IoT - Systematic
Transcription
IoT - Systematic
INTERNET OF THINGS Which network ? How secure ? Which experimental tools ? #IoT2015 WELCOME GERARD MEMMI Head of Networks and Computer Science Department at Telecom ParisTech #IoT2015 IoT: A grand vision getting ‘concensus’ Institut Mines-Télécom IT’S HUGE, BUT WHAT IS IT? 80 Billion of smart things in 2020 (ZDNET 2013) 4 Institut Mines-Télécom WHAT IS IOT? Kevin Ashton (MIT) first mentioned the Internet of Things in a presentation he made to Procter & Gamble in 1999. The Internet of Things (IoT) is a general purpose system of “smart things” (ubiquitous sensors and actuators) connected via the internet The internet of things brings together people, process, data, and « things » turning information into physical actions, and the other way around; creating new capabilities for individuals, businesses (commerce and industry), and eventually countries 5 Institut Mines-Télécom Market Size (Cisco) 6 08/10/2015 Institut Mines-Télécom Modèle de présentation Télécom ParisTech Reference ModelS 7 08/10/2015 Institut Mines-Télécom Modèle de présentation Télécom ParisTech IOT-A, FP7 Alcatel Lucent (BE, FR), CEA (FR), CFR (IT), CSE (GR), FhG IML (DE), Hitachi (UK), IBM (CH), NEC (UK), NXP (DE, BE), SAP (DE), Siemens (DE), Sapienza University of Rome (IT), University of St. Gallen (CH), University of Surrey (UK), University of Würzburg (DE), VDI/VDE-IT (DE), VTT (FI) 8 08/10/2015 Institut Mines-Télécom Modèle de présentation Télécom ParisTech Freescale Reference Model 9 08/10/2015 Institut Mines-Télécom Modèle de présentation Télécom ParisTech CISCO-IBM-INTEL Reference Model Levels 7 10 Collaboration & Processes (Involving People & Business Processes) 6 Application 5 Data Abstraction 4 Data Accumulation 3 Edge Computing 2 Connectivity 1 Physical Devices & Controllers Center (Reporting, Analytics, Control) (Aggregation & Access) (Storage) (Data Element Analysis & Transformation) (Communication & Processing Units) (The “Things” in IoT) Edge Sensors, Devices, Machines, Intelligent Edge Nodes of all types Institut Mines-Télécom IoTWF Key Challenges Challenges Trends Companies ‘Quadruple trust’ :security, privacy, protection, safety TLS, Authentication All, IEEE Interoperability, heterogeneity Updates & Legacy Composition Openness IBM Freescale Scalability IT, OT, CT convergence True distibution, Edge/Fog Computing, RT analytics Cisco, AGT, Schneider Sensor/actuator Improvement, cost effectiveness, energy saving Schneider Rockwell Mobility Use of tablet or smartphone as control devices Shell Ease of use, QoE, Acceptance Smartphone as a remote control ‘Small steps’, ‘be intiutive’ VMWare Institut Mines-Télécom 11 BM IoT is transformational Schneider Major IT Standards Bodies Active in IoT Institute of Electrical and Electronics Engineers (IEEE): www.ieee.org International Electrotechnical Commission (IEC): www.iec.ch International Organization of Standardization (ISO): www.ios.org International Society of Automation (ISA): www.isa.org International Telecommunication Union (ITU): www.itu.int Internet Engineering Task Force (IETF): www.ietf.org World Wide Web Consortium (W3C): www.w3.org 12 08/10/2015 Institut Mines-Télécom Modèle de présentation Télécom ParisTech References [email protected] EU-China Joint White paper on Internet of things Identification, EU-China Advisory Group, 2014 http://iotforum.org/wp-content/uploads/2014/09/120613-IoTA-ARM-Book-Introduction-v7.pdf http://www.staticcisco.com/assets/sol/dc/internet_of_everything.pdf IEEE-S A Internet of Things Ecosystems Study 13 08/10/2015 Institut Mines-Télécom Modèle de présentation Télécom ParisTech SECURITÉ INTERNET DES OBJETS Institut Mines-Télécom Agenda Part 1 Welcome - Gerard Memmi, Institut Mines Telecom Round Table Usage requirements on network & security privacy Smart cities : Catherine Dehaene TIC & Santé : Jacques Guichard Animation : Stéphane Delouche, Cap Digital Technical session #1 Future space - Mathieu Boussard, Alcatel-Lucent Bell Labs BREAK Technical session #2 Antoine Mouquet, Orange Elevator pitch LUNCH / POSTER + DEMO + NETWORKING ISE (SystemX) – P. Cincilla RIOT (Inria) – E.Baccelli Prove&Run – C.Pagezy Spinalcom – S.Coulon #IoT2015 15 Agenda Part 2 EU Research & Innovation agenda for IoT T.Kleiner, Head of Unit-Network Technologies at European Commission Security & Privacy Le respect de la vie privée - S.Petitcolas, CNIL Les risques, menaces, recommandations et opportunités des objets connectés - B.Morin, ANSSI Security & Architecture - H.Ganem, Gemalto SW aspects - C.Pagezy, Prove & Run BREAK Projects & experimentation Fiesta-IOT – Vivien Mallet, Inria Jean-Luc Strauss, Altran ITS Security – Pierpaolo Cincilla, SystemX Closing session Jean-Pierre Tual, Président du GT Confiance Numérique et Sécurité Thierry Houdoin, Président du GT Télécoms Closing cocktail #IoT2015 16 ROUND TABLE Catherine Dehaene – President of Smart Cities working group Jacques Guichard – Expert of the ICT&Health Commission Stéphane Delouche – Cap Digital #IoT2015 17 FUTURE SPACE MATHIEU BOUSSARD Alcatel-Lucent Bell Labs 18 #IoT2015 ANTOINE MOUQUET Orange 19 #IoT2015 ELEVATOR PITCH 20 #IoT2015 ISE Demonstrator ITS WC Bordeaux Scenario Future@systemx Player 1 Player 2 OBU-1 Personal car OBU-2 emergency or hacker 21 ISE Demonstrator 22 Communauté RIOT (démo présentée par Cédric Adjih, chercheur Inria) The Internet The Internet of Things IoT Innovation? • Hindered by proliferation of closed platforms – incompatible silos – locked-down hardware • Need de facto standard open-source platform • • • • an OS equivalent of Linux for IoT devices community-driven, open-source independent from vendors, hardware architectures… interoperability & communication based on: – standard, open-access specifications RIOT: Thin-Waist Open-Source IoT RIOT is an open source, low-power, small-footprint operating system - Fits in ≈10k RAM, ≈100k ROM - Linux-like API, but based on a micro-kernel fitting IoT device constraints - IoT network stacks based on open standard low-power protocols (IPv6/6LoWPAN…) Closed- & -source Applications Core functionally equivalent to Linux, based on: - open-source, - open-access protocol specs - community-driven dev. Other network stacks CoAP, LWM2M... RPL, UDP … IPv6, 6LoWPAN … Open-Source Drivers Closed-Source Drivers Peripherals (including network interfaces) Lowpower MCU + radio or wired communications RIOT Third-party software Hardware IETF Can’t run Linux? Run RIOT! RIOT Supports Several Network Stacks • RIOT supports several network stacks • BSD-like ports for: OpenWSN, LibCoAP • What's already there: – Application layer (CoAP, CBOR), Transport layer (UDP, TCP), Network layer (IPv6, 6LoWPAN, RPL, CCN-lite), 2929 Link layer (IEEE 802.15.4 and 802.15.4e support) Portability : https://github.com/RIOT-OS/RIOT/wiki/RIOT-Platforms 30 30 The RIOT community • Open source community • ~ (150) 250 forks on GitHub https://github.com/RIOT-OS/RIOT • ~ (150) 260 people on the developer mailing list: [email protected] • Developers from all around the world ; Mentoring org. for GSoC 2015 • Support & discussions on IRC: irc.freenode.org #riot-os • ~ (500) 750 followers on Twitter 3131 Architecture – Application – watr.li Californium + Play RIOT APP Display Node COAP+HTTP WebSockets