FI-PPP Business Opportunities for SMEs April, 16 th 2014

AGENDA  Part 1: Future Internet Public Private Partnership introduction  Part 2: FI-WARE, FI-Lab & FI-Ops: what’s that?  Part 3: FI-WARE websites  Part 4: Open Specs and API: opportunities for SMEs  Part 5: Some Generic Enablers Implementations  Part 6: Sum up for SMEs 1

PART 1 Future Internet Public Private Partnership Introduction 2

Future Internet Public Private Partnership introduction (1)  European initiative to structure collaborative projects into a common program  Industrial commitment to push research results to the market (pre- industrialisation)  Together techno-push and market-pull: Propose new technologies (European leadership) Interactions with Use-Cases (fullfiment of market requirements) Involvement of new partners (especially from vertical sectors)  Large budget: 300 M€ with 100 M€ dedicated to SMEs 3

Future Internet Public Private Partnership introduction (2) 4 OPEN INNOVATION 16 Accelerators CONCORD: program coordination INFINITY: infrastructures Envirofi Environnemental Data Outsmart Utilities & Urban Monitoring Finseny Smart Grids Instant Mobility Multimodal services in urban areas Safecity Safer Cities Finest Interurban Logistics FI-Content Enriched Content SmartAgriFood Fromethe farm to the fork FI-Ware: Core Platform FIspace SmartAgri+Logistics FITMAN manufacturing Finesce Smart Grid Fi-Content 2 FI-Star eHealth 04/ /201304/201404/2015 XiFi infrastructure FI-Core: Tech Found. I3H FIC3 INNOVATE TEST ADOPT !

Future Internet Public Private Partnership introduction (3)  More info about the programme and the projects 5

FI-PPP Call 3 Scenarios UC platforms Infrastructures Generic Enablers Regional policies Entrepreneurial communities Services and applications Phase 3 project Results phase 1 + 2,……Brought into up to 20 projects… SME WE ?? SME WE SME WE ?? WE ?? WE …Involving hundreds of SMEs and WebEntrepreneurs… …Developing services and applications. Future Internet Public Private Partnership introduction (4)

Future Internet Public Private Partnership introduction (5)  Main messages 7

Video 1 Campus Party 2013 in London 8

PART 2 What’s that ? 9

FI-WARE, FI-Lab, FI-Ops: what’s that? (1)  They are 3 products  FI-WARE: Provide Generic Enablers Something you can use in different ways for your « own »platform Common part to break the silos  FI-Lab A sandbox to test and use Generic Enablers Cloud facilities distributed through Europe (5+12 data centers) What you get: free Virtual Machines (5) + 10Gb  FI-Ops: for paltform providers Tools to deploy and federate the data centers using FI-WARE framework 10

FI-WARE, FI-Lab, FI-Ops: what’s that? (2)  FI-WARE: architecture overview 11

FI-WARE Generic Enablers Cloud Enablers Data /Context Enablers IoT Enablers Apps Enablers I2ND Enablers Security Enablers

Video 2 FI-WARE Challenges 13

PART 3 FI-WARE Websites 14

FI-WARE websites (1)  Everything is on  But we will have a quick tour of: catalogue.fi-ware.org a kind of executive summary per Generic Enabler catalogue.fi-ware.org edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features edu.fi-ware.org wiki.fi-ware.org the place to find much more details wiki.fi-ware.org  And then, you will be able to create your account on FI-Lab to play and test Generic Enablers lab.fi-ware.org 15

FI-WARE websites (2)  Everything is on 16

FI-WARE websites (3)  catalogue.fi-ware.org a kind of executive summary per Generic Enabler catalogue.fi-ware.org 17

FI-WARE websites (4)  catalogue.fi-ware.org a kind of executive summary per Generic Enabler catalogue.fi-ware.org 18 Provide feedback

FI-WARE websites (5)  edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features edu.fi-ware.org 19

FI-WARE websites (6)  edu.fi-ware.org : you can find detailed courses per Generic Enabler edu.fi-ware.org 20

FI-WARE websites (7)  wiki.fi-ware.org the place to find much more details wiki.fi-ware.org 21 Key points !

FI-WARE websites (7) 22 API Open Specs From description to concrete softwares

Video 3 Smart City Expo

PART 4 Open Specs and API: Opportunities for SMEs 24

Open Specs and API: opportunities for SMEs 25  Open Secs: FREE Documentation is available You can understand main features of Generic Enabler: (can be re-use for multiple verticals and associated service platforms) Your comments are more than welcome! Become part of the community and share with us, and with your ecosystem  API: FREE For your developers to plug your onw software into Generic Enablers To develop your own instances of Generic Enablers and be compliant & interoperable Open or create your paltform/services to/for other verticals Again, your comments and contributions are more than welcome!  Licence models (for concrete softwares) 70% are now in Open Source => you can contribute !

