The ETSI Security Week 2020 goes virtual!

Many presentations that were to be given during the ETSI Security Week will be given virtually from 8 until 19 June. 

Thanks to the willingness and additional efforts of nearly 50 Programme Committee Members and Speakers, we are able to offer 14 different webinars corresponding more or less to what the ETSI Security Week should have been this year!

The ETSI Security Week 2020 is organized around four technical threads: 

  • Deploying 5G Securely
  • Cybersecurity Act - one year on
  • Smart Secure Platform: the disruptive change in the Secure Elements Market
  • Even more advanced Cryptography

Detailed agenda and registration are available here.

If you have attended one or more webinars, we'd be keen to hear about your impression in this survey.  

If you have attended one or more webinars, we'd be keen to hear about your impression in this survey.  

If you want to receive news related to the Security Activity in ETSI, send an email to [email protected] 
If you're interested to be informed of all ETSI events, Subscribe to the ETSI-EVENTS mailing list

  • Deploying 5G Securely
  •  
     

    The Deploying 5G Securely thread will cover the status on the deployment and roll-out of 5G networks and the practical challenges at hand. The Programme Committee is proposing the following webinars:

  •  
     

    8 JUNE

  • 15.00
    16.30

    5G Deployment
    Moderated by Marcus Wong, Futurewei

    5G poses a major architectural and functional change of a network. This move brings along many security questions and many have been tackled for the non-standalone or standalone architecture. We will discuss how to get securely from a 4G or non-standalone architecture to a standalone architecture. Different migration scenarios and architectures are described and what are the specific security aspects of it. This will be put into context with latest GSMA and 3GPP security approaches and features.  Additionally, as we gain experience from the initial deployment and collect open issues related to standardization, operation, and implementation, we aim to provide an overview of practical guidelines and recommendations for mobile operators for the implementation of 5G networks.

    • Secure Core Network Migration
      Silke Holtmanns, AdaptiveMobile Security
    • GSMA Investigation on 5G Security – Tracking Security Open Issues
      Pieter Veenstra, Net Number
  •  
     

    10 JUNE

  • 15.00
    16.30

    5G Security for Verticals
    Moderated by Stefan Schroeder, Samsung Electronics GmbH

    The best-known security features of a 5G network ensure secure operation of a public network: strong subscriber authentication, protection against fraud and eavesdropping, secure billing, robust services etc.  Security addresses the typical trust relation between network operators and their customers.
    5G applications and deployments in vertical industries have complementary security requirements and different multi-party trust models that need to be addressed in addition, often on top of the 5G network. Moreover, the 5G deployment models may be different from the usual public mobile network, ranging from non-public campus networks in factories, over specific network slices for safety-critical applications like healthcare or railways, up to global V2X networks for transport applications.
    The EU Toolbox of risk mitigating measures for 5G explicitly mentions the need to address the risk of exploitation of IoT, handsets or smart devices - i.e. the verticals' domain- in addition to the need to secure the network. 

    This webinar will explore the following aspects in three presentations:

    • How can trusted platforms be used to ensure system integrity in safety-related domains like medical, automotive, and railways? Mechanisms beyond attestation that are required to ensure such systems are not just individually protected but act as a trusted whole.
    • Challenges and effects brought by vertical industry on 5G security will be analyzed from the perspectives deployment, service, operations, and management. What additional measures and solutions are needed beyond the 3GPP 5G security architecture, to establish a healthy ecosystem for an extended multi-party trust model?
    • Starting with the 5G network aims and its cellular V2X system to provide connectivity for ultra-reliable low latency (uRLLC) and massive machine-type communications (mMTC) applications, the security and privacy open issues in the 5G connected Intelligent Transport system (ITS) and Connected Autonomous Vehicles (CAVs) will be analyzed. Challenges and their possible solutions such as lightweight authentication and providing privacy with pseudonym certificates will be presented.
    • Trusting the Verticals: from a Trusted 5G Core to Rail, Automotive, Medical and Beyond
      Ian Oliver, Nokia
    • 5G Security Enabler on Vertical Industry
      Rong Wu, Huawei
    • Security and Privacy Open Issues in the 5G Connected Intelligent Transport System (ITS) and Connected Autonomous Vehicles (CAVs)
      Haitham Cruickshank, University of Surrey
  •  
     

