ETSI, in cooperation with the European Emergency Number Association (EENA) and NENA: The 9-1-1 Association, is organizing the fourth NG112 Emergency Communications Plugtests™ event to be held remotely with the support of ETSI SC EMTEL. This event will take place from 22 February to 5 March 2021.
The Smart Body Area Network Workshop takes place in the Amphitheatre IRIS.
The oneM2M Developer's tutorial will be presented by Mahdi Ben Alaya.
The Challenging IoT Security & Privacy workshop takes place in the Amphitheatre ATHENA.
The ETSI IoT workshop takes place in the Amphitheatre ATHENA.
Cybersecurity is at the heart of the digital economy. Policy makers are taking up ambitious legislative initiatives for a secure digital economy for Europe and beyond. The industry is challenged to provide products and services which comply with such legislation. And standards are expected to play an important role in support as well. Will the policy, industrial and standardization actions succeed in making the cyber world safer?
The workshop looked at the panorama of cybersecurity, taking in the primary security issues and drivers.
This looked at the major technical issues and challenges to protecting information, infrastructure, customers, industry and assets from attack and failure. Then we reviewed the high-level drivers such as regulations, directives and mandates that help support cybersecurity. Finally, we looked at supporting vulnerability and disclosure schemes.
This event was of interest for those wishing to understand the latest context and direction of Cybersecurity initiatives: This will include C Level (such as CISO, CTOs), those responsible for security and involved in Standards making.
The principal focus of this workshop was on the cyber security aspects of network middleboxes. The term "middlebox" includes any device between user end-points other than a transparent switch. They embrace an enormous number of functional physical and virtual equipment components that exist in the complex paths typically found between communication endpoints. Middleboxes are essential to the operation of all telecommunication and ICT networks today, and large infrastructures will typically have thousands of ubiquitously deployed middleboxes. By almost any metric, middleboxes also represent perhaps the most active and innovative sector of network technology, research, and product development today with scholar research search engines displaying more than 10,000 published papers over the past decade and hundreds of new ones appearing every month. The published papers treating middlebox and transport cryptographic protocols number in the hundreds over the past three years and represent one of the most critically important developments and challenge in the cyber security field today. The workshop objective was significantly related to five new work items of the ETSI Cyber Security Technical Committee to produce a middlebox cyber security protocol (MSP).
The workshop intended to:
Provide a unique global forum for significant technical papers and dialogue from industry and academia on both in-band and out-of-band secure protocols, techniques, and innovations for discovering and managing implementations of middleboxes within operator networks and virtual instantiations at data centres and their controlled, trusted visibility of encrypted traffic for cyber defence and privacy purposes. Provide related use case examples. Consider the usefulness of instantiating the protocols and techniques in publicly available technical specifications with demonstrations.This event was of interest to Industry and academic R&D researchers, cyber security centres of excellence, network and cloud data centre operators, enterprise network users, and public officials concerned about the challenges of cyber security and management of encrypted network traffic between hosted services and user or device end points – especially for mobile, NFV, 5G, automotive, and IoT uses.
ETSI provided free on-line public availability of all papers with persistent identifiers for widespread reference and citation.
Technology changes the world and our societies at a fast pace. Society, public and private sectors have established that digitisation is beneficial and furthermore, fundamental in modern society. So, it deserves resilient IoT products, systems and services, with future-proof IoT security and privacy by default and by design.
At ETSI Security Week 2018, we will discuss these and related opportunities and challenges.
How to address, organize, standardize this dynamic hyper-connected world?
The event is of interest to:
Organizations and stakeholders involved in IoT Security projects Government agencies and organizations working on Security SMEs and Start-Ups driving technology innovation in the domain of Security Solutions Research Institutes & Universities IoT Applications developers, device and infrastructure manufacturers Network Operators Service Providers Network and Systems Security Administrators Security Engineers, architects, consultants Risk Managers Information Security Staff5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.
5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?
The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?
The workshop intends to:
Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain; Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure; Give an update of what is happening in 3GPP 5G security; Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials; Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches; Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs; Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.The 5G Security workshop will be of interest to:
Industry, customers and regulators Researchers and standardizers Research Institutes & Universities SMEs and Start-Ups driving security innovation Chipset and Device Manufacturers Network Infrastructure Manufacturers Network security vendors (firewalls, API gateways) Network Operators and international (IPX) carriers Service ProvidersWhile standards are well in place for signatures created locally by end-users, the market take-up of these solutions has been significantly low due to the unfriendly requirement for the end-user to have a physical device (e.g. dongle, smart card). The market has then been moving to signature creation services hosted in the cloud and managed by Trust Service Providers. These solutions imply moving the user private key from a user-owned device to the cloud and raise security challenges in order to ensure the security of the service. ETSI started to work on this topic in order to bring technical interoperability as well as a high level of assurance of the trust services building on the CEN standard for "server signing". The objective of the standards is to meet the aims of the eIDAS Regulation as well as to meet the general requirements of the European and international community.
The workshop discussed about standardization for remote signature creation services provided by Trust Service Providers, addressing business cases, audit requirements and protocols.
1. Make users of the standards aware of:
Scope of standards and general approach being taken Operation of Protocols Main "policy" requirements to be covered by audit2. Get an idea of some example business use cases
3. Collect initial feedback on standards and public review process
This event was of particular interest for:
Remote signature creation service providers and manufacturers, Major users of signature creation services (e.g. Banks) Audit Bodies, Supervisory Bodies, Policy makers, Other eSignature/eSeal related trust providers.
Page 1 of 2
