficient testing
The SASER-SaveNet subproject is focused on port links can be separated into virtual communi- and the like. What is required are software tools,
the investigation of new architectures of opto- cation channels and can be operated separately which support development engineers to specify
electrical network elements, which build the layer from each other. By guaranteeing bandwidth for and rapidly deploy secure protocols.
0 and layer 1 optical transport network. A key each virtual channel, the channels cannot influ-
10 Eurescom mess@ge 3/2013Cover Theme: Cybersecurity
Scalable Sensor and Analysis Platform
In SASER-SaveNet the software defined net- we address this issue using Software Defined cious functionality injected during or after code
working (SDN) approach is seen as a crucial con- Networking (SDN) and network virtualization. An generation, e.g., by the compiler tool chain or
cept to increase network security and reliability. integral part of SDN is the separation of data and during operation. As a first approach, methods
SDN has gained a lot of attraction recently and control plane, leading to increased programma- are developed to foster semi-automated back-
allows to rapidly develop and deploy new applica- bility and flexibility in a network, whereas network door analysis and detection, intending to discov-
tions and services to packet networks. Originally virtualization makes a physical infrastructure er relevant attack patterns. As a second tech-
invented to control switches and routers in data more easily shareable. However, the introduction nique, backdoors are mitigated by preventive,
networks, SDN can be extended to transport net- of new technologies in the telecommunications constructive means, in order to minimize the at-
works. This allows to dynamically provide con- environment introduces new security challenges tack surface for malicious code manipulations.
nectivity between router ports through the optical which may demand innovative solutions. Within In addition, based on state of the art technology
network. By providing virtual links between rout- the project we focus on analysing and designing and executable backdoor samples, a „Learning
ers, through-traffic in the routers can be reduced. mechanisms that ensure secure deployment of Environment“ is developed, providing a Linux
This reduces the power consumption of the net- SDN and network virtualization in a Telco envi- and Cloud based tool box and teaching material
work and increases the network security and reli- ronment. Furthermore we are actively developing for software analysts, enabling them to quickly
ability, as the optical light paths are much harder an efficient and scalable sensor- and analysis understand and apply the techniques examined
to manipulate than IP packet streams. platform for control and data plane monitoring. and developed in SASER-SIEGFRIED.
The approach of the analysis platform is based
SASER-SIEGFRIED on the idea shown in the figure below. SASER-Horizontal
The new management flexibility and increased
As a starting point in SASER-SIEGFRIED, a com- network bandwidth have the potential to open In the horizontal activity “Reference Scenarious,
prehensive threat and risk analysis for an optical new attack surfaces against the network and can test infrastructures and system tests” of the EU-
network as deployed today was carried out that broaden the existing threats against the users. REKA/Celtic-plus SASER project the concepts,
identified 39 different threats. An assessment Our security monitoring provides a thorough ap- results and prototypes developed in SASER will
based on the methods suggested by ISO 27005 proach for the task to detect anomalies in control be tested and evaluated in a testbed with real
resulted in each threat being classified as either and user traffic. These anomalies could either Telecom environmental conditions provided for
“minor” (applied to 20 threats), “intermediate” stem from traditional threats, such as DDoS or testing the developed advanced optics and pack-
(15), “major” (4) or “critical” (0). In particular, botnet activity, but could also be new threats in- et functionalities and solutions. The feasibility of
the assessment showed that the most critical at- duced through the SDN architecture. new functionalities as well as their fitting in exist-
tack surface of an optical network seems to be However, the use of anomaly detection in prac- ing network infrastructures can be evaluated and
the management plane, so securing this part of tices is hampered by a high rate of false alarms. demonstrated.
the network and applying secure operational pro- Security dashboards can be used to solve the
cedures should be the highest priority of optical information overload problem and support the Further information:
network operators when securing their networks. analytic tasks to verify that attack alerts are valid SASER website: http://www.SASER.eu
Future telecom operator services are charac- attacks. In a first step in SASER-SIEGFRIED, tools Description and leaflets: http://www.celtic-initia-
terized by global delivery of high-performance ap- for anomaly detection are reviewed for functional- tive.org/Projects/Celtic-Plus-Projects/2011/
plications over high-capacity network infrastruc- ity that exists today. This study is accompanied SASER/saser-default.asp
tures. As current applications evolve, it is not by workshops and interviews with security ana-
feasible for telecom operators to set up and con- lysts to understand their complex needs.
