4th ETSI Security Workshop

The 4th ETSI Security Workshop, organised and hosted by ETSI in Sophia Antipolis, France, took place on 13-14 January 2009. It counted 130 attendees with a vested interest in Security Standards.

The agenda included seven sessions, with presentations given by experts representing organizations such as ETSI, CEN, CENELEC, European Commission, ITU-T, ENISA, as well as the private sector, government and universities.
The workshop provided interesting information on all topics covered, with special focus on standardization efforts related to such topics. Besides, it provided co-operation opportunities, and directions for future work.

CHAIRMAN OF THE WORKSHOP:

Carmine rizzo, ETSI technical officer and security expert

OPENING SPEECHES

    • Welcoming speech
      Walter Weigel, ETSI Director-General
    • European Commission
      Antonio Conte, DG ENTR; ICT for Competitiveness and Innovation
    • ETSI Security Activities Overview
      Carmine Rizzo, ETSI Technical Officer and Security Expert
    • ENISA Activities in Security
      Slawomir Gorniak, ENISA Security Expert

SESSION 1: MOBILE SECURITY

Chaired by Valtteri Niemi, 3GPP SA3 Chairman, Nokia

  • Securing emerging wireless networks and services
    Ganesh Sundaram, Alcatel Lucent
  • 3GPP Security hot topics: LTE / SAE
    Valtteri Niemi - 3GGP SA3 Chairman, Nokia
  • Open Mobile Terminal Platform (OMTP) recommendations
    David Rogers, Director of External Relations, OMPT
  • Secure Multicast and Broadcast Communication in Broadband Wireless Networks
    Jaydip Sen, Tata Consultancy Services
  • Understanding Mobile Phone Threat Vectors
    Mohamad Nizam Kassim, Security Assurance Department, CyberSecurity Malaysia

SESSION 2: SECURITY INITIATIVES WITHIN CEN and CENELEC

Chaired by John Ketchell, CEN Director, Innovation and Business Development

  • Towards  standardisation measures to support the Security of Control and Real-Time Systems for Energy Critical Infrastructures
    Marcelo Masera, Institute for the Protection and Security of the Citizen Joint Research Centre - European Commission
  • Current activities of CEN Workshop on Data Protection and Privacy (WS/DPP)
    Sati Bains, CEN
  • First results of the CEN/ISSS Workshop on Cyber Identity
    Charles de Couessin, ID Partners
     

SESSION 3: PRIVACY

Chaired by Carmine Rizzo, ETSI Technical Officer, Security Expert

  • Incorporating privacy into security standardization
    Claire Vishik, Security & Privacy Standards & Policy Manager INTEL
  • Security and Privacy for C2X Communication Systems - Research and Standards
    Matthias Gerlach, Senior Research Officer, Fraunhofer Fokus (presenting)
    Mr. Tim Leinmüller, DENSO AUTOMOTIVE Deutschland and Dr. Frank Kargl, Ulm University
  • ETSI Electronic Signatures Activities
    Riccardo Genghini, ESI Chairman
  • Profiles and the challenge of providing security in personable ICT devices
    Scott Cadzow / Mike Pluke - ETSI STF 342
  • Security and personalized eHealth systems
    Françoise Pettersen, ETSI STF 352
  • Search Engine based Data Leakage
    Hans Pongratz, Technische Universität München
  • Finger vein authentication technologies for consumer mobile products
    Hideo Sato, FVA Biz Development Office, Sony Corp.

SESSION 4: INTERNATIONAL STANDARDIZATION

Chaired by Mike Harrop, ITU-T Rapporteur SG17 Q4 Communication Security Project

  • Future security work in the ITU-T,
    Mike Harrop, ITU-T Rapporteur SG17 Q4, Communication Security Project
  • The UICC as the Security Platform for Value Added Services
    Klaus Vedder, Executive Vice President, G& D
  • A Secure-Runtime in the Mobile - The perfect enhancement to a SIM
    Stefan Spitz, Manager New Technologies, New Business Development, G&D & Richard Phelan from ARM
  • NFCIP-1 Security Standard protects Near Field Communication
    Reinhard Meindl, Senior Principal, NXP
  • DVB-CPCM : a complete interoperable solution for content protection in a multi-device, networked environment
    Marc Jeffrey, Microsoft, DVB Project
  • European Commission's new Action Plan on e-signatures and e-identification
    Gérard Galler , Policy Officer, European Commission, Information Society & Media DG
  • Making Better Security Standards
    Scott Cadzow / Steve Randall, ETSI STF 356
  • Identity management
    Mike Harrop, The Cottingham Group, Canada


SESSION 5: NGN SECURITY and DATA RETENTION

Chaired  by Judith E. Y. Rossebø - ETSI TISPAN WG7 Chairman, Telenor R&I

  • NGN Security standards for Fixed-Mobile Convergence
    Judith E.Y. Rossebø, ETSI TISPAN WG7 Chairman, Telenor R&I
  • NGN access networks (in)security, Security proposal for NGN standardization
    Paolo Delutiis, Telecom Italia
  • Data retention and lawful interception
    Peter van der Arend, ETSI TC LI Chairman

SESSION 6: METRICS

Chaired  by Carmine Rizzo, ETSI Technical Officer, Security Expert

  • Implementation of a security metrics dashboard in Telefónica España
    Vicente Segura, Technology Specialist in Information Security, Telefonica 
  • A  Security Assurance metrics modelling, to holistically evaluate and assess the Security Level of an organization
    Professor Solange Ghernaouti – Hélie, Faculty of Business and Economics
    Igli Tashi, Postgraduated Research and Teaching Assistant, University of Lausanne

SESSION 7: R&D

Chaired by Scott Cadzow, Cadzow Communication

  • The INTERSECTION Vulnerability Database,
    Salvatore D'Antonio, Unina
  • ICT standardisation in UAV-systems
    André Hermanns, Chair of Innovation Economics, Technische Universität Berlin
  • Ontology- and Bayesian-based Information Security Risk Management
    Edgar Weippl, Science Director & Stefan Fenz, Security Research Austria
  • Content Tag Security
    Shahriar Pourazin, Sepehr S. T. Co. Ltd.

CONCLUSIONS and DISCUSSION among PANEL of experts and AUDIENCE:

led by Carmine Rizzo, ETSI Technical Officer and Security Expert
With Claire Vishik, Security & Privacy Standards & Policy Manager INTEL
Mike Harrop, ITU-T Rapporteur SG17 Q4, Communication Security Project
and Klaus Keus, Dipl. Mathematician, JRC IPSC

Proposed items of discussion:

What issues are best addressed by standardisation?
What are best addressed by other means? And what means?
Should we use metrics for the Standards themselves?
Any main topics of discussion which will have arisen during the workshop.