COAP IPv6 IPv6 6LoWPAN 6LoWPAN IEEE 802.15.4 IEEE 802.15.4 IPv4/IPv6 Ethernet IPv4/IPv6 Ethernet IoT Applications RIOT in FIT IoT-LAB open testbed (2700+ nodes) : https://www.iot-lab.info - part of https://onelab.eu • RIOT : Comprehensive support for IoT-LAB M3 open node • Tutorials : – http://www.codeproject.com/Articles/840499/RIOT-Tutorial – https://github.com/iot-lab/iot-lab/wiki/Tutorial-about-RIOT-Operating-System-for-IOT-LAB-M3nodes 3535 SpinalCom Local IoT nerve center Editeur de solutions middleware dédiées IoT & Fog Computing SpinalCom Middleware pour les systèmes intelligents DataBase Analytics Devices Développement User interfaces Data Management Connexion SpinalCom Fog Computing Réactivité Sécurité SpinalCom Autonomie Démonstration SpinalCom Prototype : ceinture pour la mesure de positions forcées Proto Raspberry Proto Interface de collecte 40 DEMO / LUNCH / NETWORK 41 #IoT2015 EU RESEARCH & INNOVATION AGENDA FOR IOT T. KLEINER Head of Unit-Network Technologies at EC 42 #IoT2015 Building a European Internet of Things ecosystem Thibaut Kleiner*, Head of Unit, DG Connect, Network Technologies High expectations for the IoT (Gartner, 2014) •Globally, Gartner forecasts 26 bn devices online by 2020; ABI Research puts that number at 30 bn; Cisco estimates about 50 bn •McKinsey forecasts global IoT market in 2025 worth 2.5T€ – 6T€ •In EU28, IDC/TXT estimates IoT connections at 1.8 bn in 2013 and almost 6 bn in 2020 and IoT revenues at €307 bn in 2013 and more than 1.1 T€ in 2020, including HW, SW and services. € 1,400,000 7,000 € 1,200,000 6,000 € 1,000,000 5,000 € 800,000 4,000 € 600,000 3,000 € 400,000 2,000 € 200,000 1,000 €0 Installed base million Revenue million 0 2013 2014 2015 Source: IDC, 2014 2016 2017 2018 2019 2020 45 •Globally, Gartner forecasts 26 bn devices online by 2020; ABI Research puts that number at 30 bn; Cisco estimates about 50 bn •McKinsey forecasts global IoT market in 2025 worth 2.5T€ – 6T€ •In EU28, IDC/TXT (2015) estimates IoT connections at 1.8 bn in 2013 and almost 6 bn in 2020 •In EU28, IDC/TXT estimates IoT revenues at €307 bn in 2013 and more than 1.1 T€ in 2020, including HW, SW and services. € 1,400,000 7,000 € 1,200,000 6,000 € 1,000,000 5,000 € 800,000 4,000 € 600,000 3,000 € 400,000 2,000 € 200,000 1,000 €0 Installed base million Revenue million 0 2013 2014 2015 Source: IDC, 2014 2016 2017 2018 2019 2020 46 Needed=a sophisticated industry ecosystem across vertical silos and consisting of: Vendors providing components Suppliers creating solutions Service Providers Enterprise Users 47 Source: IDC/TXT, 2014 New business opportunities combining IoT, cloud and big data IoT Big Data Cloud Smart Environments Identified Smart Environments Smart Energy/ Utiltiies Smart Manufacturin g Smart Government/ Smart Transport Smart Health Smart Homes Environment Smart Customer Experience Smart Finance 48 From IOT research towards innovation R&I agenda for the IoT FP7- Ignition phase 2014-15 Building the eco-system FP7 research results (platforms, ICT30: Building the architectures, eco-system, breaking 2016-17 Going to market demonstrators) silos CPS-IoT, Using Deployment platforms integrating WP16-17: Focus devices, embedded systems and network technologies for a multiplicity of novel applications + ODI, FI-ware accelerators, IERC, standardisation etc. Area on Internet of Things will focus on experimentation with real-life solutions being tested at large scale with users 49 FP7: results and achievements IOT ARCHITECTURES IOT SOLUTIONS • IoT Reference Architecture and Open IoT platform • Clouds of internet-connected objects, Open source middleware framework • Adaptive middleware for small solutions • Virtual objects and composite VO semantics • City infrastructure as a cloud service (CIaaS) • Future Internet PPP Generic Enablers and platform approaches (FI-WARE, FI-CORE) • Open platforms ReAAL and Universaal for home environment (smart home) • Cyber-physical systems (I4MS) for manufacturing • IP-based smart objects connectivity with low power consumption • Naming and identification systems • Test-driven service creation environment for business services • Reliable communication and selfconfiguration mechanisms in industry • Context-awareness, cognitive framework object networking • Knowledge-Social-Business Experience Models • Ubiquitous, secure location-based IoT • Semantic interoperability approaches • Embedded smart objects / Cyberphysical systems • real-time measuring and decision making solutions FP7: results and achievements IOT DEMONSTRATORS • City-scale smart city experimental research facility in Santander • Use-cases in e-Health, Smart Mobility, Smart Office, Smart Shopping, Smart Home, Tourism, Smart Toys, Smart Agriculture • IoT Use Cases in European Smart Cities (energy, environment, open data, transport, security, water mgt., social communities, urban regeneration) • Health & Safety monitoring & control system including semantic sensing information processing • Smart Campus platform for monitoring of municipality services, smart traffic and public transportation management • Social Connected TV combined with device management • Eco-conscious cruise control for public transport • Urban environment monitoring for lighting, noise, pollution, waste generation, energy consumption • Logistics Product Life-cycle Management • Smart Manufacturing for textiles • Smart Shopping pilot • Smart Toys • Smart Care / advancing active and healthy ageing IOT eco system: Devices, Applications and Business models Courtesy: IERC 2015 DEVELOPERS/ IoT Data Services MAKERS INDUSTRY M2M/IOT Cloud Services Big Data Analytics IoT Applications Device Connectivity Platforms Device Clouds IoT Platforms Social Services Business Applications STARTUP/ ENTREPRENEURS END USERS Industrial Systems & Protocols Human Interface Sensors, Devices, Gateways, Equipment, Mobile Assets Home Energy Healthcare Industry Signage Tourism Security Automotive Transportation Environment 52 IoT raises privacy challenges Opinion 8/2014 on the on Recent Developments on the Internet of Things by the art. 29 DP WP • Lack of control • Lack of or low-quality consent • Meshing of data and repurposing of original processing • Constant surveillance and monitoring of deviation • Limitations on the possibility to remain anonymous when using services • Security breach becomes easiers Existing frameworks: sufficient? • Data protection principles apply; • Expand the role of privacy impact assessments (example of RFID) • E-privacy • More user-friendly contracts and Terms and conditions ? • Need for a Trusted IoT label? • More needed? (ex: right to disconnect ) • => importance of testing with users Cybersecurity as a pre-requisite • Chrystler • End-to-end security for the IoT • Not only principles and standards but also certification challenges • Challenges for connected devices with low computing power • Example from some projects? The European Commission invests heavily in uptake of the Internet of Things • 51 M€ EC research funding in 2015 for the creation of IoT Innovation Ecosystems • Over 100 M€ EC research funding in 2016 for experimentation through IoT Large Scale Pilots • 35M€ research funding in 2017 on security, privacy and next generation platforms • Joint IoT research in