    16 JUNE

  • 15.00
    16.30

    5G Security Evolution
    Moderated by Noamen Ben Henda, 3GPP SA3 Chair, Ericsson

    This session includes presentations on the most recent 5G security features, and efforts within the industry for continuous improvement of 5G security. In fact, the work on the 5G standards was split over two releases a.k.a. Phase 1 and 2. Phase 1 was completed in 2018 and delivered the foundation of the 5G System. Phase 2 is currently ongoing and is expected to be completed in June 2020. Phase 2 will include enhancements to enable use cases such as Cellular IoT, vehicular communication, low latency communications, non-public networks, and so forth. These uses cases are driving the development of new security requirements and features in the standards. In relation to this, the first presentation provides an overview of the Phase 2 related activities in the security working group of 3GPP SA3. In the second presentation we focus on the evolution of a central procedure in the security architecture of the 5G system, namely the authentication procedure. In fact, the standard defines multiple types of authentication in 5G system, each one for different purposes. They include: 1) primary authentication, 2) secondary authentication, 3) slice authentication, and 4) a new feature called AKMA. The goal of this presentation is to clarify these different authentication types and explain purposes and mechanisms. Another driving force behind the development of the security features are efforts and programs such as the GSMA Coordinated Disclosure Program. In the third presentation we consider: 1) what the GSMA does for 5G mobile telecommunications security and how people can get involved, 2) how GSMA CVD fits within our wider security offer to the industry and other groups, 3) examples of work on 5G security over the last 12 months through GSMA CVD, and 4) what the GSMA CVD Program has learned and improved over the last 3 years of operation.

    • 3GPP 5G Security Updates
      Noamen Ben Henda 3GPP SA3 Chair Ericsson
    • Authentication Mechanisms in 5G System
      Takahito Yoshizawa, KU Leuven
    • Improving 5G Security through Coordinated Vulnerability Disclosure – GSMA CVD Programme
      James Skuse, GSMA
  •  
     

    18 JUNE

  • 10.00
    11.30

    Security Challenges and Regulatory Aspects
    Moderated by Bengt Sahlin, Ericsson

    This session discusses security challenges due to new technological advancements, and discussed regulatory aspects related to 5G security

    • Security Challenges in 5G Multi-access Edge Computing
      Tomasz Osko, Orange
    • How to Improve the Security of Business and Communities and Ensure Future Prosperity in a Country
      David Soldani, Huawei
  • Cybersecurity Act - one year on!
  •  
     

    One year after coming into force, the series of 4 webinars will review the state of play of the EU Cybersecurity Act with feedback on the first schemes being adopted and discussion on 5G networks and consumer IoT security certification schemes.

    The Programme Committee is proposing the 4 following webinars:

  •  
     

    10 JUNE

  • 10:30
    12:00

    Insight into the First Steps of the Cybersecurity Act Reality
    Moderated by Andreas Mitrakas, ENISA

    EC& ENISA will provide the progress of work on the first schemes being under preparation: Common Criteria and Cloud Security certification. They will share the lessons learnt from the preparation of those schemes. EC will also provide an update on the latest steps taken within the Cybersecurity Act, such as an overview of the first Rolling Work Programme, potential next schemes….

    • Cybersecurity Certification in the EU
      Aristotelis Tzafalias, European Commission
    • Update on the EUCC Candidate Scheme Development
      Philippe Blot, ENISA
    • Building a European Cybersecurity Certification Scheme for Cloud Services
      Eric Vetillard, ENISA
    • Cybersecurity Act, first steps on standardisation & cybersecurity certification
      Andreas Mitrakas, ENISA 
  •  
     

    11 JUNE

  • 10.00
    10.55

    Consumer IoT security Standards
    Moderated by Jasper Pandza, DCMC

    A significant proportion of consumer Internet of Things (IoT) or ‘smart’ products currently on the market lack basic cyber security provisions. ETSI TC CYBER has developed European Standard (EN) 303 645 “Cyber Security for Consumer Internet of Things: Baseline Requirements”, which is expected to be published in July, to bring together widely considered good security / privacy practice for consumer IoT devices. The EN has been developed in collaboration with CEN/CENELEC JTC 13 experts. It is expected to inform the development of new legislation on IoT security in Europe and beyond.
    TC CYBER is also taking forward TS 103 701, which will set out test scenarios for assessing products against EN 303 645. It is to set out mandatory and recommended assessments, as well as guidance and examples to support their implementation. The document is intended to be used by testing labs and certifying bodies that provide assurance on the security of relevant products, as well as manufacturers that wish to carry out a self-assessment. The document is intended as input to a future EU common cybersecurity certification scheme as proposed in the Cybersecurity Act.