API example: OMA-NGSI (1) 26  OMA NGSI 9 & 10: API for 11 Generic Enablers  Data & Context Management: Context Broker Complex Event Processing Big Data Location Platform  Internet of Things Backend Device Management Backend Configuration Manager Backend Template Handler Backend IoT Broker Gateway Data Handling Gateway Device Management Gateway Protocol Adapter

API example: OMA-NGSI (2) 27  OMA NGSI 9 & 10 Data Model

API example: OMA-NGSI (3) 28  OMA NGSI 9 & 10 Operations

API example: OMA-NGSI (4) 29  OMA NGSI 10 RESTful interface: resource structure

API example: OMA-NGSI (5) 30  OMA NGSI convenience interactions examples

Video 4 Campus Party Brazil

PART 5 Some Generic Enablers Implementations 32

Internet of Things (1)  From Architecture to Implementation 33 Several implementations

Internet of Things (2)  Multiple implementation are linked to industrial partners technical choices  Backend Configuration Manager: Orion vs IoT Discovery Orion is a fully integrated version of Configuration Manager (IoT) and Context Broker (Data & Context Management) IoT Discovery is a Configuration Manager with optional features as geographical discovery (which are the things in this geographical area)  Gateway Protocol Adapter At least one instance per specific protocol Available: Zigbee, Coap & EPC Global (RFID)  Other examples in other technical chapters: Security: Identity Management Data & Context Management: Context Broker 34

Gateway Data Handling: Esper4FastData (1)  Provide intelligence inside gateways and transform data into information in real-time 35

Gateway Data Handling: Esper4FastData (2) Its own detailed architecture 36

Video 5 Kurento demo in Campus Party Brazil

Security Architecture

FI-WARE: Catalog

Security Monitoring GE Focus on following features:  MulVAL Attack Paths Engine  Scored Attack Paths  Remediation

Security Monitoring GE – V3 - Architectural design

Security Monitoring GE service offer For FI-PPP Liaison we offer the following main functionalities: identifying the vulnerabilities and potential attacks, evaluating the business impact, proposing countermeasures and increase the cyber resilience. 4 steps: 1. extract semi-automatically all the information needed 2.generate attack graph by MulVAL 3.calculate the scored attack paths 4.compute some remediations with their cost

MulVAL Attack Paths  Functions available for the User:  Visualized attack tree  Global risk level: Score metrics obtained from Common Vulnerability Scoring System (CVSS),  Functions available for the User:  Visualized attack tree  Global risk level: Score metrics obtained from Common Vulnerability Scoring System (CVSS), Inputs:  Automatic collection  Information about network topology => via Vulnerability scanners (Nessus, OVAL) and CMDB  Machines, Accounts, Network services, Dependency graph, IP / Hostname of the machines  Vulnerability identifier  Via Common Vulnerabilities and Exposures (  Semi automatic  Security Policy (Business dependent)

44 SecMon GE feature Attack Path Engine Testbed: ware.eu/AttackGraphEngine/attackgraph.jsp

Scored Attack Paths  Functions available for the User:  Extension of the score assessment at the path level  Given a target node, each path leading to that node is given a score.  The score of each path reflects the risk associated to the path as a whole  Business impact scoring (semi manual process) It is left to organisation taking into account the business challenges  Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised  Functions available for the User:  Extension of the score assessment at the path level  Given a target node, each path leading to that node is given a score.  The score of each path reflects the risk associated to the path as a whole  Business impact scoring (semi manual process) It is left to organisation taking into account the business challenges  Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised Rationale:  Risk scores provided by MulVAL is not sufficient  For each node in the attack graph, a risk score is computed  Does not allow a generic assessment of the attack graph as a whole  Does not take into account the impact on processes and the business  Scored paths are mandatory for the remediation process (prioritization)

46 SecMon GE feature Scored Attack Path Testbed: ware.eu/ScoredAttackPaths

Remediation app  Functions available for the User:  Provide tool for proposing cost-sensitive remediations  Propose remediations to these attack paths with their cost  Validate the chosen remediation  Compute different remediation options that could interrupt the selected attack path  A path may include several vulnerabilities: each one of them can be targeted separately  Eliminating one single condition may interrupt the whole attack path  Functions available for the User:  Provide tool for proposing cost-sensitive remediations  Propose remediations to these attack paths with their cost  Validate the chosen remediation  Compute different remediation options that could interrupt the selected attack path  A path may include several vulnerabilities: each one of them can be targeted separately  Eliminating one single condition may interrupt the whole attack path Prerequisites:  Needs a remediation database (e.g. patches related to vulnerabilities)  Use network topology (automatically collected) to compute which firewall rules could be deployed