international cooperation: Japan (5M€), South Korea (3M€), Brazil (9M€) 56 IoT-01-2016: Large Scale Pilots Pilot areas: • • • • • Pilot 1: Smart living environments for ageing well (EU contr. up to 20 MEUR) Pilot 2: Smart Farming and Food Security (EU contr. up to 30 MEUR) Pilot 3: Wearables for smart ecosystems (EU contr. up to 15MEUR) Pilot 4: Reference zones in EU cities (EU contr. up to 15MEUR) Pilot 5: Autonomous vehicles in a connected environment (EU contr. up to 20 MEUR) Total budget: • 100 MEUR (funding rate: 70%) Dates: • Call opening: 20th October 2015 • Call deadline: 12th April 2016, 17.00 • Expected starting date: January 2017 Other relevant pilots: Smart manufacturing; Water management IoT-02-2016: IoT Horizontal activities (cont’d) Scope: • Co-ordination of and support to the IoT Focus Area: through mapping of pilot architecture approaches; interoperability and standards approaches at technical / semantic levels; requirements for legal accompanying measures; common methodologies for design, testing and validation; federation of pilot activities and transfer • Horizontal support: exploitation of security and privacy mechanisms towards best practices and a potential label (“Trusted IoT”); legal support to relevant subjects; contribution to pre-normative activities and to standardization. International cooperation with similar activities. Europe. Exploitation of ICT & Art combination • RRI-SSH support to IoT: Pilots shall be citizen-driven with existing / local communities at an early stage. Two entities other than ICT technologies required (e.g. social sciences, psychology, gerontology, economy, art, etc.) Total budget: • 4 MEUR (funding rate: 100%) Dates: • Call opening: 20th October 2015 • Call deadline: 12th April 2016, 17.00 • Expected starting date: January 2017 IoT-03-2017: R&I on IoT integration and platforms Scope: • • • Architectures, concepts, methods and tools for open IoT platforms integrating evolving sensing, actuating, energy harvesting, networking and interface technologies. Platforms should provide connectivity and intelligence, actuation and control features, as well as semantic interoperability across use cases and conflict resolution. IoT security and privacy. Advanced concepts for end-to-end security in highly distributed, heterogeneous and dynamic IoT environments. Approaches must be holistic and include identification and authentication, data protection and prevention against cyber-attacks at the device and system levels. Proposals are expected to include two or more usage scenarios to demonstrate the practicality of the approach. If appropriate existing platforms, such as FIWARE, CRYSTAL or SOFIA should be built on. Total budget: • 35 MEUR (funding rate: 100%) Dates: • • • Call opening: Call deadline: Expected starting date: 08th December 2016 TBA TBA AIOTI The Alliance for Internet of Things Innovation o Building a European IoT innovation ecosystems across the value chain /across silos, through open IoT platforms o o Forum for the EC to discuss with industry and to provide policy guidance for IoT in the DSM 60 AIOTI – Towards Europe-wide Ecosystems • A new alliance to give Europe the lead in the field of IoT • The IoT Voice of Europe • Promoting European open platforms like FIWARE, Industrie 4.0, OpenIOT et al. • Supporting the implementation of large-scale pilots • Pooling resources across directorates, member states, regions • Recommendations for LSP implementation as a deliverable October 2015 • A strategic initiative to help EC prepare future IoT standardisation and Digital Policy • A draft IoT Architecture Reference Model (Nov. 04) • Feedback from Industry/Member States 61 300+ AIOTI Members already! 62 Alliance of Internet of Things Innovation AIOTI Structure 63 The success of the Internet of Things depends strongly on the existence and smooth and effective operation of global standards. • (ITU) IoT SDOs and alliances landscape Service & App P2413 AIOT I Open Automotive Alliance B2C (e.g., Consumer Market) B2B (e.g., Industrial Internet Market) 802 Connectivity Source: AIOTI WG3 (IoT Standardisation) – Release 1 What IoT standards do we need? • Complete value-chain: • connectivity, middleware, service layer (data?) • Enabling relationships among IoTs verticals. • architectural frameworks • reference implementations • interoperability • Working across areas: • ontologies to be provided by the industry segments themselves • common reference architectures as a start www.ec.europa.eu/digital-agenda/ICT2015 Thank you – and see you in Lisbon! Useful links s Follow us on Twitter @NetTechEU IoT http://ec.europa.eu/digital-agenda/en/internet-things Network Technologies http://ec.europa.eu/digital-agenda/en/networktechnologies http://www.aioti.eu 68 SECURITY & PRIVACY 69 #IoT2015 SECURITY & ARCHITECTURE H. GANEM Gemalto 70 #IoT2015 IOT security architecture Herve Ganem Sept 30 2015 Introduction On sept 10 2015 The FBI made a public announcement to outline the security risks related to IOT (*) « Internet of Things Poses Opportunities for Cyber Crime” • • • • 72 What are IOT devices How do they connect What are the IoT Risks? Recommandations for users *Footer, http://www.ic3.gov/media/2015/150910.aspx 20xx-xx-xx Outline Historical approach to security End to End security and its various meanings IOT security requirements Credentials distribution models Corporate Provider/customer delegated Embedded clients threats and solutions Strong credential storage Trusted software stack Proven reliable software stack conclusion 73 Footer, 20xx-xx-xx M2M security traditional approach: one device and one server Smart sensor M2M server Application A WAN LAN Router/ Gateway/ Data concentrator Application B • Security is addressed between a « designated » data source and « the » M2M server • Part of the transmission path is not secured or secured using ad hoc solutions • The design is not scalable, and not suited to contexts involving multiple business actors 74 • Interoperability is poor The need for interoperability leads to the concept of M2M service platform Device Application (data destination) Local area network Wide area network Device (data source) Gateway M2M service platform Application (data destination) • Interoperability: data destination can dynamically discover and receive data from data source •The M2M service platform helps disseminating data to authorized parties •It exposes a number of services simplifying application development •Benefits: •Higher Interoperability •simpler application development. 