Ameni Channoufi Secure T identities in IOT
Securing Identities in Cybersecurity and IoT: Highlights from Women Tech Global Conference 2020
Welcome to the recap of the Women Tech Global Conference 2020 session about 'Securing the Identities in IoT,' hosted by the Amazing Women Tech Network. Ameni Shafi, a renowned PPI and IT security consultant, shared insights on Electronic Identities, security, and the Internet of Things (IoT).
About Ameni Shafi
Ameni Shafi is a woman in tech, a founder of Full Tech, and the first president of Full Tech World Tech - a Tunisian association aiming to empower Tunisian women in technology. Also, she is a mentor in a tech innovation program and an ambassador in the Tech Gears program, both promoting women in STEM fields.
Understanding the Basics: PKI and Electronic Certificates
For those unfamiliar with PKI or Public Key Infrastructure, it involves a set of hardware, software, and personnel infrastructure necessary for creating electronic certificates. Electronic certificates are online documents that represent a piece of identity on the internet, useful for identifying the holder of the certificate. These certificates are issued by a trusted third-party authority to ensure their integrity and authenticity
Applications of PKI in IoT
PKI is the technology behind securing online identities of individuals, servers, devices, and things. It is particularly important in various sectors. Here are some applications discussed in the session:
- Electronic Identity (E-ID) projects: Governments worldwide use PKI to secure their citizen's identities. Electronic IDs are used to authenticate individuals on government applications, sign official documents, etc.
- E-Passport projects: PKI is used to authenticate the government-issued electronic passports and protect the sensitive data stored in them, like fingerprints.
- Vehicle to Grid (V2G) projects: In the context of electric cars and smart grids, PKI is used to secure the car's identity and the charging points for authenticated communication.
- Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) projects: In these projects, PKI authenticates vehicles and infrastructure for secure communication, improving road safety and optimizing road transport infrastructure performance.
Wrap Up
Taking part in the Women Tech Global Conference 2020 provided an opportunity to explore various facets of tech, cybersecurity, and IoT, emphasizing the need for secure digital identities for a safer online world. If you missed it, remember to follow Ameni Shafi on LinkedIn for more insights into this fascinating field.
Keep supporting women in tech and watch out for future conferences by the Amazing Women Tech Network!
Video Transcription
Welcome to the uh Women to the Women Tech Global Conference 2020 hosted by the Amazing Women Tech Network. Thank you for giving us this opportunity today to speak it, Security, Electronic Identities, internet of things and the session titled Secure The Identities in IUT.So this session uh will be about 15 to 20 minutes including Q A session. So please feel free to type your questions on the chat box. I will try to answer them in this session or uh link it in. So my name is Ameni Shafi uh from tales uh quick key points in introduction. Uh and to introduce myself, I want to say that I'm a woman in tech field. So I'm home today in this conference. And also I'm an activist in different causes uh that empower women and girls in technology. So I'm a founder of Full Tech and uh the first president of Full Tech World Tech is women in technology. It's a Tunisian uh association that uh aim is to empower Tunisian women in technology. Also an, an alumna of the women program. I'm an Ambassador of Tech Gears program and I'm an mentor in a tech innovation program. So all of these three programs are American programs that globally empower and support women in stem fields. So it's always good to uh introduce my social activities. But today I will uh speak technically about my professional expertise as A PP I and it security consultant working in palace.
It's French company. Uh X gal is the leader in digital security. So it security I think you can know about. It's not strange to know about, but today I will introduce PK I. So I'm not surprised if you don't know what PK I is about. Um But uh I'm not sure you don't know what PK I is about. So what I will introduce in this uh session and I will introduce PP I and how it's used to secure regular identities and IUT identities. So PP I stands for public key infrastructure. So as defined in standards, it's the set of hardware, software and people infrastructure needed to create electronic certificates. So here I think it's another new word, electronic certificates. What is electronic certificates? So it's a document that represents a piece of identity on internet and on online networks to id, identify the holder of the certificate. So as its name uh indicate its certificate and it's given by a third party trusted authority that verifies the physical identity when uh request this certificate. Uh uh So this third party uh enables the verification of the integrity and origin of this certificate. Here, third party can be the government, for example. So in this way, the electronic certificate is used to, I don't a server.
If you know the htps server, it means that this server is a uh authenticated and it has a certificate and it's certified so you can trust it. The certificate can also identify a person like a citizen like us. It's also used for digital signature to sign the document, to sign a contract, to sign a form. Also use it to uh cipher or to encrypt a message the certificate is used for and it's used to authenticate identities in IUT and internet of things to identify things. That's what we will see in this session. So here it's a windows display display of a certificate. So it's about a personal certificate. As you can see, it identifies me on the certificate holder, Aisha Nofi uh it's given by a third party, just a third party, which is my company. So I'm using the certificate at work. This certificate has a validity here. It's valid for three years. And as you see, I can use it to um on uh remote uh computer connections. It means on online internet and I can use it to sign sign documents, sign emails on internet. So that's um what this certificate is uh about to use. So to summarize PP I is the technology behind securing identities of persons, servers, devices and things or these, what I call here T I will now share some PP I applications that I'm working on in te uh company as a PK I consultant and a government uh business line.
So I'm providing consultancy uh to governments around the world and their regular PP I projects to secure the identities of their citizens and E ID projects. So uh lot of governments around the world has the E ID and a lot of citizens has an electronic identity, the E ID card, it's also used to secure EPAS E driver licenses. So uh this for three that we call a regular PP I projects or regular identities. And also it can be used in IUT projects like uh uh smart T gra the smart grid and connected vehicles. All these three PK A projects uh for for IUT are about vehicle. So the thing here is vehicle which is the most T IUT projects is develop technologies for. So I will start by introducing what A ID uh projects is. So a lot of governments around the world have implemented A ID for their citizens. So it's about a plastic card like everyone have if it's electronic or not. But the A ID has a ship in this chip, we can find a registered one or more electronic certificate like the one I shared with you. So this electronic certificate will identify and authenticate the person, the certificate holder, the citizen on uh E gov application. So the A ad is used on internet application and online application, especially the government application here. Speaking about uh about the civil application, taxation, procurement, health and banking application.
