Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica.

Slides:

Advertisements

Similar presentations

S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.

Advertisements

The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.

 At first there were 6 members  Today there are 27 members of the EU  Created in  Requirements:  Democratic  Free market government Flag of.

1 14 th May 2008 How can pan-European Public Services Benefit from CIP ICT PSP Pilot on eID Dr. Davorka Šel Ministry of Public Administration SLOVENIA.

Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Robert Scharinger & Gottfried Heider (Ministry of Health, AT) WP 5.4 eHealth pilot - epSOS OpenNCP.

Stork is an EU co-funded project INFSO-ICT-PSP Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.

Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.

E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.

E-tax system stages 1.Stage 1 - Information: online information about public services 2.Stage 2 - Interaction: downloading of forms 3.Stage 3: Two-way.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.

Who belongs to the European Union?

Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.

16 out of 27 member states Known as euro zones 2 nd largest traded currency after the dollar The name euro was officially adopted on 16 December 1995.

Regional Trading Agreements European Union 1. RTA 1945 – 1959 A peaceful Europe – the beginnings of cooperation Aim of ending the frequent and bloody.

Identity management – developments within the European Social Security Sector Pantelis Angelidis.

Österreich 2006 Austria 2006 Autriche 2006 Präsidentschaft der Europäischen Union Presidency of the European Union Présidence de L’Union européenne ★★★★★★

European Life Sciences Infrastructure for Biological Information ELIXIR

Slovenian Governmental Certification Authority Dr. Aleš Dobnikar Government Centre for informatics of the Republic of Slovenia 4th Business and Government.

THE EUROPEAN UNION. HISTORY 28 European states after the second world war in 1951 head office: Brussels 24 different languages Austria joined 1995.

THE EUROPEAN UNION. EU  1993 European Union  Main Aims  All states in the EU = a single market  One currency throughout the EU = the Euro  To have.

Strength in Numbers Mar The Delian League  Countries do not want to be dominated by other countries.  But there are many advantages to be gained.

Stork is an EU co-funded project INFSO-ICT-PSP Students Mobility: STORK Project Deployment Paúl Santapau Nebot Vicente Andreu Navarro.

Stork is an EU co-funded project INFSO-ICT-PSP STORK – Current State of Affairs the eGov Workshop Brussels – public Finance, Brussels, February.

Natural gas, and oil sectors in Europe Vaidotas Levickis Fort Worth, Texas 2015.

 Used by 17 of 27 countries  Used for all payments starting in 2002  Should be used by all countries once they join THE EURO.

Map - Region 3 Europe.

I will: Know how and why the EU was created. Understand the benefits of being part of the EU.

Drink-Driving in the European Union SMART United Kingdom European Commission Representation, London Wednesday 14 th of October 2015 January 2015, Brussels.

Information Security Systems Cost Effective Authenticity & Integrity in CEN/FISCALIS eInvoicing Good Practice Guidelines Nick Pope – Principal Consultant,

Large Scale Pilot Thematic Network Callepso Joint Working Group.

The creation of a only coin was approved in 1992 for the necessity to make easy the commercial exchanges to avoid the change of the coin.

The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria ˙ Croatia ˙ Cyprus ˙ Czech Republic.

Your first EURES job Making it easier to move and work to recruit young people in Europe.

Extending eID authentication across Europe September 2013 Stork 2.0 is an EU co-funded project INFSO-ICT-PSP

EID and eSignature programs at National level in Europe Detlef Houdeau Nov 2013 Exploratory seminar on e-signatures for e- business in the South Mediterranean.

Maps of Topic 2B Multilingualism in Europe Europe A Story of Empire (a united Europe) & Language.

Table 1. Numbers and rates of TB cases per population by country and year, EU/EEA, 2010–2014 ASR: age-standardised rate, C: case-based Source:

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.

Table 1. Number and rate of reported confirmed syphilis cases per population by country and year, EU/EEA, 2010–2014 ASR: age-standardised rate,

Table 1. Number and rate of Legionnaires’ disease cases per population by country and year, EU/EEA, 2010–2014 ASR: age-standardised rate, C: case-based.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

INTERNATIONAL BUSINESS Unit 2 Business Development GCSE Business Studies.

Best Sustainable Development Practices for Food Security UV-B radiation: A Specific Regulator of Plant Growth and Food Quality in a Changing Climate The.

Single Euro Payments Area (SEPA) Nicoletta Stella (Market Infrastructures)

BOLOGNA SYSTEM. BOLOGNA DECLARATION Signed by the Ministers of Education of 29 European countries, including Polish and Italian on the 19th of June 1999.

European Union Hodder & Stoughton © 2016.

The Future Digital Identity Landscape in Europe Stefane Mouille/Detlef Houdeau World eID Congress, 27th of Sep. 2017, Marseille, France.

Table 1. Confirmed cases of Typhoid and paratyphoid fever: number and rate per population, EU/EEA, 2010–2014 Source: Country reports. Legend: Y.

European Union Duy Trinh.