75 •Scalability •drawbacks: •Multiplication of ecosyustems (IOT jungle) 10/8/2015 IOT applications ; heterogeneity is the rule IOT applications often involve several communication hops Intermediate nodes may be controlled by different entities Application A Object 1 Application C Application C entities and secure every single hop Goals: • Authenticate of the communication path • • Possibly secure communication from source to destination with a single set of credentials Manage authorizations (fine grain) in every node Need for end to end security • Secure each segment of the communication path • Secure communication from source to destination with a single set of credentials 76 Footer, 20xx-xx-xx Real case example IOT applications often involve several communication hops Possibly not controlled by the same business entity Database storage MQTT server Application A OneM2M service Platform WAN LAN Router/ Gateway/ Data concentrator • Smart sensor 77 Footer, 20xx-xx-xx Application B • Different intermediate nodes may be controlled by different business actors. What security model may be used to manage credentials and authorizations in a multipartite environment? Credential distribution models 78 Footer, 20xx-xx-xx The corporate security model • • Benefits : simplicity; global control Drawback: not scalable corporate server Application A WAN LAN Resource server Authorization server Smart sensor 79 Footer, 20xx-xx-xx Corporate AAA server The customer/supplier security model Analogy with the security model used for mobile communications M2M service provider 1 AAC server M2M service provider 2 AAC server application Device •Most widely used security model •Credentials managed by service provider and associated to a service delivery •Each provider manages credentials and authorizations for its own customers •No end to end security from source to destination •No overall authorization management 80 10/8/2015 Emergence of the role of TSM in the customer/supplier model The role Tusted Service Manager (TSM) emerged to address the need of credential provisonning for mobile applications M2M service provider 1 M2M service provider 2 AAC server AAC server TSM Service provider Secret owners 10/8/2015 •The TSM is able to provision secrets on security platforms it does not own 81 The delegated security model Resource : generic term to designate anything requiring access control Resource server Resource server Resource server Application A AAC WAN LAN Resource server Authorization server • • Intermediate nodes are seen as “resource servers” They « delegate » authorization and credential management to a separate authorization server Benefits • Holistic credential and access control management • Possibility to outsource security management • Highly dynamic credential distribution and revocation 82 Footer, 20xx-xx-xx Embedded client security 83 Footer, 20xx-xx-xx IOT devices features and associated threats IOT devices are often computer and/or energy contrained Security energy overhead does matter Need for lightweight cryptographic algorithms Usual « onion like » pile up of security layers increases energy consumption IOT devices are often physically accessible Physical attack on device may result in credential theft and device cloning Physical or remote attack may result in installation of malware on the device Malware installation on the device via physical or remote access Physical access to device for maintenance purposes may be hard or impossible Remote management of devices including for credentials management mandatory 84 Footer, 20xx-xx-xx IOT embedded security solutions Enhanced credential storage protection Use of Embeded Secure Element reduce the possibility of device cloning Remote management of credentials inside the Secure element TCO (Total cost of ownership ) must be in adequation with IOT applications business model Use secure boot chain to verify software executed on the device Prevents the installation of malware on the device. Requires tamper proof storage for root of trusts (i.e ESE, TPM) High quality software chain Reduce software vulnerabilities: Buffer/heap overflow Command injection… 85 Footer, 20xx-xx-xx Conclusion Trends for credentials distribution: The need for end to end security for IOT communications is now generally recognized distribution of the credentials, in heterogenous possibly multipartite environments More dynamic distribution and revokation of the credentials. Enablers for embedded Iot device security are: Secured storage for credentials Chain of trust for device software Quality software stack. Emergence of the role of trusted party The role of the Trusted service manager is expanding Trust management is a business segment in itself 86 Footer, 20xx-xx-xx CHRISTOPHE PAGEZY Prove & Run 87 #IoT2015 LE RESPECT DE LA VIE PRIVÉE STÉPHANE PETITCOLAS CNIL 88 #IoT2015 Stéphane Petitcolas– Ingénieur Expert à la CNIL DE L'INFORMATIQUE NOMADE À L'INFORMATIQUE AMBIANTE : LES ENJEUX EN TERME DE VIE PRIVÉE 89 Nombre de dispositifs “connectés” selon CISCO 90 Observons les objets intelligents d’aujourd’hui… …pour deviner vers où va l’intelligence ambiante promise demain. Quels risques de traçage des personnes ? 91 92 Le pass navigo 2009 1975 • Un numéro unique • Personelle et infalsifiable • Remplacée en cas de perte • Un fichier clients • Des statistiques réseaux fines • Anonyme • Rachat en cas de perte • Pas de fichier clients • Statistiques pauvres ? ? ? 100 % 2% 40 % 93 Dans la puce du pass navigo Qui Quand Où 94 Les leçons du pass navigo • Les actions de la CNIL – Imposer une anonymisation des données collectées. – Imposer l’existence d’un « pass anonyme » • Mais il coûte 5 euros… • Ce n’est pas de l’intelligence ambiante mais déjà de l’intelligence dans les objets + des capteurs. • Demain la reconnaissance faciale pour remplacer le pass navigo ? • Confort = traçabilité des personnes? 95 Les cartes bancaires sans contact 96 Les actions de la CNIL • Participation aux groupes de travail autour des cartes bancaires sans contact • Demande de suppression du nom et de la date de validité en lecture sur l’interface sans contact • Mise en application de cette recommandation depuis septembre 2012 • Suppression de la liste des transactions depuis mi 2013 97 La géolocalisation mobile WiFi Serveur de géolocalisation A A B A, B, C C B 45° 10' 0" N / 5° 43' 0" E Place Victor Hugo... D E F G C 98 Comment constituter une base de géolocalistion? Méthode « ancienne »: faire travailler des employés 99 Comment constituter une base de géolocalistion? Méthode « crowdsourcing »: faire travailler les utilisateurs 100 Les leçons des mécanismes de géolocalisation • Des capteurs et des réseaux: – Des usages impossibles à deviner à l’avance. – Un boom du « crowdsourcing » à prévoir • Que fait-on des données collectées: – Transferts à des partenaires? – Publicité? – Quels droits (réels) pour les personnes? 101 Mobilitics : un projet de recherche pour mieux comprendre les smartphones Nombre d'applications utilisées durant l’expérimentation : - Qui accèdent au réseau Total : 189 176 93% - Qui accèdent à l'UDID (identifiant unique Apple) 87 46% - Qui accèdent à la géolocalisation 58 31% - Qui accèdent au nom de l'appareil 30 16% - Qui accèdent à des comptes 19 10% - Qui accèdent au carnet d'adresses 15 8% - Qui accèdent au compte Apple 4 2% - Qui accèdent au calendrier 3 2% • Accès réseaux nombreux et quasi permanents sans une information claire des utilisateurs • quelques applications sont responsables de la majorité des accès aux données, avec une intensité qui semble dépasser le seul besoin des fonctions de ces applications • Certaines applications accèdent à des données sans lien direct avec une action de l’utilisateur ou un service offert par l’application (récupération de l’identifiant unique, du nom de l’appareil, de la localisation). 