figure a dedicated network for each application. As part of SASER-SIEGFRIED we deal with
Therefore, a key challenge for operators is the techniques to investigate backdoors in software
deployment and operation of dynamic and scal- systems. Our focus is on binary code to build
able network infrastructures capable of support- tools and algorithms applicable even if there is
ing all application types. In SASER-SIEGFRIED, no source code available and also to cover mali-
Eurescom mess@ge 3/2013 11EVENTS
New horizons for Europe
ICT 2013 in Vilnius
Milon Gupta
Eurescom
gupta@eurescom.eu
Peter Stollenmayer
Eurescom
stollenmayer@eurescom.eu
Welcome address by Dalia Grybauskaitė, President of Lithuania, at the opening of the conference
performances based on the innovative interplay Besides discussions at the exhibition booths,
This year’s ICT event in the Lithuanian capi- between humans and advanced information and this interaction took mainly place at the more
tal of Vilnius was special, as it marked the communication technologies (see Vconect ex- than 120 networking sessions. The limited space
end of the Seventh Framework Programme ample on the next page). In general, the over 200 at the Litexpo facilities forced the local organisers
(FP7) and the beginning of the new frame- booths in the exhibition were vivid proof of Eu- and the session organisers to adapt, proving that
work programme Horizon 2020. ICT 2013 rope’s creativity in exploring new technologies scarcity often leads to creative solutions.
was, however, also special in terms of con- and their applications.
tents and style. Concerning the second aspect, the social Innovation and growth
dimension of “Connect” worked better than the
Create Connect Grow technical dimension. WLAN connectivity was not More than at previous ICT events, the third
fully up to European aspirations for technological aspect, “Growth”, was permeating almost all
The motto of ICT 2013 was “Create Connect leadership, while the social connectivity worked presentations and panel discussions. This was
Grow”. As far as “Create” and “Connect” were fine. Thanks to the overall good organisation by particularly true for the plenary sessions on the
concerned, the event fully accomplished its mis- the Lithuanian EU Presidency in collaboration big stage. The opening session on 6 November
sion in the three days from 6 to 8 November with the European Commission, the event pro- included an interesting panel of successful Euro-
2013. The creative aspect of research was par- vided ample opportunities for the over 5,000 pean entrepreneurs, who discussed what is
ticularly highlighted in the exhibition, where delegates to connect with each other, share needed for the success of start-up companies.
many projects presented themselves with artistic knowledge, and discuss collaborative activities. Eben Upton, founder of Raspberry Pi, partici-
pated as living proof that Europe can actually
produce and sell millions of ICT devices. Teemu
Suila, CEO of Rovio, the producers of the popular
mobile game Angry Birds, said that “it is not the
Commission, which makes the first steps. It is
the entrepreneurs.” If you listened to US science
fiction writer David Brin, Europe has reason
for looking optimistically into the future of its ICT
sector. He believes that the future lies in Europe
more than in the US.
At the end of the session, panelists were asked
to summarise the one issue which could make
Europe’s ICT business prosper. Answers ranged
from “Education for a digital world”, to “Deregu-
lation of rules which currently hurt business”,
“Allocate all available public money to infrastruc-
ture”, and “Value is created through entrepre-
neurship”.
Huge interest at the networking session of Future Internet PPP project FI-STAR continued on page 13 ▸
12 Eurescom mess@ge 3/2013NEWS
Editorial CONTENT
Editorial ....................................................... C1
Co-located Celtic Event and WIMA in Monaco C2
About WIMA Monaco 2014 ............................ C2
Views from the Monaco Public Authorities ..... C3
Celtic Project Highlights
Dear reader,
This issue will be largely devoted to our upcom- Furthermore, one of our project highlights, SPECTRA ....................................................... C5
ing Celtic-Plus Event and the Proposers’ Day from SPECTRA, will go into the details of their mobile
23 to 24 April 2014 in Monaco. For the first time field trial, which was set up in Monaco. Another OPERA-NET+ .................................................. C7
we have an arrangement to co-locate our Celtic- highlighted project is OPERA-NET+, which is Imprint ........................................................... C8
Plus project exhibition with the WIMA exhibition, working on the extremely interesting and impor-
which is held at the same place. tant aspect of saving considerable energy in mo- About Celtic-Plus ............................................ C8
We are very hopeful that this colocation will bile networks.
create new business and research ideas via dis-
cussions with WIMA experts. There are several
technological aspects covered at the WIMA event, Enjoy reading this issue.
which are also of interest for Celtic-Plus, namely,
NFC and proximity technologies, Cloud services
and Big Data.