    • ETSI EN 303 645 - A Common Baseline for 'Smart' Consumer Product Security
      Jasper Pandza, DCMC
    • TS 103 701 - Cybersecurity Assessment for Consumer IoT Products
      Gisela Meister Eurosmart
  •  
     

    11 JUNE

  • 11.30
    13.00

    Consumer IoT Security - Certification Schemes
    Moderated by Sonia Compans, ETSI

    Product assurance schemes play an important role in consumer IoT security. Typically, they provide a consumer-facing assurance label or kitemark which demonstrates that the product has undergone independent testing or a robust self-assessment process, thus helping consumers make security-conscious purchasing decisions. Assessment feedback can also be communicated privately to manufacturers to help them improve their product. But operating an assurance scheme for consumer IoT can be challenging, not least due to the broad diversity of relevant products and the rapid innovation in this space.
    This webinar panel features speakers with experience in this area. It will consider options for managing these challenges and look ahead to a possible IoT security certification scheme under the EU Cybersecurity Act.

    •  David Mudd, BSI
    • Juhani Eronen, Traficom 
    • Laurens Vanoijen, UL
    • Alex Buchan, Digital TV Group (DTG)
    • Roland Atoui, Eurosmart
    • Jamie Randall, IASME
  •  
     

    17 JUNE

  • 10.30
    12.00

    5G Network Certification
    Moderated by Colin Whorlow, NCSC

    This webinar will provide a status of the policy and industry actions to enable effective security of and trust in 5G networks.

    • Policy actions at EC and EU member states level regarding 5G networks security 
      Domenico Ferrara, European Commission 
    • Role of ENISA in the Coordinated EU Approach for Securing 5G Networks
      Goran Milenkovic, ENISA
    • Network Equipment Security Assurance Scheme (NESAS)
      Sven Lachmund, Deutsche Telekom
    • 3GPP SCAS
      Marcus Wong, Futurewei, 3GPP SA3 rapporteur
  • Smart Secure Platform: the Disruptive Change in the Secure Elements Market
  •  
     

    Trust and privacy together with cost and flexibility are key to security solutions for many applications in today’s digital world. To address this challenge, ETSI Technical Committee Smart Card Platform, who standardized the former generations of SIM cards, has been working on a brand-new security platform called Smart Secure Platform (SSP).

    The two webinars will unveil this next generation platform, explaining why an evolution was needed, what has been defined for which purpose and introducing the technical specifications. The webinar also covers testing, the impact on the ecosystem and the need for certification.
    Though this platform is disruptive from a technology point of view it also provides a smooth migration path for applications such as the SIM based on the current platform, the UICC.

  •  
     

    9 JUNE

  • 15.00
    16.15

    SSP: The New Smart Secure Platform – A High Level Introduction
    Moderated by Klaus Vedder, Chairman of TC SCP and Samsung R&D

    This session will give a high-level introduction into the reasons for developing this new security platform, its requirements and impact on the ecosystem as well as the current state of testing and why certification is needed.
    It will start with Setting the Scene by providing some historical details of the evolution of the security platform from the early days till now and their impact on today’s platform. It will highlight the technological progress and give a high-level overview of the various parts of the SSP. This itself is setting the scene for the reasoning behind The Requirements. This section will focus on the requirements as defined in ETSI TS 103 465, for the new secure platform. It will also outline the differences to the UICC, the current security platform (used, for instance, for the SIM) and cover topics such as privacy. The requirements also take into account necessities of The Ecosystem. This part describes changes in the procurement chain and in the vertical services deployment as well as advantages of the SSP over the current platform, for instance in the world of IoT. As for today’s platform Testing and Certification are a must for the successful deployment of a system. The presentation on testing will highlight the differences in testing technology caused by the new form factors and give an insight into the work of the ETSI Testing Task Force for the SSP. Different sales channels are replacing the current “personnel acquisition” of a subscription by a downloading process involving certified entities. The need for certification and details of the certification process feature in the last presentation of this session.