102 Mobilitics : un projet pour comprendre l’utilisation des données à caractère personnel dans un téléphone • 31% des applications utilisées ont cherché à accéder à la localisation • 41 000 « événements » de géolocalisation au total, • soit une moyenne de 76 événements par jour et par volontaire • L’intensité de ces accès surprend. 103 Les objets connectés de demain • Les compteurs intelligents – Réflexion des groupes de travail Européen sur la définition du périmètre des études d’impacts • Le mouvement du « quantified self » • Les Google Glass 104 Quels risques pour la vie privée? 010203945895966765: Bracelet Jawbone 238405 505 509 05506: Costume Hugo Boss taille 52 AD:2C:54:F2:AR:C3 Adresse Mac Wifi du téléphone portable 0183394 84485 5950: Carte bancaire sans contact 105 Un cadre européen pour les RFID • Une recommandation de mai 2009 de la Commission Européenne sur les RFID. Principes: – Conduire des études d’impact sur les produits RFID. – La désactivation des puces au point de vente dans la grande distribution. • Sauf exception si l’étude d’impact montre une absence de danger. • Les études d’impact RFID: un instrument utile? 106 D’une identification ubiquitaire… vers un déséquilibre? Adresse IP IMEI MAC Bluetooth RFID Tag Number UDID MAC WiFi Droit à l’information Droit d’accès Droit d’opposition Num. carte navigo Cookie ID 107 Un exemple de traitement invisible : Les cookies 108 Quelles solutions ? L’approche actuelle Des solutions pour demain ? • Déploiement produit / service • Analyse d’impact / de risque • Déclaration / contrôle CNIL • Correction des problèmes • Problème / Sanctions • Déploiement produit /service • Correction des problèmes • Contrôle CNIL • Approche « pansement » • Approche « privacy by design » 109 Demain ALORS? 110 Des tendances • Chaque être humain aura des dizaines ou des centaines de puces. • La donnée personnelle va changer de nature: – 1978: Nom, prénom, numéro de sécurité sociale, … – 2013: Adresse IP, MAC, IMEI, Numéro de série, … • Des traitements invisibles par milliers. – un coût de stockage des données proche de zéro. – sans frontières. 111 Enjeux • Pour le monde de la recherche – Sécurité des systèmes – Anonymisation / pseudonymisation – Minimisation des données • Pour les industriels – Sécurité des systèmes – Le « Privacy by design » – L’exercice effectif des droits des personnes • Pour le monde du droit – Une jungle d’expertise technologique? 112 [email protected] 113 PROJECTS & EXPERIMENTATION 114 #IoT2015 FIESTA-IOT VIVIEN MALLET Inria 115 #IoT2015 JEAN-LUC STRAUSS altran 116 #IoT2015 Internet of Things Machine driven Big Data Solutions Jean-Luc STRAUSS 30/09/2015 IN REBUS VERITAS Altran Research 2009 117 117 Different Usages - Different Solutions Process Control Distributed manufacturing manufacturing « M2M » Management ERP ERP ERP Planification MES MES MES Building Others Home ENTREPRISE ERP Others : eHealth; Entertainment BAS HAS BPM HEMS APP Tools local DCS SCADA SCADA BacNet Local controls PLC & RTU & EID PLC & RTU & EID PLC & RTU & EID DDC & RTU PLC & RTU & EID Mediation Origin of data Usages Office apps on PCs Things Things Things Things Things Things Data FROM Things Data FROM Things Data FROM Things Data FROM Things Data FROM Things Data FROM Things Controls & Commands TO Things Controls & Commands TO Things Controls & Commands TO Things C&C TO Things C&C TO Things C&C TO Things Machines / Devices Machines / Devices Machines / Devices Mach / Dev Mach / Dev Appliances / Devices physical environnement Physical environnement Physical environnement Physic. Physic. Physic. Distributed systems (process based) Electric power generation; oil refineries; water & wastewater treatment; chemical, food, pharmaceuticals & automotive production Centralized control (event based) Water distribution; wastewater collection; oil & natural gaz pipelines; electric power grids; railway & transportation systems; etc .. Data Non Manufacturing Asset Tracking: Rented cars, ships, goods, fleets City: lighting, traffic lights, CCTV Machine remote monitoring & maintenance Utilities Metering Security & Identification Environ. monitoring Retail; Health care; IT & Network monitoring; ATM Mostly Local HVAC Lighting Security Safety Elevators Boilers / Chillers Access Monitoring Fire alarms … OT SCADA: Supervisory Control and Data Acquisition PLC: Programmable Logic Control RTU: Remote Terminal Unit EID: Intelligent Electronic Device DCS: Distributed Control System MES: Manufacturing Execution System BAS: Building Automation System HAS: Home Automation System VERY LOCAL Robots manuf.& ctrl; Car park ctrl; Train ctrl station system; Food prcssng; Materials handling Machine tools Colla- or Cloud boration Appl App Appli ianc lian ance Social media apps on e ce PCs Heating Lighting Security Garden watering Shutters Air conditioning White appliances Energy Middleware Transactional systems TransacExchange tional systems systems Social media; Web; Desktop Interface servers (Web, C/S app, dematerialisation, ..) Voice, music, feeds, video, messages, SMS, Social Data Transactional Data Market Data Public Data People People Entertainment Multi-media Information E-Health R&D Design Marketing Communications General Management Sales Procurement SCM ERP Accounting Personal NETWORKS C&C systems Service Financials Controls & Audits CRM HR IT HEMS: Home Energy Management System OT: Operational Technology 118 Domains of Use are split in 3 main Categories IoT Solutions belong to THREE MAIN CATEGORIES In the Customer facing category, Things are: In the Machine-to-Machine « M2M » category, Things are: locally deployed and actioned upon remotely distributed accessed via local networks with short distance ranges accessed directly via usually long distance networks managed with a simple local control system, albeit control via Internet are now commonly available Managed with one centralised level of process control In the context of Manufacturing, the Operational technology « OT » category, Things are: locally or remotely deployed accessed via local or long distance networks managed through several levels of process controls 119 Exemple: HOME: La Smart Life Centrale nucléaire Centrale charbon Même principe quand il s’agit des appartements d’un immeuble Parc Eolien Ferme solaire De quartier De quartier Centrale de réserve Centrale gaz GTB Quartier ou immeuble Régulation énergétique et partage EnR au niveau du quartier Détecteur pluie vent Réseau HTB RTE Capteurs – détecteurs actionneurs divers Photovoltaïque Barrage hydroélectrique BT C/C réseau Poste source Solaire Thermique Ferme solaire EnR -> Antiinondation climatisation Réseau HTA ERDF Parc Eolien Prise capteur-actionneur Poste de transformation Compteur Linky C/C réseau CPL Voletroulant e-SANTE Radiateur Électr. Commande par compteur Opérateur Comptage Tableau électrique TV Dect Radiateur à eau EnR -> Ballon eau chaude Différents cas de chauffage et eau chaude ADSL xBox Gestionn. alarmes Par électr. Chaudière au gaz, au bois, etc… Opérateur Internet Wifi EnR -> C/C Z_Wave C/C 6LoWPAN C/C ZigBee C/C effacement BluetoothLE cinéma Youtube Opérateur production énergie Opérateur agrégation effacement Opérateur Multi-média Réseau Internet FO Opérateur Telco LTE marchands LTE Opérateurs de services Media sociaux Réseau Opérateur Tél Stockage 120 Lots of Things for lots of disjoint function zones Solutions can be categorized into 6 usages domains: 1. Entertainment: TV, radio, gaming, streaming music, video 2. Information & communication: telephone, Internet, social media, 3. Comfort: heating, lighting, air conditioning, shutters, vacuum cleaners, garden watering, lighting, washing machines, boilers …. Lots of (remote) controls almost one per function 4. Security & Safety: video cameras, anti-intrusion detectors, smoke detectors, … 2G/3G/4G Operator Network 5. Health: e-health devices, pedometers, quantified self, .. 