We have included in this issue two related ar-
ticles, about WIMA and the view from the Monaco
Public Authorities. In addition, another article will Heinz Brüggemann
present our synergy expectation by providing this Director Celtic Office
co-located exchange of views.
Celtic-Plus News 3/2013 C1Celtic-Plus News
Co-located Celtic Event
and WIMA in Monaco
ers, solution integrators, clients, etc.). Such ly launched the TILAS project aimed at setting up
crossing of ideas will be especially interesting as a very large test-bed for the Internet of Things
mainstream areas covered by WIMA such as with a very strong focus on secure WSN manage-
NFC (Near-Field Communication) and Mobile ment in dense urban environments mixing het-
Proximity together with their connection with erogeneous networks (capillary, proximity, CPL,
Cloud Computing and Big Data are becoming 3G/LTE). More information on the TILAS project:
core enablers for numerous rapidly emerging www.celticplus.eu/pub/Project-leaflets/We-
markets that are at the core of the Celtic-Plus vi- bquality/TILAS_lq.pdf
sion and strategy, such as m-health or m-com- Conversely participants to the WIMA Forum
Jean-Pierre Tual merce, mobile ticketing, mobile financial services could be interested to attend the Celtic Brokerage
Gemalto/ France and the Smart-City and Internet of Things do- event on 24 April 2014 at the Grimaldi Forum in
Jean-Pierre.Tual@gemalto.com mains. Monaco and be interested to join new Celtic pro-
As a bottom-up and close-to-market cluster, posals, as well as learning from the Celtic-Plus
Celtic-Plus will find an immediate benefit in hav- community and get up-to-date information on the
ing its projects demonstrated during the Celtic- most recent development achieved in future tele-
Plus event also seen by the WIMA community, communication infrastructure (network and plat-
therefore enhancing immediately the possibility forms, service and network management,
to disseminate their results and to raise the inter- business support systems) or service develop-
est of potential new partners for industrializing or ment frameworks (multimedia, end-user interac-
adopting their results. tion).
Some Celtic projects related to Mobile Proxim-
Valerie Blavette ity, Cloud, and Big Data could also take the op- Outlook
Orange/ France portunity to advertise their results to a larger
valerie.blavette@orange.com audience and respond to the WIMA call for pa- There are indeed high expectations that this colo-
pers and feed the WIMA research track on 22 cation could generate new business contacts
April 2014. and new business impact and may also generate
Co-locating the Celtic Event on 23 – 24 April This opportunity should be of particular inter- new ideas for extended research on NFC, Mobile
2014 with the WIMA Forum should allow a cross- est for some recent Celtic-Plus projects launched Proximity, Cloud, and Big Data. In addition, the
fertilization between the open innovation ecosys- in rapidly moving areas such as Smart Cities, extended exhibition of both Celtic-Plus projects
tem of Celtic-Plus and the business ecosystem of where WIMA core technologies cross critical busi- and WIMA-related organisations may contribute
the WIMA Forum participants (technology provid- ness requirements. A good example is the recent- to paving the ways for new way of collaboration.
