The Presentation focusses on the development from current mobile networks into the future sensor-driven mobile networks. A special focus is given on security aspects, especially measurable security of systems. The presentation was given at the IDC Mobility Series 2012 in Budapest.
Who ownes the SIM? a user-centric view on future networks
Measurable Security in Mobile Systems
1. Center for Wireless
Innovation Norway
cwin.no
CWI
Norway IDC Enterprise Mobility
Budapest, Nov 2012
Measurable Security in Mobile
Networks
Josef Noll
Prof. at University of Oslo/UNIK
Member of CWI Norway
josef@unik.no
2. Outline
! About the Center for Wireless Innovation (CWI) Norway
! Mobile Network Evolution
– From People
– To Things
! The way ahead: Internet of Things
– connection of sensors to mobile
– business decisions based on information
! Security Challenges
– BYOD “bring your own device”
– Be aware of the value of information
– Measurable security
! Use case for
– From Entertainment to Socialtainment
– Sensor data fusion
! Conclusions
Measurable Security in Mobile Networks Nov 2012, Josef Noll 2
3. Center for Wireless Innovation CWI
A facilitator for industry and seven research
institutions to form strategic partnerships in
wireless R&D
n to
t io
o ra arc h
B3G BS
Sensor
ab ese
Networks
Aggregation
ll
Sensor Network
Abstraction &
Home/Office
Monitoring
c o e r
r o m at iv Sensor
Networks
F b o r Car
la
Offshore
co l Sensor
Networks Sensor
Networks
Nov 2012, Josef Noll
4. Generations of Mobile Networks
Service view
Personalised broadband
4G? LTE wireless services
3G: UMTS Multimedia communication
2G: GSM Mobile telephony, SMS,
FAX, Data
1G:
NMT Mobile telephony
1970 1980 1990 2000 2010
[adapted from Per Hjalmar Lehne, Telenor, 2000]
Measurable Security in Mobile Networks Nov 2012, Josef Noll 4
5. Generations of Mobile Networks
Service view Security view
IP security with
Personalised broadband heterogeneous access,
4G? LTE wireless services sensors
3G: UMTS Multimedia communication Open, modular security
architecture - force 2G
2G: GSM Mobile telephony, SMS, One way authentication,
FAX, Data encryption visibility, “obscurity”
1G:
NMT Mobile telephony tap the line,
connect in
1970 1980 1990 2000 2010
[adapted from Per Hjalmar Lehne, Telenor, 2000]
Measurable Security in Mobile Networks Nov 2012, Josef Noll 4
6. IoT paradigm
• The present "Internet of PCs" will move towards an "Internet of
Things" in which 50 to 100 billion devices will be connected to
the Internet by 2020. [CERP-IoT, 03.2010]
• “We are entering a new paradigm where things have their own
identity and enter into dialogue with both other things and
humans mediated through processes that are being formed
today. [IoT Europe 2010 conf., 06.2010]
"Now
subs we have
c
30...5 ribers. I roughly
0 n 5
! The speed of development – H Mio de some ye .2 Mio m
ans C vices ar w obile 2010
hristi o e
an H n the m will hav
augli o e
, CEO bile net
“In 201 , Tele work
2 there nor O ”
storage on single chip
people were m bject
on the ore dev s
– Han mobile ic
s Chris networ es than
tian Ha k of Te
ugli, CE lenor”.
O, Tele
nor Ob
jects
source: Gerhard Fettweis, TU Dresden
Measurable Security in Mobile Networks Nov 2012, Josef Noll
7. [Source: J. Schaper, FI PPP Constituency Event Nice, March 2010] Josef Noll
Nov 2012, 6
Measurable Security in Mobile Networks
8. The IoT technology and
application domain
business reliability
decisions
privacy
Measurable Security in Mobile Networks Nov 2012, Josef Noll 7
9. Outline
! About the Center for Wireless Innovation (CWI) Norway
! Mobile Network Evolution
– From People
– To Things
! The way ahead: Internet of Things
– connection of sensors to mobile
– business decisions based on information
! Security Challenges
– BYOD “bring your own device”
