Commission Funded Research for Security and Trust in ICT ------------- At: “ECRYPT: Perspectives and Challenges for Academia and Industry” ---------- 27 May, 2008 – Antwerp Jacques Bus, Head of Unit DG Information Society and Media 7th EU Research Framework Programme 7th EU Research Framework Programme (FP7: 2007- -2013) 2013) (FP7: 2007 Total 50,521 M€ Total 50,521 M€ FP7 Cooperation Programme: 32,413 M€ The 10 Themes Space; 1430; 4% Security; 1400; 4% Socio-economics; 623; 2% Health; 6100; 19% Transport; 4160; 13% Food, …; 1935; 6% Environment; 1890; 6% ICT Security & Trust ICT Security & Trust Energy; 2350; 7% ICT; 9050; 28% NMT; 3475; 11% Strengthening Competitiveness through Co-operation 1
I CT Work Programme 2007- -08 08 I CT Work Programme 2007 Security & Trust in other I CT- -FP7 Objectives FP7 Objectives Security & Trust in other I CT End-to-end systems for Socio-economic goals ICT for ICT for Sustainable & Digital Mobility, Independent libraries personalised Environment, Living and & Content healthcare Energy Inclusion Pervasive & Trusted ICT for Cooperative Systems Technology roadblocks Future and Emerging Network & service infrastructures Virtual Physiological Human ICT & Ageing Technologies Cognitive systems, Interaction, Research in Robotics Security & Trust Components, Systems, Engineering Embedded Systems Design Computing Systems Networked Embedded & Control Systems Security and Trust in FP7 - - I CT WP 2007 I CT WP 2007- -08 08 Security and Trust in FP7 110 M€ I dentity m anagem ent, privacy, trust policies Netw ork Dynam ic, reconfigurable infrastructures service architectures 2 Projects 1 Project 5.8 m€ 9.4 m€ 4 Projects 3 Projects 4 Projects 11 m€ 20.5 m€ 18 m€ Critical I nfrastructure Protection 9 Projects: 20 m€ Enabling technologies for trustw orthy infrastructures 6 Projects: 22 m€ Biometrics, trusted computing, cryptography, secure SW Coordination Actions 4 Projects: 3.3 m€ Research roadmaps, metrics and benchmarks, international cooperation, coordination activities 2
Project content – Project content – some details some details Security in Network Infrastructures Security in Network Infrastructures � Resilience of and across heterogeneous networks � Data gathering and analysis for understanding and preventing cyber threats Security in service infrastructures Security in service infrastructures � Assuring security level and regulatory compliance � Specification and validation of trust and security of SOAs User User- -centric identity and privacy management centric identity and privacy management � In Future Networks and Services (Future Internet) � Trusted SOA enabling user-centric data mgt policies � Privacy-preserving network monitoring Security Enabling technologies Security Enabling technologies � Crypto; Trusted Computing; Biometrics � Secure software and software assurance Critical I nfrastructure Protection Critical I nfrastructure Protection Joint Call with Security Programme Joint Call with Security Programme - - I CT focus I CT focus � understanding and managing the interactions and complexity in ICT infrastructures underpinning CI’s � designing and developing secure and resilient information and process control systems � metrics and benchmarks for comparative evaluation 3
CRYPTO : Some history CRYPTO : Some history � Commission interest in ICT Security takes its roots in the early 90’s. � First INFOSEC decision (march 1992) set up SOG-IS and foresaw an R&D programme (12 Meuros for 1992-1994). In practice, significant activity started only after 1997 � Some projects were also funded under the ESPRIT, RACE and the ACTS programmes. CRYPTO in FP5 CRYPTO in FP5 FP5 (DG INFSO) NESSIE http://www.cryptonessie.org (KUL) � 01/01/2000 - 40 months, 2.65 Meuros (EC contribution) � a portfolio of strong cryptographic primitives. STORK http://www.stork.eu.org (KUL) � 01/07/2002 – 12 months, 200 Keuros (EC contribution) � a coherent research roadmap and a shared agenda for crypto- research and development within FP6. AREHCC http://www.arehcc.com (Philips Semiconductors GmbH) � 01/12/2001 – 27 months, 3 Meuros (EC contribution) � Implementing advanced elliptic-curve and hyper-elliptic curve cryptographic technologies for improved performance in software and embedded systems Other related projects: various PKI projects (PKI challenge, OPEN-PKI, etc.) 4