About WIMA Monaco 2014
NFC & Proximity Solutions – “Connecting the
Physical & Digital Worlds for Interactive Customer Engagement”
WIMA MONACO – NFC, Proximity & Cloud
Solutions Conference & Exhibition, 22 – 24
April 2014, in co-location with Celtic-Plus,
23 – 24 April, Grimaldi Forum, Monaco
The Principality of Monaco will host the next
Celtic-Plus conference, proposers day and exhibi-
tion from 23 – 24 April 2014, during WIMA MO-
NACO (22 – 24 April 2014, Grimaldi Forum,
Joanna Merchie Monaco), the leading conference and exhibition
Executive Director/ WIMA dedicated to NFC, proximity and cloud solutions A co-located exhibition area, open to attendees
j.merchie@wima.mc connecting the physical and digital worlds. from both events, will highlight synergies and of-
fer new insights between Celtic-Plus research
C2 Celtic-Plus News 3/2013Views from the Monaco Public Authorities
projects and the ready for market solutions and WIMA welcomes a cross-section of international Further information:
use cases presented at WIMA, in areas such as attendees from research and educational institu- ■ WIMA: www.wima.mc
mobile payment, transport, healthcare, market- tions, standards bodies, start-up companies, and ■ Celtic-Plus Event 2014: www.celticplus.eu
ing, retail, access-control and ID Management. major global industry leaders.
Views from the Monaco Public Authorities
A long-time will of the Monaco Government
for a sustainable economy: The support of innovation
The Eureka office is located within the Busi- Who can receive support?
ness Development Agency directly under the Min-
istry of Finance and Economy’s authority. Companies in the industrial sector, tertiary indus-
The missions of the Business Development try and those providing services to industry are
Agency are: eligible for support from this fund.
■ The examination and the administrative
support of applications for the creation of Stages of the project and costs taken into
new businesses and the amendments to account:
existing businesses ■ Research and development
François-Xavier Le CLERC
■ Keep the Trade and Industry Register ■ Development of a prototype
Direction de l’Expansion Economique
■ Monitor business activity ■ “Pilot” implementation of production
EUREKA Office - National Project Coordinator
■ Issue industrial property rights certificates ■ Pre-production
Principauté de MONACO
and perform the relevant registrations in Funding are up to 50% of the total eligible
fleclerc@gouv.mc
national records amount budget.
■ Examine applications, grant and monitor
financial aid packages for businesses, Since 1998, more than 5 million euros have
The policy of support for innovation by the creation, innovation, international been dedicated to innovative projects
Monaco government took all its dimension cooperation, investment support, international ■ 42 individuals projects funded by the National
in July, 1998 with the implementation of the trade. Monegasque Innovation Fund since its
Monegasque Fund for Innovation (the creation : 30 companies, and a
national innovation fund). The Authority is also entrusted with: reimbursement rate close to 90 % for the
■ Creating, maintaining and optimising repayable funding part
The second step of this policy of support for in- permanent contacts and relationships with all ■ The EUREKA project for each Presidency:
novation is the application and the membership professional and business partners – Project E! 3551 “MONOÏKOS” (ASEPTA -
of Monaco to the EUREKA network. ■ Participating in prospection or economic cosmetology)
The Principality of Monaco is a full member of development organised by the competent – Laboratories EUROPHTA (ophthalmology)
the EUREKA network since January 1st, 2005. bodies – Project E! 3896 “MOB-IT” (MC-Tel) > inter-
It is indeed under the French and Dutch Eure- Within this Agency, Monaco Welcome and Busi- rupted
ka chairs that Monaco presented its application. ness Office is specifically responsible for develop- – Belcurves – (3D virtual try-on technology)
It makes Monaco one of the more recent ad- ing a high quality one-stop-shop and personalised – Entered the EUROGIA + Cluster – (“Float-
ditional member states of the network. support for entrepreneurs met” project with Single Buoy Moorings-
To support this candidacy, and from the start, The Monegasque Fund for Innovation as well meteo floating station)
the Monaco government decided on the imple- the “ EUREKA “ Monegasque Fund offers sup- – Project E! 4440 “SECUReSHIP” (3D security
mentation of the “ Eureka office” , as well as of port to Monegasque companies for innovative system for naval protection)
the “ “ EUREKA “ Monegasque Fund specifically technological projects (involving real technologi- – Entered the CELTIC+ Cluster – (“SPECTRA ”
dedicated to funding of the cooperative projects cal advances or the introduction of an innovative project with MONACO TELECOM- multi-band
carried out by the companies of the principality product to the market), through repayable loans cognitive radio technology)
within the framework of the network, granted with or grants. Ongoing: - “REVEECO” project ( sanitary water
2 million Euros . The project must result in a technologically in- treatment –potential
novative project and show real commercial po- ACQUEAU project with French and Turkish part-
tential. ners).
Celtic-Plus News 3/2013 C3You can also read