6. Energy & utilities: water, gas, electricity meters, home energy box, Each domain may be futher split into different zones as solutions are usely dedicated to one or few functions within a specific zone Each zone has developed its own eco-system of actors, technologies, standards & business models with hardly any overlap hitherto Local ENERGY Supply Solar panel; micro windturbine; Garage Shutters Door Heating Lighting Hot Watering Cooling Water White APPLIANCES WSN gateway WSN gateway WSN WSN gateway WSN gateway gateway Electricity distribution Distribution panel eHEALTH WSN gateway Gaz distribution PC SECURITY Smoke, CO², intrusion, motion, flood detection; gaz leakage; video monitoring; access control Alternative ELECTRICITY Service Provider Meter External ELECTRICITY SUPPLY Electricity distribution systems APPLIANCES WSN gateway Functions are usually actioned upon in-house and more and more monitored and actioned upon at distance with smartphones: so distance is becoming irrelevant as smartphones are becoming C&C devices Local ELECTRICITY Supply Thermal solar panel; Heatpump; gaz or wood boiler; Tel TV Water distribution Other Multimedia & gaming Pheripherals INTRANET Network Other Telecoms Network External GAZ SUPPLY Gaz distribution systems External WATER SUPPLY Water distribution systems OTHER TELECOMS INTERNET CONNECTION Other Telecoms Distribution Media Operator Internet Access Network Information Provider Telecom Operator 121 Lots of protocols for lots of disjoint function zones Wireless sensors network Telecom Operator Tel & SMS LTE 2/3/4 APPLICATION LEVEL NETWORK LEVEL PHYSICAL MEDIUM Internet gateway 2G/3G/4G Operator Network Protocols being used PAN Internet PAN related Web server Local remote control acting as C&C device Local ENERGY Supply Typical zone architecture around one protocol set Multimedia Windows . Upnp . DNLA . Thread . Web Pipes BT WIFI a/b/g/n Local ELECTRICITY Supply Thermal solar panel; Heatpump; gaz or wood boiler; Dry switch Solar panel; micro windturbine; Wires Heating Garage Hot Watering Door Water Thread 802.15.4 ZigBee 802.15.4 WSN WIFI a/b/g/n Multi media Somfy IrDA KNX Pr Radio Pr Radio UPnP . DNLA Pr Radio ProfiBus RS485 twpairs PLC EIB/ Konnex RSxx BT ModBus RS485 EIB/ Konnex PLC EnOcean Pr Radio ANT+ Pr Radio Pr appl EHS/ Konnex LIFI Pr Radio Thread PLC Delta Dore X2D Shutters Lighting Cooling xxxxxx ZWave WSN X10 White APPLIANCES Pr appl GSM Alternative ELECTRICITY Service provider Electricity distribution BT Thread WIFI Thread 802.15.4 Electric Wires Meter Distribution panel WSN LonWorks RS 432 eHEALTH twpairs APPLIANCES Gaz Pipe Gaz distribution Insteon Pr Radio ANT+ WSN twpairs WSN WSN WSN gateway KNX gateway gateway WSN WSN gateway WSN RS 432 gateway gateway gateway Pr Radio Delta Dore X3D WIFI ac WIFI ac PLC PC Remote mngt Local mngt LTE WIFI SECURITY Smoke, CO², intrusion, motion, flood detection; gaz leakage; video monitoring; access control DNLA UPnP BT HMI cable USB HMI HMI DNLA UPnP cable cable BT Tel IrDA cable Pheripherals WIFI Wle: Dect External GAZ Gaz distribution systems SUPPLY Gaz Pipe PLC External WATER SUPPLY Water Pipe Other Telecoms Network OTHER TELECOMS Ethernet RJ45 wires Water distribution systems Water Pipe Other Telecoms Distribution Coaxial ITU DVBx Media Operator Satellite Coaxial TV PLC IEEE P1905.1 / IEEE P1901.2 HomeGrid / HomePlug / ITU-T G.hn Electr. wiring Water distribution Other Multimedia & gaming INTRANET Network WIFI a/b/g/n Electricity distribution systems External ELECTRICITY G.hnem /IEEE 1901 SUPPLY PLC: G3/ IUT-U Electric Wire Wire for metering twpairs Connection to Intranet Distant Smartphone acting as C&C device WSN gateway INTERNET CONNECTION Internet Access Network FTTH ADSL / VDSL Fiber Optics Tel wires Information Provider Telecom Operator 122 Lots of Telecom Media & Protocols LONG DISTANCE LoRA LOW RANGE INDOOR SigFox 6LowPAN IEEE 802.16 WiMax Thread X10 IPSO PSTN WiMAX Security Insteon Thread DNLA EnOce an DNLA UPnP Cellular / Radio KNX UPnP WinDows MOCA ModBus Home Grid ZWave Home Plug NFC IEEE P1905.1 IAE RS485 RS432 IEEE 802.3 Ethernet xxxx Twisted wires RJ45 Coax RFID IEEE ITU-T P1901.2 G.hn CPL ISO IrDA NFC 18000 RFID Electric network Local radio ANT+ Proprietary Monitoring & tracking services WinDows Zig Bee LIFI IEEE 802.15.4 IEEE 802.15.7 visible light Blue Tooth WiFi IEEE 802.15.6 Body IEEE 802.11 a/b/g/n WiFi IEEE 802.11 ah WiFi DECT IEEE ULE 802.15.1 Bluetooth DECT Smart 3GPP D2D Small Cell 3GPP 2G, 3G, LTE LTE LTE Telecom operator Internet Local wireless POTS Tel wires Security services provider ADSL ISP FO FTTH Satellite ITU DVBx Satellite operator Coax TV Cable operator Electric Network From IT From automation From Telecom From Energy Physical Medium Comfort Consortium Security IEEE P1901 CPL « G3 » ITU-T G.hnem Electricity Operator Media operator DR operator 123 IoT: What for ? Why now ? DRIVERS OF EVOLUTION STATUS The need for better decision-making & efficient operations is accelerating Since the dawn of Humanity, human beings have always tried to overcome the limitations of their 5 senses, totally inadequate to help them correctly understand their environment, survive and develop safely, The huge pressure on entreprises to better manage the complexity of the modern world, to meet the challenges of ever higher levels of performance, flexibility, efficiency, time-to-market, and to be more competitive in an ever harsher globalized market. The new major regulations to cope with: energy savings, car safety, e-Health, etc.. The fast growing new markets for connected Things: connected cars, eHealth, Smart Grid, ... The hope, even the faith, that technology will help discover new ways in providing everybody with a better, more secure and safer life, More signals, data, information have always been expected to help alleviate the uncertainties generated by the hazardous geographically distant present and the future. Hence, human beings had to constantly develop new tools to get an ever better knowledge about their environments, Therefore, connected sensors & actuators have been used routinely for several decades in countless Solutions, mainly outside the realm of Information Systems. Existing solutions seem to have reached their structural limits designed and operated in vertical siloes by functions, hardly interoperable nor upgradable nor scalable, no security or privacy by design, still using lots of proprietary or specialized protocols WHAT IS EXPECTED The hopes are focused on a new approach, Internet of Things, based on what made Internet so successful: freeing up the creativity for generating more value by using a limited set of global open standards in an open approach to facilitate the design of new service oriented applications & tools. The business models are still to be properly identified and may be elusive for some times More Business & Personal Value Creation thru 1. More data for more context knowledge for better decision making 2. More inter-operability for better processes integration ENABLERS Lower costs More capabilities Smart Things Big Data Processing power 3. More intelligent actions for better controls on the environment 124 IoT: How ? 