Table 1. Reported confirmed hepatitis A cases: number and rate per population, EU/EEA, 2010–2014 Source: Country reports. Legend: Y = yes, N =

DISTRIBUTION AUTOMATIC - GENERATION

Figure 1. Number of reported hantavirus infection cases, EU/EEA, 2014

City of London School – extra materials

EUROS Identification Austria - Belgium - Cyprus - Estonia - Finland - France - Germany - Greece - Ireland - Italy - Latvia Lithuania - Luxembourg - Malta.

Table 1. Reported, confirmed campylobacteriosis cases: number and rate per population, EU/EEA, 2010–2014 Source: Country reports. Legend: Y = yes,

Table 1. Number and rate of reported confirmed syphilis cases per 100 000 population by country and year, EU/EEA, 2010–2014 Country

Table 1. Reported confirmed brucellosis cases: number and rate per population, EU/EEA, 2010–2014 Source: Country reports. Legend: Y = yes, N =

The European Parliament – voice of the people

The European Parliament – voice of the people

EU: First- & Second-Generation Immigrants

Supporting learners with special needs or disabilities through inclusive education RIGA 2 June 2015.

Table 1. Table 1. Reported confirmed salmonellosis cases: number and rate per population, EU/EEA, 2010–2014 Source: Country reports. Legend: Y.

Table 1. Reported confirmed cholera cases, EU/EEA, 2010–2014

Table 1. Reported confirmed botulism cases: number and rate per population, EU/EEA, 2010–2014 ASR: age-standardised rate, C: case-based Source:

European Union Membership

European representation of respiratory critical care HERMES participants. European representation of respiratory critical care HERMES participants. Countries.

Table 1. Reported confirmed listeriosis cases: number and rate per population, EU/EEA, 2010–2014 Source: Country reports. Legend: Y = yes, N =

E-identities (and e-signatures)

LAMAS Working Group June 2018

Prodcom Statistics in Focus

Presentation transcript:

Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica

Security: is mine the same as yours? n is a door secure? n plastic? wood? steel? n no key? mechanical key? electronic key? n who is the attacker? n what is inside the room? n there is no government-mandated standard for physical doors... n... so why there should be one for "computer doors"?

Security: a difficult (and moving) target n a human generation is 30 years... a computer one is just 3! n any technical solution (especially if agreed in a lengthy process) risks to be obsolete by the time of its adoption n any technical solution is vulnerable to some attack (as humans are vulnerable to diseases) n so mandate principles, not technologies: n using the same technology we can save money n... but we increase the risk of a total attacks (as a pandemia for humans)

Some security principles n security = n technical solution (minimize violations) n legislative support (violators will be prosecuted) n individual behaviour (don't make violations easy) n which is the most important factor? n security level must be adequate to the value of the protected item... but not more! n users are typically the weak link in every security solution

Stork (18 countries, 36 partners, ) Austria Belgio Estonia France Germany Italy Luxembourg Netherlands Portugal Slovenia Spain Sweden United Kingdom plus – Iceland Finland, Greece, Lithuania, Slovakia and then STORK 2.0 ( )

Stork: principles and results (I) n electronic identity = authentication + certified attributes n set of certified European attributes n lexicon (multilanguage attribute names) n syntax (possible values) n semantics (e.g. surname) n various authentication credentials n reusable password, one-time-password, cellphone, software certificate, smart-card n used in a transparent way and with legal value (according to the citizen's country) n mutual recognition

Stork: principles and results (II) n various authentication levels n cryptographic strength of the authentication technique n strength of the identification process when distributing the credentials n QAA (Quality of Authentication Assurance) levels 1…4 n requested level (to access the service) versus effective level (depending on the authentication technique used by the citizen) n privacy protection and localization n user talks with her own country n provides explicit consent for the required attributes n compulsory and optional attributes n attributes managed end-to-end

The Stork infrastructure service provider Italian citizen Swedish Stork gateway Italian Stork gateway e-ID + attribute provider (Italian) 3. select your country 4a. consent? 4b. which e-ID? 5a. authentication 5b. consent (final) 2. go Stork! 1. ask for service

ECAS Europ. Commission Authentication Service Stork: pilots change of address e-delivery (cross-border) e-services authentication (cross-border) student mobility safer chat

Stork 2.0 n focus on: n attributes / delegation / representation powers n integratione with non-government e-ID n three years n n many countries (~30) and partners (~60) n pilots: n business registry (e.g. single-point-of-contact) n e-health n job market (e.g. professional certifications) n e-learning n e-banking

Strength in diversity n different countries use different e-IDs, with variable strength n the interoperability solution permits the use of all of them yet it does not compromise security, rather it supports adaptive security where each electronic service can request (and receive!) the appropriate level of protection n this solution does not hamper technological progress n any country can adopt a new e-ID technology without breaking its interoperability with the other countries n a smooth evolution path is possible. n the Stork* projects are a clear example that: n a compromise is often needed in deciding appropriate security measures n … but it does not have to be at the lowest common level n … and does not stop technological evolution.