FI-PPP Business Opportunities for SMEs thierry.nagellen@orange.com pascal.bisson@thalesgroup.com April, 16th 2014 AGENDA Part 1: Future Internet Public Private Partnership introduction Part 2: FI-WARE, FI-Lab & FI-Ops: what’s that? Part 3: FI-WARE websites Part 4: Open Specs and API: opportunities for SMEs Part 5: Some Generic Enablers Implementations Part 6: Sum up for SMEs 1 PART 1 Future Internet Public Private Partnership Introduction 2 Future Internet Public Private Partnership introduction (1) European initiative to structure collaborative projects into a common program Industrial commitment to push research results to the market (preindustrialisation) Together techno-push and market-pull: • Propose new technologies (European leadership) • Interactions with Use-Cases (fullfiment of market requirements) • Involvement of new partners (especially from vertical sectors) Large budget: 300 M€ with 100 M€ dedicated to SMEs 3 Future Internet Public Private Partnership introduction (2) 04/2013 04/2011 04/2014 04/2015 CONCORD: program coordination INFINITY: infrastructures XiFi infrastructure Envirofi Environnemental Data Outsmart Utilities & Urban Monitoring Finseny Smart Grids FIspace SmartAgri+Logistics Fi-Content 2 Finesce Smart Grid Instant Mobility Multimodal services in urban areas FITMAN manufacturing Safecity Safer Cities FI-Star eHealth I3H FIC3 Finest Interurban Logistics OPEN INNOVATION FI-Content Enriched Content 16 Accelerators SmartAgriFood Fromethe farm to the fork FI-Core: Tech Found. FI-Ware: Core Platform INNOVATE TEST 4 ADOPT ! Future Internet Public Private Partnership introduction (3) More info about the programme and the projects www.fi-ppp.eu 5 FI-PPP(4) Call 3 Future Internet Public Private Partnership introduction Infrastructures Scenarios UC platforms SME WE Generic Enablers WE Phase 3 project ?? WE WE Regional policies Entrepreneurial communities Results phase 1 + 2,… Phase 3 project WE SME ?? SME SME WE WE ?? Phase 3 project SME SME SME WE WE ?? SME WE WE WE ?? WE WE WE WE WE WE ?? SME WE SME SME SME SME ?? ?? WE Services and applications SME SME SME SME SME SME …Involving hundreds of …Brought into …Developing services SMEs and up to 20 projects… and applications. WebEntrepreneurs… Future Internet Public Private Partnership introduction (5) Main messages 7 Video 1 Campus Party 2013 in London 8 PART 2 What’s that ? 9 FI-WARE, FI-Lab, FI-Ops: what’s that? (1) They are 3 products FI-WARE: • Provide Generic Enablers • Something you can use in different ways for your « own »platform • Common part to break the silos FI-Lab • A sandbox to test and use Generic Enablers • Cloud facilities distributed through Europe (5+12 data centers) • What you get: free Virtual Machines (5) + 10Gb FI-Ops: for paltform providers • Tools to deploy and federate the data centers using FI-WARE framework 10 FI-WARE, FI-Lab, FI-Ops: what’s that? (2) FI-WARE: architecture overview 11 FI-WARE Generic Enablers Cloud Enablers Apps Enablers I2ND Enablers Data /Context Enablers IoT Enablers Security Enablers Video 2 FI-WARE Challenges 13 PART 3 FI-WARE Websites 14 FI-WARE websites (1) Everything is on www.fi-ware.org But we will have a quick tour of: • catalogue.fi-ware.org a kind of executive summary per Generic Enabler • edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features • wiki.fi-ware.org the place to find much more details And then, you will be able to create your account on FI-Lab to play and test Generic Enablers • lab.fi-ware.org 15 FI-WARE websites (2) Everything is on www.fi-ware.org 16 FI-WARE websites (3) catalogue.fi-ware.org a kind of executive summary per Generic Enabler 17 FI-WARE websites (4) catalogue.fi-ware.org a kind of executive summary per Generic Enabler Provide feedback 18 FI-WARE websites (5) edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features 19 FI-WARE websites (6) edu.fi-ware.org : you can find detailed courses per Generic Enabler 20 FI-WARE websites (7) wiki.fi-ware.org the place to find much more details Key points ! 21 FI-WARE websites (7) Open Specs API From description to concrete softwares 22 Video 3 Smart City Expo 2013 23 PART 4 Open Specs and API: Opportunities for SMEs 24 Open Specs and API: opportunities for SMEs Open Secs: FREE • Documentation is available • You can understand main features of Generic Enabler: (can be re-use for multiple verticals and associated service platforms) • Your comments are more than welcome! • Become part of the community and share with us, and with your ecosystem API: FREE • For your developers to plug your onw software into Generic Enablers • To develop your own instances of Generic Enablers and be compliant & interoperable • Open or create your paltform/services to/for other verticals • Again, your comments and contributions are more than welcome! Licence models (for concrete softwares) • 70% are now in Open Source => you can contribute ! 