claudio diotallevi - uic
TRANSCRIPT
![Page 1: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/1.jpg)
![Page 2: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/2.jpg)
Claudio Diotallevi Head of Rail Customer Group Industry & Society - Ericsson
Ericsson
DATA-CENTRIC Security
![Page 3: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/3.jpg)
WELLNESS
HEALTH
CULTURE
MEDIA
MOBILITY
TRANSPORT
TRANSACT
BANKING
FUNCTION
UTILITY
EXCHANGE
RETAIL
LEARNING
EDUCATION
Digital Transformation
![Page 4: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/4.jpg)
Digital Railway
Assets Passengers
Ericsson Confidential
![Page 5: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/5.jpg)
Digital Railway
Passengers
Ericsson Confidential
Sales & distribution
Real time Feedback
Disruption MgMT
![Page 6: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/6.jpg)
Digital Railway
Ericsson Confidential
Assets Asset Utilization
Agility in Resource Allocation
Maintenance Optimization
Fault Prediction and prevention
![Page 7: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/7.jpg)
Digital Railway
Ericsson Confidential
Assets
Cond
ition
Time & Mios Km
Optimal Condition
Potential Failure
Fault
![Page 8: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/8.jpg)
Digital Railway
Ericsson Confidential
Cond
ition
Time & Mios Km
Optimal Condition
Potential Failure
Fault
• Production – Increased reliability, decrease downtime and increase availability.
• Cost – Reduced costs with optimized maintenance regime.
• Risk – Reduced probability of failures that impact safety and environment
• Documentation – Provides a new robust maintenance design justification file.
• Optimized list of spare parts – Improved inventory management
![Page 9: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/9.jpg)
Mobile networks will enable The DigiTal Railway
5g USE CASES
SMART VEHICLES, TRANSPORT & INFRASTRUCTURE
BROADBAND EXPERIENCE EVERYWHERE, ANYTIME
MEDIA EVERYWHERE
INTERACTION HUMAN-IOT
CRITICAL CONTROL OF REMOTE DEVICES
Commercial in confidence | © Ericsson AB 2016
![Page 10: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/10.jpg)
New Security requirements
SMART VEHICLES, TRANSPORT & INFRASTRUCTURE
BROADBAND EXPERIENCE EVERYWHERE, ANYTIME
MEDIA EVERYWHERE
INTERACTION HUMAN-IOT
CRITICAL CONTROL OF REMOTE DEVICES
Commercial in confidence | © Ericsson AB 2016
• New business and Trust Models;
• New Service Delivery models,
• Evolved Threat Landscape
• Increased concern for privacy.
![Page 11: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/11.jpg)
• IP and Trade Secret theft • Service bypass • Data integrity
• Zero-day exploits • Corporate espionage
• Criminal darknet • Ransomware • App malware • Social engineering
Sophisticated and organized Threat Actors
Advanced threats and
tech landscape
![Page 12: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/12.jpg)
Once Inside
• What information was accessed?
• What information was deleted ?
• What information did they manipulate ?
• How quickly can I recover?
205 Days Average Dwell Time of Attack
Breach Detection
What if you reduce the dwell time of the attack?
Value & Impact?
Source Mand
![Page 13: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/13.jpg)
Todays Mitigation - Perimeter Protection
ATTACKER
INSIDER
PERIMETER
Walled Perimeter Where is my Data? Has Data been changed? Who access to Data? What about Cloud?
![Page 14: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/14.jpg)
New Focus
From Perimeter and Asset Protection to Real-Time Verification
Executives and Boards recognize that Threats will never be completely eliminated, while regulatory and compliance requirements will become more stringent
![Page 15: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/15.jpg)
Data Centric Security
AVAILABILITY
CONFIDENTIALITY
unauthorized parties are not able view the data
information/service is accessible to the authorized users at all times.
accuracy and consistency of systems and
data
KSI INTEGRITY
![Page 16: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/16.jpg)
Data Centric Security
Keyless Signature Infrastructure® (KSITM)
is a block chain technology developed by Guardtime (Estonia)
KSI block chain is a public ledger that provides proof of time, integrity and attribution of origin of electronic data
KSI uses only hash-function based cryptography to make KSI data signature mathematically provable
Digital Asset
![Page 17: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/17.jpg)
Ericsson KSI Solution
GATEWAY
KSI CLIENT Data owner application
Access to service
CUSTOMER
CALENDAR BLOCKCHAIN
AGGREGATION
Time
Distributed hash-tree
SERVICE PROVIDER
![Page 18: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/18.jpg)
Use Cases
Virtualization Routing Tables Configuration Storage
![Page 19: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/19.jpg)
Supplier1 Supplier2 Integrator A Commissioning Operations
Supplier1 site Supplier2 site GE site Customer site Customer site
Integrator B
Supplier 3 site
Integration
Supplier 3
Customer Customer
check
check
Supplier2
Supplier2 site
MkVI Check (at maintenance)
.......
change
change change change change
Supplier2
Supplier2 site
HMI
change
SDK
SDK
SDK SDK
Supply Chain Integrity
![Page 20: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/20.jpg)
IOT Device
![Page 21: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/21.jpg)
Connected vehicle software over-the-air (SOTA)
• Chain of custody and traceability
of the SOTA deliveries over the whole SW supply chain
• Capability to detect malicious SOTA deliverables
• Capability to assure the legitimacy of the installed software
![Page 22: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/22.jpg)
Connected vehicle software over-the-air (SOTA)
• Chain of custody and traceability
of the SOTA deliveries over the whole SW supply chain
• Capability to detect malicious SOTA deliverables
• Capability to assure the legitimacy of the installed software
![Page 23: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/23.jpg)
Uns
truct
ured
Dat
a fro
m
Mul
tiple
Sou
rces
n x Slave Node Master Node
Query Submission
Hadoop Client
Query Result
HDFS User Data Sources
Big Data Regulatory Compliance
Data is signed before it is distributed across the Hadoop cluster
![Page 24: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/24.jpg)
Trusted Data Sharing
Exchange and Sharing of Digital Assets among independent parties
without Trusted Authority or Clearing House functions
![Page 25: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/25.jpg)
KSI Benefits
• Offline The system does not require network connectivity for verification
• Carrier Grade
KSI infrastructure is able to deliver 99,999% availability
• Post-Quantum The proof stays valid even assuming functioning quantum computers
• Portable Data can be verified even after that has crossed organizational boundaries
• Long term validity Proof is based only on the properties of hash functions
• Supports near real-time protection KSI verifications require only milliseconds which allows clients to perform continuous monitoring and tamper detection
• Prove Proof of time and integrity of electronic data as well as attribution of origin
• Massively scalable System performance is practically independent of the number of clients
• Open verification One needs to trust publicly available information only
![Page 26: Claudio Diotallevi - UIC](https://reader033.vdocument.in/reader033/viewer/2022050612/6273952e8e55332615504628/html5/thumbnails/26.jpg)
Ericsson Security Offering