    • Setting the Scene
      Klaus Vedder, TC SCP Chairman & Samsung R&D Institute UK
    • Requirements
      Davide Pratone, TC SCP REQ Chairman & Huawei
      Sophie Diallo, TC SCP REQ Vice Chairman & BOUYGUES Telecom
    • The Ecosystem
      Davide Pratone, TC SCP REQ Chairman & Huawei
    • Testing
      Andreas Bertling, TC SCP TEST Chairman & Comprion GmbH
    • Certification
      Denis Praca, TC SCP Vice Chairman & THALES
  • 16.45
    18.00

    SSP: The New Smart Secure Platform – The Technical Realisation
    Moderated by Denis Praca, Vice Chairman ETSI TC SCP and Thalès

    This session will cover in detail the published specifications ETSI TS 102 666-1 and -2 as well as the SPI protocol in ETSI TS 103 713 and will give an insight into the current work on the embedded SSP.
    It will start with explaining the basic technical concepts of the SSP, the General Technical Characteristics and Protocols. This section will especially focus on the SSP Common Layer (SCL) protocol and the communication layers above it, as well as on the main differences with the UICC. This will be followed by the characteristics of the Integrated SSP (iSSP), the first technical realisation of the SSP which provides a System on Chip solution. This section will also explain details of the Primary Platform / Secondary Platform concept. The Secondary Platform Provisioning and Management presentation will then give insights into this new ecosystem. Finally, the current state of the specifications of the two types of the embedded SSP (eSSP), which are to become parts three and four of this new series of SSP specifications, will conclude this section.

    • Introduction
      Denis Praca, Vice Chairman ETSI TC SCP and Thales
    • General Technical Characteristics and Protocols
      Michele Berionne, Rapporteur TS 103 666-1 & Google Ireland Limited
    • The Integrated SSP,
      Stéphane Schirar Rapporteur TS 103 666 2, Chairman of GP VPP and OFL Working Group & THALES
    • Secondary Platform Provisioning and Management
      Stéphane Bandin, TC SCP TEC Chairman & Orange
    • The Embedded SSP (Type 1 and Type 2)
      Elder Dos Santos, Rapporteur TS 103 666-3 & Idemia
  • Even More Advanced Cryptography
  •  
     

    11 JUNE

  • 15.00
    16.30

    ETSI Standardization in Advanced Cryptography
    Moderated by François Ambrosini, Umlaut

    The academic community and the industry thrive with innovative cryptography that enables advanced access control and secure communication use cases. Functional Encryption is one such family of schemes. This session will introduce Attribute-Based Encryption (ABE), Identity-Based Encryption (IBE), and their related standardisation efforts in ETSI, including a quantum-safe hierarchical IBE scheme.
    ABE is a cryptographic mechanism that enforces access control solely on the mathematical level with strong security guarantees. A main incentive using ABE is to provide a proper and versatile replacement for software-only access-control mechanisms that need to embed all trust into (often seen to be error-prone) software components by design. Applications of ABE in EU research projects and ETSI TS 103 532 will be presented.
    IBE is a form of asymmetric encryption in which the participants’ identities (such as a phone number or an email address) serve as public keys. Participants wishing to securely communicate can do so directly, without having to aggree on keying material beforehand. IBE is well suited for the seamless onboarding of participants in cases where the task of establishing secure communications can be delegated to a trusted third party. The properties of IBE schemes will be summarised and the study conducted in ETSI TR 103 719 will be presented.
    As quantum computing poses a threat to the long-term security of most of the currently used encryption mechanisms, this session will also present ongoing efforts in the development of quantum-safe IBE, with a focus on a hierarchical IBE scheme based on structured lattices and described in ETSI TR 103 618.

    • Attribute-Based Encryption for Strong Access Control: TS 103 532
      Christoph Striecks, AIT Austrian Institute of Technology 
    • Identity-Based Cryptography: ETSI Technical Report
      François Ambrosini, Umlaut
    • Quantum-Safe Identity-Based Encryption: TR 103 618
      Christoph Striecks, AIT Austrian Institute of Technology
  •  
     

    15 JUNE

  • 15.00
    16.00

    SKINNY LATTE: Scalable Hierarchical Identity Based Encryption over Lattices
    Moderated by Kirsty Paine, NCSC