25 API example: OMA-NGSI (1) OMA NGSI 9 & 10: API for 11 Generic Enablers Data & Context Management: • Context Broker • Complex Event Processing • Big Data • Location Platform Internet of Things • Backend Device Management • Backend Configuration Manager • Backend Template Handler • Backend IoT Broker • Gateway Data Handling • Gateway Device Management • Gateway Protocol Adapter 26 API example: OMA-NGSI (2) OMA NGSI 9 & 10 Data Model 27 API example: OMA-NGSI (3) OMA NGSI 9 & 10 Operations 28 API example: OMA-NGSI (4) OMA NGSI 10 RESTful interface: resource structure 29 API example: OMA-NGSI (5) OMA NGSI convenience interactions examples 30 Video 4 Campus Party Brazil 2014 31 PART 5 Some Generic Enablers Implementations 32 Internet of Things (1) From Architecture to Implementation Several implementations 33 Internet of Things (2) Multiple implementation are linked to industrial partners technical choices Backend Configuration Manager: Orion vs IoT Discovery • Orion is a fully integrated version of Configuration Manager (IoT) and Context Broker (Data & Context Management) • IoT Discovery is a Configuration Manager with optional features as geographical discovery (which are the things in this geographical area) Gateway Protocol Adapter • At least one instance per specific protocol • Available: Zigbee, Coap & EPC Global (RFID) Other examples in other technical chapters: • Security: Identity Management • Data & Context Management: Context Broker 34 Gateway Data Handling: Esper4FastData (1) Provide intelligence inside gateways and transform data into information in real-time 35 Gateway Data Handling: Esper4FastData (2) Its own detailed architecture 36 Video 5 Kurento demo in Campus Party Brazil 2014 37 Security Architecture FI-WARE: Catalog http://catalogue.fi-ware.eu/ Security Monitoring GE Focus on following features: MulVAL Attack Paths Engine Scored Attack Paths Remediation Security Monitoring GE – V3 - Architectural design Security Monitoring GE service offer For FI-PPP Liaison we offer the following main functionalities: • • • identifying the vulnerabilities and potential attacks, evaluating the business impact, proposing countermeasures and increase the cyber resilience. 4 steps: 1. extract semi-automatically all the information needed 2. generate attack graph by MulVAL 3. calculate the scored attack paths 4. compute some remediations with their cost MulVAL Attack Paths Functions available for the User: Visualized attack tree Global risk level: Score metrics obtained from Common Vulnerability Scoring System (CVSS), Inputs: Automatic collection Information about network topology => via Vulnerability scanners (Nessus, OVAL) and CMDB Machines, Accounts, Network services, Dependency graph, IP / Hostname of the machines Vulnerability identifier Via Common Vulnerabilities and Exposures (http://cve.mitre.org/) Semi automatic Security Policy (Business dependent) SecMon GE feature Attack Path Engine Testbed: http://secmonitoring.testbed.fiware.eu/AttackGraphEngine/attackgraph.jsp 44 Scored Attack Paths Functions available for the User: Extension of the score assessment at the path level Given a target node, each path leading to that node is given a score. The score of each path reflects the risk associated to the path as a whole Business impact scoring (semi manual process) It is left to organisation taking into account the business challenges Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised Rationale: Risk scores provided by MulVAL is not sufficient For each node in the attack graph, a risk score is computed Does not allow a generic assessment of the attack graph as a whole Does not take into account the impact on processes and the business Scored paths are mandatory for the remediation process (prioritization) SecMon GE feature Scored Attack Path Testbed: http://secmonitoring.testbed.fiware.eu/ScoredAttackPaths 46 Remediation app Functions available for the User: Provide tool for proposing cost-sensitive remediations Propose remediations to these attack paths with their cost Validate the chosen remediation Compute different remediation options that could interrupt the selected attack path A path may include several vulnerabilities: each one of them can be targeted separately Eliminating one single condition may interrupt the whole attack path Prerequisites: Needs a remediation database (e.g. patches related to vulnerabilities) Use network topology (automatically collected) to compute which firewall rules could be deployed SecMon GE feature Remediation App Testbed: http://secmonitoring.testbed.fi-ware.eu/Remediation 48 Access Control GE Functions