Download RIZZO - Security - Docbox

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Cracking of wireless networks wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

TV Everywhere wikipedia , lookup

Transcript 
Potential Smart Grid
standardisation work in ETSI
Security and privacy aspects
Carmine Rizzo on behalf of
Scott CADZOW, C3L
© ETSI 2010. All rights reserved
Contents
 Coordinating security and privacy in smart grids
 Role of TISPAN
 Role of M2M
 Role of others
 Understanding of risk in smart grids
 From attack both accidental and malicious
 Understanding of personal data and privacy in smart grids
 Preservation of consumer privacy
 Resilience modelling
 Support to utility infrastructure
 Support to communications infrastructure
Smart Grids Workshop 14 June 2010 - ETSI
2
Coordinating security for smart grids in ETSI?
 TISPAN
 Ensuring the NGN is protected from, and provides protection for,
services and applications crossing or hosted in core NGNs
 Maintenance and guidance of the “design for assurance” paradigm
 Maintenance and guidance of the “privacy by design” paradigm
 Role of M2M and others
 Use cases, deployment modelling, protocol identification, validation
of core security and privacy models
 Extension to non-NGN and non-Core functionality consistent with
NGN and core functionality for local devices and their interfaces.
Smart Grids Workshop 14 June 2010 - ETSI
3
The NGN as a collection of provider entities
Service
content
(www)
IMS plane
IP network
Smart Grids Workshop 14 June 2010 - ETSI
4
Security protection measures
 CIA paradigm
 Confidentiality
• Is information exchanged across the network only visible to those
authorised to see it?
• Covers encryption and separation technologies
 Integrity
• Has the information exchanged been altered in transit?
• Has the system itself been altered?
 Availability
• Covers a number of topics:
•
•
•
•
Identification (and validation of identity through authentication)
Authorisation (is Ann allowed to perform that function?)
Reliability
Resilience
Smart Grids Workshop 14 June 2010 - ETSI
5
Privacy protection measures
 ISO 15408-2 (Common Criteria) identifies 4 key attributes that
relate to privacy and which are undergoing assessment for
application in the NGN
 Anonymity
• Can a party transact anonymously?
 Pseudonymity
• Can a user mask themselves with an alias?
 Un-Linkability
• Does one provider need to know if another provider is offering services to
the same person?
 Un-Observability
• Does the provider need to ensure that a user may use a resource or
service without others, especially third parties, being able to observe that
the resource or service is being used?
Smart Grids Workshop 14 June 2010 - ETSI
6
Trust in the NGN
 How does the service trust the network?
 How does the content provider trust the service platform?
 Proposal being considered in TISPAN for the NGN
 Keyed authorisation framework
• Variant of X.509 based Privilege Management Infrastructure (PMI)
• Elements of Kerberos ticket granting service too
 Will fully support the LI requirements in the “Dynamic Triggering”
area
 May allow greater trust from users of the core network
 May act as a deterrent to SPAM, DDoS and other attacks
Smart Grids Workshop 14 June 2010 - ETSI
7
Explicit authorisation model
 Assertions
 Content providers require QoS, GoS guarantees
 Network resource is finite
 Detection and prevention of law breaking aids society
 Considerations
 Service providers want customer retention
 Users want privacy
 Users want freedom of expression
 Identification and authentication are not sufficient by themselves
in the NGN and our e-world
 Authorisation and privacy protection have to be added
Smart Grids Workshop 14 June 2010 - ETSI
8
Standardisation of authorisation frameworks
 TISPAN and ETSI
 Expand the models developed in TS 187 016 “TISPAN; NGN Security;
Identity protection (Protection Profile)” and apply them to generic and
specific NGN models
 Mandate them for the NGN core
 ENISA?
 Promotion and encouragement of development
 Others?
 For discussion – but everyone has a role they can play
Smart Grids Workshop 14 June 2010 - ETSI
9
Thanks!
Available for your
?
[email protected]
[email protected]
Related documents
making sustainable energy available for all
making sustainable energy available for all
Internet Safety Lesson - High Point University
Internet Safety Lesson - High Point University
New technologies By all accounts, nanotechnology – the science of
New technologies By all accounts, nanotechnology – the science of
CEPSI 2014 Panel Session Program PS 1. Strategies for Sustainable Growth
CEPSI 2014 Panel Session Program PS 1. Strategies for Sustainable Growth
A Guide to Creating an International Marketing Plan
A Guide to Creating an International Marketing Plan
Network
Network
Smart and Sustainable Manufacturing Call for Papers
Smart and Sustainable Manufacturing Call for Papers
11th ITU Symposium on ICT, Environment and Climate Change 21
11th ITU Symposium on ICT, Environment and Climate Change 21
Datasheet Pelton - Global Hydro Energy
Datasheet Pelton - Global Hydro Energy
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
etsi - hgi * publicly available specification (pas)
etsi - hgi * publicly available specification (pas)
TISPAN-NGN-Status-Perspectives-r1 - Docbox
TISPAN-NGN-Status-Perspectives-r1 - Docbox