1. Things, representing the physical world, are being promoted as Full Members of Internet , alongside People and Applications: Internet of Things 2. The Internet philosophy of OPENNESS enables Global InterOperability, security and privacy notwithstanding, so as to: INTERNET Allow the direct interactions of any Thing, People, Application Facilitate the processing of all kinds of data together at all levels, using the same BI & Big Data tools in order to get better comprehensive situation awareness, enhanced actionable insights, better modelisations and more accurate prediction capabilities Trigger the integration, at all stages, of all kinds of processes within and outside the entreprise, vertically or horizontally In replacement of a situation where hardly inter-operable single function dedicated vertical « stove-piped » solutions prevailed Internet of Things solutions are structured around following components: 1. Using THINGS (sensors, actuators, tags) to cheaply extract ever more signals from the physical world, at an unprecedented scale, in digital format (data), 2. TRANSMIT them via relevant networks to the right locations, 3. where they are PROCESSED with other types of available data, using modern Big Data tools, to generate insightful knowledge, triggering the right decisions and timely actions 4. Operated In Managed & Secure ways 5. leveraging the successful Internet approach: The ubiquity and cheap aspects of the Internet Network The powerful standardised set of Internet protocols and software stacks for all types of interactions on all kinds of devices The existing huge eco-system of Internet applications development environments and the huge number of expert developers for fast applications development . 6. Things must be « equipped » with the right adapted Internet-based protocols & software stacks (typically TCP/IP & SOA Web services) and more and more local intelligence. 125 A new holistic vision for representing and interacting with the World The ongoing Digitisation of the World generates huge flows and sets of data representing the status and actions of the physical world, the business related activities and the human activities Everything being DATA, the « World » can be processed by softwares in almost limitless ways, far more flexible and open to creativity : That’s the The Entreprise via the dematerialisation of information supports and exchanges, the transactional applications and Office Automation data (docs, mails, etc..) The Public Offices and other Institutions producing huge sets of Open & Market Data People, via the data tracks they leave while Web browsing, socially interacting, mailing, telephoning, storing & sharing pictures, playing games, watching videos, accessing information, buying, positioning themselves, .. The Physical World via the digital signals collected from Things Softwerisation of the World SMART GALAXY (M Andreesen: « software is eating the world ») SMART PLANET Every IoT system, as processing data to manipulate the World, is becoming an SMART COUNTRY Information System sometimes called Cyber-Physical Systems 5G Future INTERNET However, we are exchanging the old complexity of dealing with sets of hardly interoperable solutions with a new complexity of linking and integrating more and more entities everywhere, anytime, of any type. There is a need to Manage Complex Integrated Environments a never ending layering up of sytems of systems SMART FACTORY SMART DEFENSE SMART CITY SMART UTILITY SMART RETAIL SMART TRANSPORT SMART HEALTH SMART BUILDING SMART CAR SMART HOME SMART ENERGY / GRID SMART HUMAN SMART AGRICULTURE SMART GOV SMART OBJECTS 126 Towards Home as a Service : integrated management solutions ? 2G/3G/4G Operator Network Local ENERGY Supply Thermal solar panel; Heatpump; gaz or wood boiler; Local ELECTRICITY Supply Solar panel; micro windturbine; Garage Door Watering Heating eHEALTH Shutters APPLIANCES Electricity distribution Lighting Hot Water Cooling White APPLIANCES WSN gateway WSN gateway WSN gateway WSN gateway HAS WSN gateway WSN gateway Distribution panel WSN gateway HEMS Other Multimedia & gaming PC Tel SECURITY Smoke, CO², intrusion, motion, flood detection; gaz leakage; video monitoring; access control Meter External ELECTRICITY SUPPLY Gaz distribution External GAZ SUPPLY Water distributio n External WATER SUPPLY TV Pheripherals Alternative ELECTRICITY Service Provider Other Telecoms Network INTRANET Network OTHER TELECOMS INTERNET CONNECTION Home Automation System 127 Evolution of M2M architectures …. M2M Platform …. Towards IoT, mainly as a way to help Telecom Operators develop a market for managed M2M services platforms linking Applications to Things 128 Smart Building via Sharing & Integration 129 Category 3: OT & IT Convergence OT side taking into account more and entreprise & context data events to yield more pro-activity IT side taking into account more and more real-time data & events to yield more reactivity ERP MES Management level KM Management level DECIDE PLM Transactional level Supervision SCADA level HMI DCS Interface level Control level Entry level Field level RTU PLC IED sensor machine actuator 130 The various layers of protocols for interoperability Internal Appl. + Other Informations Security & privacy Manage Secure Things Management Decide Access Network CORE NETWORK AN. Process Analyse Act Orchestrate PHYSICAL WORLD PLATFORM External Data Distributed Decision Making Semantics Middlewares & other applications interactions modes Things Design Choice of Networks Things Naming & Addressing Things Data analysis & Modelling Integration in Management Processes & Operational Processes 131 Reference diagram Manage Orchestrate Extended Entreprise Secure Orchestrate Extended OT Orchestrate Local OT OT Global Security Orchestrate Extended IT Other same company entities operations Social Media External Data IT Long decision making loop MNGT Entreprise Upwards Process Governance PLM Things organised in various levels of local connectivity and controls LAN Access Networks CORE NETWORK AN ALY Analyse SIS Long decision Business making loop Corporate Governance Other DBs / ERPs ANALYSI Analyse S OT Management Entreprise Downwards Process PAN or FF PHYSICAL WORLD Individual Things with imbedded network access Third Parties Commerce Third Parties Operations Market Places Requirements for changes gateway Personal Area Network Factory Floor Potentials for Local Processing Distributed Decision making Pre-processing Acting: Command / Control Planning « Creation » Modelisation Development Tests Integration Design System Engineering + Entreprise Architecture Prototyping Requirements for changes 132 Issues & Challenges Heterogeneity Number of Things Interoperability Volume of data Scalability Complexity of solutions Processing and mining the data Openness -> discoverable Abstraction virtualisation Network, Naming, Computing & Analysis Capacities