Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012.

Slides:



Advertisements
Similar presentations
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
Advertisements

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®
Lecture 1: Overview modified from slides of Lawrie Brown.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
A Layered Approach to Support Extranet Security Ralph Santitoro Director of Security Solutions - Nortel SUPERCOMM 2005 Panel 2 Session - June.
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
A Study on Quality of Service Issues in Internet Telephony  IP Telephony – Applications and Services  Advantages and benefits of Voice over IP  Technical.
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Voice & Data Convergence Network Services January 11, 2001.
VOIP (Voice Over Internet Protocol) CDA 4527 Fall 2006.
SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.
Agenda Voice Security Architecture VoIP Risk VoIP threats Service disruption Design Consideration Attacks.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.
Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.
Dr Sharon Azzopardi. k What is Convergence? A Union of Media Print Television Camera Telephone Radio Internet A Union of Services Data Voice Video.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
 he_shape_shifting_future_of_the_mobile_pho ne.html he_shape_shifting_future_of_the_mobile_pho.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
Computer Science and Engineering 1 Information Assurance Research Department of Computer Science and Engineering University of South Carolina, Columbia.
ECEN “Internet Protocols and Modeling”, Spring 2012 Slide 2.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
ACM 511 Introduction to Computer Networks. Computer Networks.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Chap1: Is there a Security Problem in Computing?.
Ingredients of Security
Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies
IS3220 Information Technology Infrastructure Security
SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.
t What is VoIP? t How this technology is changing business model in telecom industry?  How this theme has been discussed in the world ? t What are the.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Network Management Unit 4 Course Name – IT Network Management Instructor – Jan McDanolds, MS,
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
Chapter 1: Explore the Network
MISY 3312: Introduction to Telecommunications Summer 2012 VoIP
Journey to Microsoft Secure Cloud
Information Technology Sector
100% Exam Passing Guarantee & Money Back Assurance
Introduction to Networking
Cloud Testing Shilpi Chugh.
Wireless ATM PRESENTED BY : NIPURBA KONAR.
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
IS4680 Security Auditing for Compliance
PLUG-N-HARVEST ID: H2020-EU
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012

Part I: Security & Privacy Challenges Part II: Requirements for Protecting Identity, Privacy & Security

ICT Trends & Challenges Open Communication Infrastructures (e.g., VoIP) Outsourcing, Cloud Computing Web 2.0, ”free” services Smart Devices Ambient Intelligence …

Open Communication Infrastructure Threats: Example: PSTN vs. VoIP PSTN: Public switched telephone network Circuit switching: Bandwidth reserved Fixed route VoIP: Voice over IP Packet Switching: Dynamic bandwidth Unfixed route

Pros and Cons of VoIP + Low cost Software based equipment Reused infrastructure Services integration More features: video, data, presence, game… - Quality Latency Dynamic bandwidth Packets order Security Open environment Shared infrastructures Emergence calls Not bound with physical location, no guarantee

VoIP: Security Vulnerabilities and Threats Availability threats: Denial of Service Confidentiality threats: Eavesdropping Timing attacks Integrity threats: Signaling messages modification Media injection Replay attacks Privacy threats: Call Spam (SPITs) Traffic Analysis

Cloud Computing – Security Challenges Security risks: Malicious insiders, data loss / leackages, shared technology vulnerabilities, downtime,… Cloud service users lack Understanding of risks Control over what happens with data Means for redress

Web User Profiling ”Face rape” Lifelong privacy issues ….

Part I: Security & Privacy Challenges Part II: Requirements for Protecting Identity, Privacy & Security

Newly proposed EU Data Protection Rules (Data Protection Regulation proposed 25 January 2012) ”Right to be forgotten” Explicitly given consent, more transparency of data handling, easy-to- understand policies Easier exercising of data subject rights (electronically, in relation to all recipients) Increased accountability, privacy breach notification, higher penalites Privacy by Design (PbD), Privacy by Default

Privacy-enhancing Identity Management User control - Audience segegration Data minimisation Pseudonymity, Unlinkability ID theft protection, reliability Clauss/Köhntopp 2001

Enabler PETs: Anonymous Credentials (PrimeLife, ABC4Trust)

Transparency & Accountability Tools: Regulators, auditors, business governance service Cloud service supply chain/network Trusted services supporting accountability Chain of Accountability Cloud service users Cloud service Corrective Detective Preventiv e Cloud service users: control and transparency over how their data is used, and support in obtaining redress Service providers: techniques to make services more trustworthy, satisfy business policies and allow differentiation Regulators/auditors: assurance about compliance with policies and regulations

Questions ?