– Be aware of the value of information
– Measurable security
! Use case for
– From Entertainment to Socialtainment
– Sensor data fusion
! Conclusions
Measurable Security in Mobile Networks Nov 2012, Josef Noll 8
11. Security in the Internet of Things?
Source: L. Atzori et al., The
Internet of Things: A survey,
Comput. Netw. (2010), doi:
10.1016/ j.comnet.2010.05.010
Text
Measurable Security in Mobile Networks Nov 2012, Josef Noll 10
12. Security in the Internet of Things?
Source: L. Atzori et al., The
Internet of Things: A survey,
Comput. Netw. (2010), doi:
10.1016/ j.comnet.2010.05.010
Trust
Text
* context-aware,
* “privacy”
* personalised
Measurable Security in Mobile Networks Nov 2012, Josef Noll 10
13. Security challenges
! Sensors everywhere Request
Semantic layer
Semantic layer
– Service Oriented Mobile, Internet
Proximity,
Architecture Service
Sensor
e, Mobile/Proximity/ Service Registry
hom ors
al, ens
Sensor services
dic l s
me ria
ust
sensors
sensors
ind
! Bring your own device
(BYOD)
– 30-100 devices/employee Contacts
Calendar
– “phone in the cloud” SMS, ...
! virtualisation PC, MA C, phone, tab,
! security, e.g. apps pod, pa d, embedded...
Measurable Security in Mobile Networks Nov 2012, Josef Noll 11
14. Measurable Security
! Value of information is &
lys
na nt
– Identify k A sme
Ris ses
– Analyse As
– Evaluate Risk
Measurable security sis
!
analy
fit
– “Banks are secure” -B ene
– IETF working group: Better C ost
than nothing security
– Cardinal numbers?
Measurable Security in Mobile Networks Nov 2012, Josef Noll 12
15. Security Challenges in sensor-
enabled clouds
! Security, here
– security (S) Cloud services
– privacy (P) Intelligence
challenge:
Overlay physics
– dependability (D)
Network
! across the value chain
challenge:
– from sensors to physics
Sensors,
services Embedded Systems
! measurable security?
can be
Could be
composed
Is made by
Components and SPD Components,
System SPD functionalities
functionalities
Measurable Security in Mobile Networks Nov 2012, Josef Noll 13
16. SPD Metrics specification Factor Value
Elapsed Time
<= one day 0
Minimum attack potential value to <= one week
<= one month
1
4
exploit a vulnerability <= two months 7
<= three months 10
= SPD value <= four months 13
Factors to be <= five months 15
considered <= six months 17
> six months 19
Expertise
where •Elapsed Time Layman 0
Calculated attack •Expertise Proficient
Expert
3*(1)
6
potential •Knowledge of Multiple experts 8
functionality Knowledge of
functionality
•Window of opportunity
Public 0
with •Equipment
Attack scenarios Restricted
Sensitive
3
7
Critical 11
SPD SPD SPD Window of
level attributes threats Unnecessary / unlimited 0
access
Easy 1
Essential to build Moderate 4
Difficult 10
Base of knowledge Unfeasible 25**(2)
Equipment
Functio Standard 0
SPD
System
nality system Specialised 4(3)
Bespoke 7
Multiple bespoke 9
[source: Andrea Fiaschetti, pSHIELD project, Sep 2011]
Measurable Security in Mobile Networks Nov 2012, Josef Noll 14
17. Outline
! About the Center for Wireless Innovation Norway
! Security in Mobile Networks
– Privacy
– Dependability
! The way ahead: Internet of Things
– connection of sensors to mobile
– business decisions based on information
! Security Challenges
– BYOD “bring your own device”
– Be aware of the value of information
– Measurable security
! Use case for
– From Entertainment to Socialtainment
– Sensor data fusion
! Conclusions
Measurable Security in Mobile Networks Nov 2012, Josef Noll 15
18. Use case:
SPD in heterogeneous systems
! Nano-Micro-Personal-M2M Platform
– identity, cryptography,
dependability
! SPD levels through overlay
functionality
– answering threat level
– composing services
! Policy-based management
– composable security
! Integration into Telecom Platform
– from information to business
decisions
Measurable Security in Mobile Networks Nov 2012, Josef Noll 16
19. The IoT ecosystem
Trust ?