Standards Application, Telecom, management Middleware Thing design Adressing: IPv6 Lack of resources Right business models System EngineeringDistributed Processing Low energy protocols Energy efficiency Network coverage Naming, Resolution and discovery Multiplicity of things, versions, systems, protocols, interactions modes, etc.. Data modelling Ambient Intelligence Market fragmentation Convergent solution ? Real Time Processing Data Volume, Variety & Volacity mechanisms for predictable and deterministic resource management Deterministics Identity Management ad-hoc architecture central vs local processing Modularity Intelligent architecture zeroconfig Connection to Internet Upward compatibility Remote update/upgrade Wider surface of attacks Poor OT Security practice Dynamic changes Reliability Noisy data Unreliable resources, local ; reliable message transfer frequency jammings Data Management Ownership of Data Autonomic Objects Discovery & resolution mechanisms Gateways Global Access Semantics Management standards Timeliness of data Cost of connectivity Openess Security & Privacy • Instantaneous thing state (sleep, ..) programmability • dynamic network (de)/attachement • Mobility: roaming Device Management Addressing mobility Highly distributed Resilience Manageability Openness -> discoverable Noisy environment Leightweight protocol 133 CORLA 134 Altran VueForge 135 IOT & Big Data integration VueForge™ platform perspective Process Connectivity Security 136 Device Management Business Logic Real Time External Systems Integration Integration Management and reporting Massive Data processing & Analytics Security 137 138 VueForge™ PLAY Platform Rapid-prototyping and a light-weight IoT, Cloud-based platform. Zigbee, Bluetooth, NFC, Telemetry, DSRC, RFID, etc. MQTT ,STOMP, AMQP, OpenWire, WebSockets, REST, etc. Administration Front-End 139 Third parties connectivity VueForge™ Full Platform (MOON) Third party application integration definition Third party application design, integration and tests Convergent connectivity (integration, transport) Enterprise connectivity (integration, APIs) Transport solution architecture definition Traffic & capacity modeling Transport solution performance tests & optimization Network elements / Gateway design & customization Policy & charging rules - Billing Policy and charging rules definition & management Charging and billing solutions design Traffic policy management 140 Devices management Device remote installation, upgrade, back-up & restore Device remote monitoring, alarm management Device Interoperability tests Business application integration definition Business application design, integration and tests Customer infrastructure design for performance and reliability Authentication, security, monitoring Security audit Global security solution Design, installation and configuration Aging, Defense & robustness testing Health monitoring Platform management services Database management MOON installation, upgrade, back-up & restore MOON Fault, Configuration, Accounting, Performance Self Optimizing services Data model definition Data access monitoring and analysis Data replication & import/export for business client or end user 141 ITS SECURITY PIERPAOLO CINCILLA IRT SystemX 142 #IoT2015 ITS Security (ISE) Pierpaolo Cincilla, Brigitte Lonc, Paul Labrogere C-ITS: Challenges and Opportunities New Complexity Vehicles communicate and cooperate New Applications Lane Keeping Entertainment Adaptive Cruise Control 144 C-ITS: Challenges C-ITS Safety Security Mobility Management Traffic Organization 145 C-ITS Security Authenticity Integrity Non repudiation Privacy Confidentiality Main Security Requirements Attack Description Attack Severity Attack Probability Risk Analysis RACE Evita TVRA 146 C-ITS Privacy Issues Tracking Avoidance Personal Data Broadcast (e.g. location, speed, …) Data Protection Compliance With National / International Laws 147 ISE PROJECT Cooperative safety and mobility applications depend upon data from other vehicles and the infrastructure Context Vehicles exchange messages via ITS G5 / 802.11p Broadcast/Geocast information to neighbor vehicle dynamics info (position, speed, heading …) complete perception of dynamic environment for active safety and future autonomous cars Trust Security and privacy are paramount Challenges Trust Build affordable ITS secured systems and enabling security infrastructure (PKI) Provide solutions to ensure scalability, security and safety Methods and Tools to design and validate trustworthy ITS systems Partnership : • French pilot of cooperative ITS (Scoop@F) • Automotive Electronics and Software (ELA) Financial support: Academic support: 148 ISE PROJECT: SECURED INTELLIGENT TRANSPORT SYSTEMS Cooperative safety and mobility applications depend upon data from other vehicles and the infrastructure ISE Objectives ITS security requirements analysis and risk management (day1 and future applications) Dependability Security architecture design and development and security (on-board and off-board) Adaptability PKI design & development (performances, scalability) Definition of the security system certification process CRITICAL SOFTWARE Validation platform for security tests Scalability (penetration tests) Providing software technologies and processes for dependable & secure systems Financial support: Academic support: 149 ISE PROJECT: SECURED INTELLIGENT TRANSPORT SYSTEMS ISE Architecture Overview RCA 3G/4G AA EA Backbone Network PKI RSU Roadside ITS-S gateway ITS Service Center 150 ISE PROJECT: SECURED INTELLIGENT TRANSPORT SYSTEMS ISE PKI Architecture RCA Distribution Center Manufacturer EA AA ITS-S 151 ISE PROJECT: SECURED INTELLIGENT TRANSPORT SYSTEMS ITS Embedded Architecture (ETSI/ISO) On-Board Unit FACILITY SECURITY CAM DENM SAM SPAT MAP LDM NETWORKING NF BTP TSL req. Sngl. msg. HSM TCP/UDP GN Enrl./Auth. S F IPv6 S N Integrity S H Crypto. Storage Rply. prtc. ACCESS 802.11p IN Account. 3G/4G SI Plausibility Misbehav. Legend Layer Module API 152 ISE PROJECT: SECURED INTELLIGENT TRANSPORT SYSTEMS Dissemination Contribution to the European Telecommunications Standards Institute Contribution to the Internet Engineering Task Force (TLS specification) ELA Contribution to the security system deployment (PKI) SCOOP@F Complementarity: ELA --> In-Vehicle Security Solutions ISE --> Inter-Vehicle Security Solutions 153 ISE Demonstrator ITS WC Bordeaux Scenario Future@systemx Player 1 Player 2 OBU-1 Personal car OBU-2 emergency or hacker 154 ISE Demonstrator 155 156 C-ITS Architectures ISO CALM C2C-CC IEEE WAVE ETSI C-ITS Public Key Infrastructure (PKI) ETSI C2C-CC IEEE Context: IRT-SystemX Rail infrastructures Networks and digital infrastructures Composites materials Digital Systems Engineering Materials engineering and metallurgy Infectiology Nanoelectronics Aeronautics, space et embedded systems Strong links with competitiveness clusters, Co-localized staff, 50% founds by PIA 159 Context: IRT-SystemX Value Creation by Technology transfer Fostering synergies between academic and industrial communities A worldwide center of excellence in Digital Systems Engineering 160 CLOSING SESSION JEAN-PIERRE TUAL THIERRY HOUDOIN President of the Digital Trust & Security WG President of the Telecoms WG 161 #IoT2015