FI-PPP Business Opportunities for SMEs

thierry.nagellen@orange.com

pascal.bisson@thalesgroup.com

April, 16th 2014

AGENDA

Part 1: Future Internet Public Private Partnership introduction

Part 2: FI-WARE, FI-Lab & FI-Ops: what’s that?

Part 3: FI-WARE websites

Part 4: Open Specs and API: opportunities for SMEs

Part 5: Some Generic Enablers Implementations

Part 6: Sum up for SMEs

2

PART 1

Future Internet

Public Private Partnership

Introduction

3

Future Internet Public Private Partnership introduction (1)

European initiative to structure collaborative projects into a common program

Industrial commitment to push research results to the market (pre-industrialisation)

Together techno-push and market-pull:

• Propose new technologies (European leadership)

• Interactions with Use-Cases (fullfiment of market requirements)

• Involvement of new partners (especially from vertical sectors)

Large budget: 300 M€ with 100 M€ dedicated to SMEs

4

Future Internet Public Private Partnership introduction (2)

5

OPEN INNOVATION

16 Accelerators

CONCORD: program coordination

INFINITY: infrastructures

Envirofi Environnemental Data

Outsmart Utilities & Urban Monitoring

Finseny Smart GridsInstant Mobility

Multimodal services in urban areas

Safecity Safer Cities

Finest Interurban Logistics

FI-Content Enriched Content

SmartAgriFood Fromethe farm to the fork

FI-Ware: Core Platform

FIspace SmartAgri+Logistics

FITMAN manufacturing

Finesce Smart Grid

Fi-Content 2

FI-Star eHealth

04/2011 04/2013 04/2014 04/2015

XiFi infrastructure

FI-Core: Tech Found.

I3HFIC3

INNOVATETEST

ADOPT !

Future Internet Public Private Partnership introduction (3)

More info about the programme and the projects www.fi-ppp.eu

6

FI-PPP Call 3

ScenariosUC platforms

Infrastructures

GenericEnablers

Regionalpolicies

Entrepreneurialcommunities

Services and applications

Phase 3 project

Phase 3 project

Phase 3 project

Results phase 1 + 2,……Brought intoup to 20 projects…

SME

SME

SMESME

SME

SME

SME

SME

SME

SME

SME

WE

WE

WE??

??

??

SMESME

SME SMESME

SME

SME

WE

SME

WE

WE??

??

??

WEWE

WE

WE

WE WE

WE WE

WE

WE

WE WE

WE

????WE

…Involving hundreds of SMEs and WebEntrepreneurs…

…Developing services and applications.

Future Internet Public Private Partnership introduction (4)

Future Internet Public Private Partnership introduction (5)

Main messages

8

Video 1

Campus Party 2013 in London

9

PART 2

What’s that ?

10

FI-WARE, FI-Lab, FI-Ops: what’s that? (1)

They are 3 products

FI-WARE:

• Provide Generic Enablers

• Something you can use in different ways for your « own »platform

• Common part to break the silos

FI-Lab

• A sandbox to test and use Generic Enablers

• Cloud facilities distributed through Europe (5+12 data centers)

• What you get: free Virtual Machines (5) + 10Gb

FI-Ops: for paltform providers

• Tools to deploy and federate the data centers using FI-WARE framework

11

FI-WARE, FI-Lab, FI-Ops: what’s that? (2)

FI-WARE: architecture overview

12

FI-WARE Generic Enablers

Cloud Enablers

Data /Context Enablers

IoT Enablers

Apps Enablers

I2ND Enablers

Security Enablers

Video 2

FI-WARE Challenges

14

PART 3

FI-WARE Websites

15

FI-WARE websites (1)

Everything is on www.fi-ware.org

But we will have a quick tour of:

• catalogue.fi-ware.org a kind of executive summary per Generic Enabler

• edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features

• wiki.fi-ware.org the place to find much more details

And then, you will be able to create your account on FI-Lab to play and test Generic Enablers

• lab.fi-ware.org

16

FI-WARE websites (2)

Everything is on www.fi-ware.org

17

FI-WARE websites (3)

catalogue.fi-ware.org a kind of executive summary per Generic Enabler

18

FI-WARE websites (4)

catalogue.fi-ware.org a kind of executive summary per Generic Enabler

19

Provide feedback

FI-WARE websites (5)

edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features

20

FI-WARE websites (6)

edu.fi-ware.org : you can find detailed courses per Generic Enabler

21

FI-WARE websites (7)

wiki.fi-ware.org the place to find much more details

22

Key points !

FI-WARE websites (7)

23

API

OpenSpecs

From descriptionto

concrete softwares

Video 3

Smart City Expo 2013

24

PART 4

Open Specs and API:

Opportunities for SMEs

25

Open Specs and API: opportunities for SMEs

26

Open Secs: FREE

• Documentation is available

• You can understand main features of Generic Enabler: (can be re-use for multiple verticals and associated service platforms)

• Your comments are more than welcome!