! Creating business
– openness, competitive infrastructure:
Consumers broadband,
– climate for innovation adaptation mobile
Business
! Public authorities climate:
market
– trust, confidence Public
Creative
Authorities
– demand demand
IoT - Business programmers
Ecosystem software
! Consumers
Academia
– (early) adapters research,
– education Entrepreneurs Sensor
education
ideas
! Infrastructure providers
– broadband, mobile
– competition
Measurable Security in Mobile Networks Nov 2012, Josef Noll 17
20. Internet usage across Europe
[Robert Madelin, Directorate-General for Information Society and Media, EU commission, Aug 2010]
* “use of IT in a proper way can increase effectiveness with 30-40%”
IS
* “we are good in technology development. But access to venture
95,1%
capital is bad in Europe as compared to the USA”.
[Aftenposten, 3. October 2011] gunhild@aftenposten.no NO
94,8%
SE
% of people used the Internet DK 93,2%
100 90,7%
IT EU
90
HE 58,8% 73,7%
80
47,5%
70
60
50
40
Tyrkia
Romania
Hellas
Bulgaria
l
Kypros
Kroatia
Italia
Malta
Litauen
Polen
Ungarn
Spania
Latvia
Slovenia
Tsjekkia
Irland
EU snitt
Østerike
Estland
e
Belgia
Slovenia
Tyskland
nia
Finland
k
ourg
nd
Sverige
Norge
Island
Portuga
Danmar
Frankrik
Nederla
Storbrita
Luxemb
Measurable Security in Mobile Networks Nov 2012, Josef Noll 18
21. Pr
i
0
30
60
90
wi vate
tPhr b ho
w iva oa mer
41
ith te db s
br ho and 83
oa m
db es
61
WWir
ir
us oue eles and
le
ed tsis s P
de
3
ou s Pof C us
ts C hom ed 39
id e
e
o
13
Greece
Int
Norway
ern f h
In et om
EU-average
te Ba e
6
rn nk
et ing
84
Ba
nk
36
On in
O lin g
Internet service usage
t n
too plin e c
Measurable Security in Mobile Networks
e
16
pu ubli onta
bl cc se ct
77
ic ont rv
se ac ices
41
rv t
eC ic
eC m es
- -b oo m
12
bougm erc
ou hm e
71
gh t er
t ce
40
19 Nov 2012, Josef Noll
22. Conclusions
• The mobile system is evolving
– bring your own devices, heterogeneity
– from sensors to business decisions
• Building the IoT architecture
– Cross-layer intelligence & knowledge
– Accounting for security
The wo
rld is w
i reless
• Measurable security
– Metrics describing threats
– Overlay description for system of systems
• Building the Ecosystem
– Human perspective: trust, privacy, context
– Security based on measures of components,
attacks and human interaction
Measurable Security in Mobile Networks Nov 2012, Josef Noll 20
23. CWI
My special thanks to
• JU Artemis and the Research • Sarfraz Alam (UNIK) and Geir
Councils of the participating Harald Ingvaldsen (JBV) for the
countries (IT, HE, PT, SL, NO, HU, train demo
ES) • Zahid Iqbal and Mushfiq
• Andrea Fiaschetti for the semantic Chowdhury for the semantics
middleware and ideas • Hans Christian Haugli and Juan
• Inaki Eguia Elejabarrieta,Andrea Carlos Lopez Calvet for the
Morgagni, Francesco Flammini, Shepherd ® interfaces
Renato Baldelli, Vincenzo Suraci • and all those I have forgotten to
for the Metrices mention
• Przemyslaw Osocha for running
the pSHIELD project, Luigi Trono
for running nSHIELD
Nov 2012, Josef Noll 21