    Speaker : Sarah Mac Carthy, ECIT Institute Queens University Belfast

    The ETSI-standardised TETRA communications system is used for instantaneous communication within emergency services and for military personnel. Whilst considering its transition to the PS-LTE network, it was proposed that identity-based encryption (IBE) could be used as a low latency solution. However, the scheme which was considered, MIKEY-SAKKE, is not resistant to quantum computing attacks.
    Lattices are currently the only quantum-safe candidate to offer IBE, and we extend this concept by considering Hierarchical IBE (HIBE), which provides finer grained access control, reduces the workload of the master key generator, and reduces the impact in the event of the key manager being compromised.
    The HIBE scheme Latte was first proposed by Campbell and Groves in 2017 but its practicality was unclear. This presentation will give the first complete performance results of Latte. However, due to the increase in lattice dimension (and therefore public key size) during delegation, it is not feasible beyond 2/3 levels. The reason for this is that by level 3 at 160-bit security, the extracted user public key and ciphertext are over 48kB each and so the memory and power consumption becomes impractical. We therefore introduce Skinny Latte which fixes the dimension and show it is realistic for commonly required security levels.
    Skinny Latte utilises techniques from the HIBE scheme of Agrawal, Boneh and Boyen [2010] to maintain a constant lattice dimension after delegation, over structured lattices. It also works in conjunction with fast NTRUSolve and FFTSampling techniques introduced in the Falcon signature scheme NIST submission. This makes it both more compact and faster than existing lattice-based HIBE schemes. We conjecture that Skinny Latte is a feasible solution for quantum-safe communication systems.

  •  
     

    23 JUNE

  • 16.15
    18.15

    Due to a technical issue with the Brighttalk platform this presentation has been postponed to 23 June, 4:15pm CEST.

    Fully Homomorphic Encryption
    Moderated by Kirsty Payne, NCSC

    Homomorphic encryption is one of the technologies allowing the public cloud to operate on secret data without leaking any information about the data. In these two talks, the speakers give a general overview of the capabilities of (fully) homomorphic encryption and of the general security model. They will detail some of the schemes and technologies that make it usable for concrete use-cases and share the latest advances in practical homomorphic encryption with a strong emphasis on applications to deep learning.

    • Homomorphic Encryption for Deep Learning: A Revolution in the Making
      Ilaria Chillotti, Zama
    • Practical Fully Homomorphic Encryption and Applications
      Mariya Georgieva, Inpher Inc.
  •  
     

    19 JUNE

  • 10.30
    12.00

    Industry Applications and Use Cases for Advanced Cryptography
    Moderated by François Ambrosini, Umlaut

    The benefits of Advanced Cryptography are recognised by ETSI, as its members make developments and standards in Identity-Based Cryptography, Attribute-Based Encryption and other forms of Advanced Cryptography. This session focuses on applications of Advanced Cryptography, including a privacy-preserving electronic ticket scheme using attribute-based credentials to protect users' privacy, and a survey on how Attribute-Based Encryption could be deployed to protect mobile networks.

    • Identity-Based Cryptography: The Problems It Solves
      Scott Cadzow, Cadzow Communications
    • Mobile Network with Functional and Flexible Protection -- A Survey of Attribute Based Encryption Applications
      Dr. Yang Cui, Huawei Technologies Co. Ltd.
    • Privacy-Preserving Electronic Ticket Scheme with Attribute-Based Credentials
      Dr. Jinguang Han, Queen's University Belfast, UK

Deploying 5G Securely

  • Noamen Ben Henda (3GPP SA3, chair, Ericsson)
  • Mirko Cano-Soveri (ETSI)
  • Alex Leadbeater (BT)
  • Bengt Sahlin (Ericsson)
  • Stefan Schröder (T-Systems)
  • Marcus Wong (Futurewei)

Cybersecurity Act

  • Sonia Compans (ETSI)
  • Loic Habermacher (Orange)
  • Sven Lachmund (Deutsche Telekom and GSMA)
  • Wei Liu (Huawei)
  • Andreas Mitrakas (ENISA)
  • Jasper Pandza (DCMS)
  • Colin Whorlow (NCSC)

 Even More Advanced Cryptography

  • François Ambrosini (Umlaut)
  • Kirsty P. (NCSC) 

Smart Secure Platform

  • Klaus Vedder (TC SCP chair, Samsung)
  • All TC SCP Officials 
  • Hakim Mkinsi (ETSI)

You may access all the webinar pdf presentation on the ETSI Server.

Recorded events

You can find all virtual presentations from the ETSI Security Week 2020 (and more) under the Recorded tab here below:

Any Questions? Contact us