48 SecMon GE feature Remediation App Testbed:

49 Access Control GE  Functions available for the User:  RBAC & ABAC policy enforcement with XACML (OASIS standard)  REST API for PDP & PAP  Multi-tenancy  Attribute Sources  LDAP directory  SQL DB  REST/JSON API  Easy integration of plugins for other sources (extensible API)  Flexible accounting  OAuth token validation & parsing  PEP  Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP  Java SDK for custom PEP  Functions available for the User:  RBAC & ABAC policy enforcement with XACML (OASIS standard)  REST API for PDP & PAP  Multi-tenancy  Attribute Sources  LDAP directory  SQL DB  REST/JSON API  Easy integration of plugins for other sources (extensible API)  Flexible accounting  OAuth token validation & parsing  PEP  Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP  Java SDK for custom PEP FI-WARE Use Case – Cloud API Access Control Thales Use Case:  GIS Access Control in a C4ISR system for French government & NATO

FI-WARE Security Chapter Data Handling GE  Focuses on revealing specific attributes or other data according to defined privacy and security conditions  Deploys PPL language based on XACML to describe preferences and policies  Attaches these preferences and policies to the data  Allows definition of a specific retention period

FI-WARE Security Chapter Privacy-Preserving Authentication GE  Provides building blocks to implement all roles of a privacy- preserving authentication system  Based on Idemix crypto engine  In particular, it allows identity providers to setup an online service for issuing privacy-preserving attribute-based credentials (aka anonymous credentials) end users to generate privacy-preserving tokens to anonymously authenticate to service providers service providers to verify the user-generated tokens with respect to a given access policy

GEFI-WARE Security Chapter Identity Management – DigitalSelf  Encompasses a number of aspects involved with users' access to networks, services and applications, including Secure and private authentication ‘Authorisation & Trust’ management ‘User Profile’ management Self management of personal data ‘Single Sign-On’ (SSO) to service domains ‘Identity Federation’ towards applications

Combined Demonstrator FI-WARE Security Chapter WP8 Combined Demonstrator on  Identity Management GE (NSN)  Data Handling GE (SAP)  Privacy GE (IBM) >> Taking privacy work from ABC4Trust project Making it work in the FI-WARE Platform <<

Description of Use-Case FI-WARE WP8 Combined Demonstrator Demonstrator illustrates:  Anonymous access to file store service  Policy based access to resources  Use of zero knowledge proof technology (Idemix) By use of the Generic Enablers:  Data Handling GE: An enhanced file store service allows access to resources based on “sticky” policies  Privacy GE: Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’ and ‘Issuer Service’  Identity GE: An enhanced IDM system provides attributes (PII) needed for issuing credentials Result:  While respecting privacy of the user, selective attribute sharing will be supported restricted to the ‘need to know’ principle.

EIT-ICT Labs – FI-PPP Liaison Activity  Goal 2013 create established links mutually beneficial between the FI-PPP and the EIT ICT Labs initiatives. › 1. Instantiation of FI-WARE Testbed in the Trento Node to serve Living and Territorial Labs, › 2. Bringing FI-WARE selected technologies to wide adoption by building new services, › 3. Experimenting the Testbed in real cases and Business Model definition.  Results Adoption of FI-WARE Testbed as a playground where to inject new technologies (notably service marketplace at large, cloud computing, security, interface to network devices) and on top of which built new services, Instantiation of the Testbed and real use cases in specific territorial or living labs, Dedicated workshops with entrepreneurs, notably SMEs, and researchers. The outcomes are intended to boost the adoption of FI technologies within SMEs, Public Administrations, and visionary individuals with the aim of creating new innovative jobs and businesses. FI-WARE, Infinity EIT Funding 400 KEur Non EIT Funding 75% Digital forensics for (technical) evidence  While the indicated carriers only cover the RTD part of the implementation of the Testbed, with the support of EIT we introduced the Testbed in specific and well focused business or social environments. This goal requires training people and organisations (SMEs in particular), customization of the Testbed according to specific needs coming from business domains and community of users (notably living and territorial labs). First experience on SMEs engagement, FI-PPP Liaison 2014 follow-up project will go further.

PART 6 Sum up for SMEs 56

Sum up for SMEs  Be ready for September 2014 (annoucement of calls mid-September) Discover FI-WARE Generic Enablers Use FI-Lab to play with new technologies  Be engaged in 2015 Bring your « commercial » ideas Be funded to do innovation Build your new products/services  Find additional funding with ACCELERATORs support Bootstrap your own new business Think Big to become Bigger (international business) 57

on Twitter ! Thanks ! 58