available for the User: RBAC & ABAC policy enforcement with XACML (OASIS standard) REST API for PDP & PAP Multi-tenancy Attribute Sources Flexible accounting OAuth token validation & parsing PEP LDAP directory SQL DB REST/JSON API Easy integration of plugins for other sources (extensible API) Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP Java SDK for custom PEP Thales Use Case: FI-WARE Use Case – Cloud API Access Control GIS Access Control in a C4ISR system for French government & NATO 49 Data Handling GE FI-WARE Security Chapter Focuses on revealing specific attributes or other data according to defined privacy and security conditions Deploys PPL language based on XACML to describe preferences and policies Attaches these preferences and policies to the data Allows definition of a specific retention period Privacy-Preserving Authentication GE FI-WARE Security Chapter Provides building blocks to implement all roles of a privacypreserving authentication system Based on Idemix crypto engine In particular, it allows identity providers to setup an online service for issuing privacy-preserving attribute-based credentials (aka anonymous credentials) end users to generate privacy-preserving tokens to anonymously authenticate to service providers service providers to verify the user-generated tokens with respect to a given access policy Identity Management – DigitalSelf GEFI-WARE Security Chapter Encompasses a number of aspects involved with users' access to networks, services and applications, including Secure and private authentication ‘Authorisation & Trust’ management ‘User Profile’ management Self management of personal data ‘Single Sign-On’ (SSO) to service domains ‘Identity Federation’ towards applications FI-WARE Security Chapter Combined Demonstrator WP8 Combined Demonstrator on Identity Management GE (NSN) Data Handling GE (SAP) Privacy GE (IBM) >> Taking privacy work from ABC4Trust project Making it work in the FI-WARE Platform << FI-WARE WP8 Combined Demonstrator Description of Use-Case Demonstrator illustrates: Anonymous access to file store service Policy based access to resources Use of zero knowledge proof technology (Idemix) By use of the Generic Enablers: Data Handling GE: An enhanced file store service allows access to resources based on “sticky” policies Privacy GE: Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’ and ‘Issuer Service’ Identity GE: An enhanced IDM system provides attributes (PII) needed for issuing credentials Result: While respecting privacy of the user, selective attribute sharing will be supported restricted to the ‘need to know’ principle. EIT-ICT Labs – FI-PPP Liaison Activity Goal 2013 • create established links mutually beneficial between the FI-PPP and the EIT ICT Labs initiatives. › › › 1. Instantiation of FI-WARE Testbed in the Trento Node to serve Living and Territorial Labs, 2. Bringing FI-WARE selected technologies to wide adoption by building new services, 3. Experimenting the Testbed in real cases and Business Model definition. Results • • • Adoption of FI-WARE Testbed as a playground where to inject new technologies (notably service marketplace at large, cloud computing, security, interface to network devices) and on top of which built new services, While the indicated carriers only cover the RTD part of the implementation of the Testbed, with the support of EIT we introduced the Testbed in specific and well focused business or social environments. This goal requires training people and organisations (SMEs in particular), customization of the Testbed according to specific needs coming from business domains and community of users (notably living and territorial labs). FI-WARE, Infinity Digital forensics for (technical) evidence Instantiation of the Testbed and real use cases in specific territorial or living labs, Dedicated workshops with entrepreneurs, notably SMEs, and researchers. The outcomes are intended to boost the adoption of FI technologies within SMEs, Public Administrations, and visionary individuals with the aim of creating new innovative jobs and businesses. EIT Funding Non EIT Funding 75% 400 KEur First experience on SMEs engagement, FI-PPP Liaison 2014 follow-up project will go further. PART 6 Sum up for SMEs 56 Sum up for SMEs Be ready for September 2014 (annoucement of calls mid-September) • Discover FI-WARE Generic Enablers • Use FI-Lab to play with new technologies Be engaged in 2015 • Bring your « commercial » ideas • Be funded to do innovation • Build your new products/services Find additional funding with ACCELERATORs support • Bootstrap your own new business • Think Big to become Bigger (international business) 57 Thanks ! http://fi-ppp.eu http://fi-ware.eu http://lab.fi-ware.eu Follow @Fiware on Twitter ! 58