CRYPTO in FP6 and in PASR CRYPTO in FP6 and in PASR FP6 (DG INFSO ) ECRYPT (NoE) http://www.ecrypt.eu.org/ (Katholieke Universiteit Leuven) � 01/02/2004 – 54 months , 5.5 Meuros (EC contribution) � to maintain and strengthen the excellence of European research and industry, strengthen and integrate research, Improve the state of the art in practice and theory in the areas of cryptology and watermarking and develop a joint infrastructure for testing and benchmarking. SECOQC (IP) http://www.secoqc.net/ (ARC Seibersdorf research GmbH) � 01/04/2004 – 48 months, 11.3 Meuros (EC contribution) � to specify, design, and validate the feasibility of an open, Quantum Key Distribution infrastructure dedicated to secure communication as well as to fully develop the basic enabling technology. PASR (DG ENTR ) SUPHICE http://www.suphice.com (Thales e-Security) � 01/02/2005 – 18 months, 1.3 Meuros (EC contribution) � to address interoperable security standards, demonstration of secure ad-hoc network provision and definition of tangible EU security policy by extending the current state-of-the-art. SECOQC: QUANTUM KEY DI STRI BUTI ON SECOQC: QUANTUM KEY DI STRI BUTI ON � QKD is the first Quantum Information Processing and Communication technology to be transferred into an applicable and marketable product. � QKD provides randomly generated keys to two parties in a perfectly secure manner, even against adversaries with arbitrary computing power. � This task is impossible with classical communication and local processing alone. � Asymmetric cryptographic methods, as used today for key distribution, are likely to be rendered insecure, at the latest with the advent of quantum computers. 5
The Role of ECRYPT The Role of ECRYPT ECRYPT at the core of European research efforts: � Successful in avoiding fragmentation and in integrating the communities � Needed for cryptology as a fundamental enabler for trust and security in all domains As society and the economy evolve, so do their assets and their vulnerabilities; with technology progressing, so do the threats to the integrity, confidentiality and availability of those assets. There is a continuing need for European excellence in cryptology to protect EU’s strategic assets Drivers for Research in I CT Security & Trust Drivers for Research in I CT Security & Trust � Networks, Data & Services – Technology Complexity – Cyber-threats, cyber-crime – The future of the Internet – Critical (Information) Infrastructures � Users and Society – Privacy, Human Values – Trust, Empowerment 6
Complexity and Complexity and globality globality “The Internet is broken” • Scalability Billions of components and • Dependability transactions • Resilience s e i t • Real-time control r e p o r P w e N End- -to to- -End security and trust End security and trust End in highly complex networks and services in highly complex networks and services Data Collection and its dangers Data Collection and its dangers for business, to provide personalized innovative applications and services for citizens, to better com m unicate and interact, im prove the quality of their life for governm ents to service citizens and business ( e- governm ent, e-education or e-health) for governm ents again, to provide public security ( protection against crim e or terrorism , border-control, protection of critical infrastructures, etc.) What about: privacy, proportionality, role and control of user 7
Trusting The Future I nternet Trusting The Future I nternet � Securing the architecture – Secure, trusted and privacy respecting – Secure, trusted and privacy respecting architecture architecture – Secure network management & control – Secure network management & control – Virtualisation and overlays, introducing – Virtualisation and overlays, introducing location and time location and time � Protection against Threats � – Threat prediction and prevention – Threat prediction and prevention – Self – Self- -protection and resilience protection and resilience � Privacy, IDM and Trust � – Identity in the Future Internet (persons, – Identity in the Future Internet (persons, things, virtual entitties entitties) ) things, virtual – Trust instantiation in the Future Internet – Trust instantiation in the Future Internet Privacy, I DM for Trust Privacy, I DM for Trust � � Trust in the digital economy; properties & models? Trust in the digital economy; properties & models? � Identity in the emerging Information Society � Identity in the emerging Information Society � How to protect our personal sphere (user centricity, � How to protect our personal sphere (user centricity, usability) usability) � � Cost of Security: (money, loss of democratic values) Cost of Security: (money, loss of democratic values) 8
Recommend
More recommend