• Become part of the community and share with us, and with your ecosystem

API: FREE

• For your developers to plug your onw software into Generic Enablers

• To develop your own instances of Generic Enablers and be compliant & interoperable

• Open or create your paltform/services to/for other verticals

• Again, your comments and contributions are more than welcome!

Licence models (for concrete softwares)

• 70% are now in Open Source => you can contribute !

API example: OMA-NGSI (1)

27

OMA NGSI 9 & 10: API for 11 Generic Enablers

Data & Context Management:

• Context Broker

• Complex Event Processing

• Big Data

• Location Platform

Internet of Things

• Backend Device Management

• Backend Configuration Manager

• Backend Template Handler

• Backend IoT Broker

• Gateway Data Handling

• Gateway Device Management

• Gateway Protocol Adapter

API example: OMA-NGSI (2)

28

OMA NGSI 9 & 10 Data Model

API example: OMA-NGSI (3)

29

OMA NGSI 9 & 10 Operations

API example: OMA-NGSI (4)

30

OMA NGSI 10 RESTful interface: resource structure

API example: OMA-NGSI (5)

31

OMA NGSI convenience interactions examples

Video 4

Campus Party Brazil 2014

32

PART 5

Some Generic Enablers

Implementations

33

Internet of Things (1)

From Architecture to Implementation

34

Severalimplementations

Internet of Things (2)

Multiple implementation are linked to industrial partners technical choices

Backend Configuration Manager: Orion vs IoT Discovery

• Orion is a fully integrated version of Configuration Manager (IoT) and Context Broker (Data & Context Management)

• IoT Discovery is a Configuration Manager with optional features as geographical discovery (which are the things in this geographical area)

Gateway Protocol Adapter

• At least one instance per specific protocol • Available: Zigbee, Coap & EPC Global (RFID)

Other examples in other technical chapters:

• Security: Identity Management• Data & Context Management: Context Broker

35

Gateway Data Handling: Esper4FastData (1)

Provide intelligence inside gateways and transform data into information in real-time

36

Gateway Data Handling: Esper4FastData (2)

Its own detailed architecture

37

Video 5

Kurento demo in Campus Party Brazil 2014

38

Security Architecture

FI-WARE: Catalog http://catalogue.fi-ware.eu/

Security Monitoring GE

Focus on following features:MulVAL Attack Paths Engine

Scored Attack Paths

Remediation

Security Monitoring GE – V3 - Architectural design

Security Monitoring GE service offerFor FI-PPP Liaison we offer the following main functionalities:

• identifying the vulnerabilities and potential attacks,

• evaluating the business impact,

• proposing countermeasures and increase the cyber resilience.

4 steps:

1. extract semi-automatically all the information needed

2. generate attack graph by MulVAL

3. calculate the scored attack paths

4. compute some remediations with their cost

MulVAL Attack Paths Functions available for the User:

Visualized attack tree Global risk level: Score metrics

obtained from Common Vulnerability Scoring System (CVSS),

Functions available for the User: Visualized attack tree Global risk level: Score metrics

obtained from Common Vulnerability Scoring System (CVSS),

Inputs: Automatic collection

Information about network topology=> via Vulnerability scanners (Nessus, OVAL) and CMDB

Machines, Accounts, Network services, Dependency graph, IP / Hostname of the machines

Vulnerability identifier Via Common Vulnerabilities and Exposures (http://cve.mitre.org/)

Semi automaticSecurity Policy (Business dependent)

45

SecMon GE feature Attack Path Engine

Testbed:

http://secmonitoring.testbed.fi-ware.eu/AttackGraphEngine/attackgraph.jsp

Scored Attack Paths

Functions available for the User:

Extension of the score assessment at the path level Given a target node, each

path leading to that node is given a score.

The score of each path reflects the risk associated to the path as a whole

Business impact scoring (semi manual process)It is left to organisation taking into account the business challenges

Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised

Functions available for the User:

Extension of the score assessment at the path level Given a target node, each

path leading to that node is given a score.

The score of each path reflects the risk associated to the path as a whole

Business impact scoring (semi manual process)It is left to organisation taking into account the business challenges

Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised

Rationale: Risk scores provided by MulVAL is not sufficient

For each node in the attack graph, a risk score is computed

Does not allow a generic assessment of the attack graph as a wholeDoes not take into account the impact on processes and the business

Scored paths are mandatory for the remediation process (prioritization)

47

SecMon GE feature Scored Attack Path

Testbed:

http://secmonitoring.testbed.fi-ware.eu/ScoredAttackPaths

Remediation app

Functions available for the User:

Provide tool for proposing cost-sensitive remediations Propose remediations to

these attack paths with their cost

Validate the chosen remediation

Compute different remediation options that could interrupt the selected attack path A path may include several

vulnerabilities: each one of them can be targeted separately

Eliminating one single condition may interrupt the whole attack path

Functions available for the User:

Provide tool for proposing cost-sensitive remediations Propose remediations to

these attack paths with their cost

Validate the chosen remediation

Compute different remediation options that could interrupt the selected attack path A path may include several

vulnerabilities: each one of them can be targeted separately

Eliminating one single condition may interrupt the whole attack path Prerequisites:

Needs a remediation database (e.g. patches related to vulnerabilities)Use network topology (automatically collected) to compute which firewall rules could be deployed

49

SecMon GE feature Remediation App

Testbed:

http://secmonitoring.testbed.fi-ware.eu/Remediation

50

Access Control GE Functions available for the User:

RBAC & ABAC policy enforcement with XACML (OASIS standard)

REST API for PDP & PAP Multi-tenancy Attribute Sources

LDAP directory SQL DB REST/JSON API Easy integration of plugins for

other sources (extensible API) Flexible accounting OAuth token validation & parsing PEP

Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP

Java SDK for custom PEP

Functions available for the User:

RBAC & ABAC policy enforcement with XACML (OASIS standard)

REST API for PDP & PAP Multi-tenancy Attribute Sources

LDAP directory SQL DB REST/JSON API Easy integration of plugins for

other sources (extensible API) Flexible accounting OAuth token validation & parsing PEP

Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP

Java SDK for custom PEP

FI-WARE Use Case – Cloud API Access Control Thales Use Case: GIS Access Control in a C4ISR system for French government & NATO

FI-WARE Security ChapterData Handling GE

Focuses on revealing specific attributes or other data according to defined privacy and security conditions

Deploys PPL language based on XACML to describe preferences and policies

Attaches these preferences and policies to the data

Allows definition of a specific retention period

FI-WARE Security Chapter

Privacy-Preserving Authentication GE

Provides building blocks to implement all roles of a privacy-preserving authentication system

Based on Idemix crypto engine

In particular, it allows identity providers to setup an online service for issuing

privacy-preserving attribute-based credentials (aka anonymous credentials)

end users to generate privacy-preserving tokens to anonymously authenticate to service providers

service providers to verify the user-generated tokens with respect to a given access policy

GEFI-WARE Security ChapterIdentity Management – DigitalSelf

Encompasses a number of aspects involved with users' access to networks, services and applications, including

Secure and private authentication

‘Authorisation & Trust’ management

‘User Profile’ management

Self management of personal data

‘Single Sign-On’ (SSO) to service domains

‘Identity Federation’ towards applications

Combined DemonstratorFI-WARE Security Chapter

WP8 Combined Demonstrator on Identity Management GE (NSN) Data Handling GE (SAP) Privacy GE (IBM)

>> Taking privacy work from ABC4Trust project Making it work in the FI-WARE Platform <<

Description of Use-CaseFI-WARE WP8 Combined Demonstrator

Demonstrator illustrates:Anonymous access to file store servicePolicy based access to resourcesUse of zero knowledge proof technology (Idemix)

By use of the Generic Enablers:Data Handling GE:An enhanced file store service allows access to resources based on “sticky” policiesPrivacy GE:Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’ and ‘Issuer Service’Identity GE:An enhanced IDM system provides attributes (PII) needed for issuing credentials

Result:While respecting privacy of the user, selective attribute sharing will be supportedrestricted to the ‘need to know’ principle.

EIT-ICT Labs – FI-PPP Liaison ActivityGoal 2013

• create established links mutually beneficial between the FI-PPP and the EIT ICT Labs initiatives.

› 1. Instantiation of FI-WARE Testbed in the Trento Node to serve Living and Territorial Labs,

› 2. Bringing FI-WARE selected technologies to wide adoption by building new services,

› 3. Experimenting the Testbed in real cases and Business Model definition.

Results

• Adoption of FI-WARE Testbed as a playground where to inject new technologies (notably service marketplace at large, cloud computing, security, interface to network devices) and on top of which built new services,

• Instantiation of the Testbed and real use cases in specific territorial or living labs,

• Dedicated workshops with entrepreneurs, notably SMEs, and researchers. The outcomes are intended to boost the adoption of FI technologies within SMEs, Public Administrations, and visionary individuals with the aim of creating new innovative jobs and businesses.

FI-WARE, InfinityFI-WARE, Infinity

EIT Funding400 KEur

Non EIT Funding 75%

Digital forensics for (technical) evidence

While the indicated carriers only cover the RTD part of the implementation of the Testbed, with the support of EIT we introduced the Testbed in specific and well focused business or social environments. This goal requires training people and organisations (SMEs in particular), customization of the Testbed according to specific needs coming from business domains and community of users (notably living and territorial labs).

First experience on SMEs engagement, FI-PPP Liaison 2014 follow-up project will go further.

PART 6

Sum up for SMEs

57

Sum up for SMEs

Be ready for September 2014 (annoucement of calls mid-September)

• Discover FI-WARE Generic Enablers

• Use FI-Lab to play with new technologies

Be engaged in 2015

• Bring your « commercial » ideas

• Be funded to do innovation

• Build your new products/services

Find additional funding with ACCELERATORs support

• Bootstrap your own new business

• Think Big to become Bigger (international business)

58

http://fi-ppp.eu

http://fi-ware.eu

http://lab.fi-ware.eu

Follow @Fiware on Twitter !

Thanks !

59