With the option also to sign and encrypt the official document, the official government document everything online. We don't have to go to the government institution to prove our identity. So here our identity is proven online and securely proven. So here we trust the uh certificate and we trust this E AD and operation is made by these certificates because it's issued by the government. Another application of PP I is for EPA or what we call travel document here. Uh Also the E ID can be a travel document as well. Uh So here we have two PPIs that the government is implementing to secure the E passport or the travel document. The first one we have to secure the government identity. So here the government has an identity and a certificate to authenticate the governments. So here the government will use a certificate on its name to sign the passport, the document itself to guarantee that the document is authentic and not falsified. So not possi it's not possible to falsify a document that uses PP I. So the first PP I that secures that certifies the docu. The government will uh ensure that the passport is authenticated and not falsified uh at borders, the aspect system who is verifying your passport uh will do it easily.
Um because the the passport authentic by verifying the government certificate that issue with the document by asking IC A U the uh the International Civil Aviation Organization where all trusted government certificate are stored there. So that's the way to uh secure and uh authenticate the passport.
The way that PP I is used. Uh on another side, the passport here contains sensitive information such as our fingerprints. Also it can, it can register the I print the eye print here dependent on the technology. So it's about sensitive information that we want to secure it the maximum. So here uh this information will be checked by the inspection system against the travel fingerprint taken at borders. So it means that this inspection system should be authenticated to access sensitive data stored on cards.
So here it's the second type of uh PP I in this process. So to, it's to certify the inspection system and to give certificates to this inspection system that give them the right to access to our sensitive information. So don't care about your sensitive information, your fingerprint, your asprin at airports, only authorized agents will see it in your E passport. So it's the same process also for the driver license, the E driver license. Uh because in some countries, E driver license is used as an ID or as a travel document. So it's the same process for irregular identities. Uh that was for regular identities and uh for uh IUT now and especially vehicle, that's what we use it to speak about. Uh the T we use it to speak about today as a thing. We can now uh we can now secure the car uh as an identity when interacting online with other things or other identities. The first application of a vehicle connected vehicle is the V two G or V two grids. Here we are speaking about smart grid, we are speaking about electric cars. So we have electric cars widely in Europe in us. Uh So this project uh that clearinghouse are working on, on um to secure the car itself and the charging points, mutual authentication. So here the car not the driver, it's the car has a certificate that authenticates the car itself.
And the charging point also has a certificate that allow uh both entities to be securely uh communicating and exchanging. So here it's about plug and charge functionality. Uh There is, it's an electronic vehicle with uh contract from any mobility operator that can charge at any charging point, not only on this, on this country and in a lot of countries. Uh Thanks to the PP I and to the electronic certificate and electronic identities secured. So here it's aless also cashless. You don't have to pay without need for uh RF ID or mobile identification. So uh only plug and charge how to do it. And also the mobility operator. Uh Here we have a smart billing. Uh The the bills will be uh signed the car will be securely authenticated to the charging system. How we do this, uh it starts uh at the car manufacturer. So here when uh manufacturing the car, we create a certificate for this car and we insert it in. So when buying a car, the car owner will have a contract containing the id of the certificate, the owner has to go to a clearing house and register this ID of certificate. And when first time charging this car will, it will um exchange its certificate with a charging point and with the clearing house from another side and the car will be authenticated and charging profile will be created for this car and the charging operation will be smart, secure and authenticated.
That's for the the uh connected vehicle V two G. Another project I'm I'm working on is the V two V and V two I. So here we're speaking about smart cars in smart cities, so about vehicle to vehicle communication and vehicle to infrastructure communication. The concept here is to allow road vehicles to communicate with other vehicles with roadside infrastructure as well with other road users. So here the goal is to improve road safety by avoiding accidents, reducing their severity at least and a decrease in congestion, optimizing performance and available capacity of existing road transport infrastructure. So uh here the um the uh the the vehicle will messages between them about information supply Warner assistant warning uh to avoid, for example, an accident traffic management. So here each car uh has a certificate that authenticates its vehicle. Not, not only car has a certificate to authenticate itself that will be used to sign the messages sent between cars and infrastructures. So the message sent here are secure message authenticated message uh that we trust and each vehicle trust the message that it receives. So uh here, imagine that if these vehicle are not authenticated, there is no PP I behind and if an hacker interacts and send fake message, we will have this for sure. Uh Oh, well, we still have one or two minutes.
I will uh share the uh a video about uh the V two V. Uh It's about the uh V two V just explaining what the B to B project is about.
This is Chris with the verge and we're here at CE S 2014 looking at Ford's vehicle to vehicle communication. Demo. This is all about safety. We're in a little road course that's set up in a parking lot across the
street. Sorry. Uh I started,
this is Chris with the verge and we're here at CE S 2014 looking at Ford's vehicle to vehicle communication demo. This is all about safety. We're in a little road course that's set up in a parking lot across the street from the Convention Center here at Ce S. There are two Tauruses and they're wired up with this system that's constantly broadcasting information about where the car is what direction it's facing the yaw, the speed. And the concept is that by transmitting that information to other cars, this car can stay safer by knowing where that car is. So the first scenario Ford demonstrated for us was the idea of you overtaking car and an expressway. For instance, a lot of cars now have what are called lists, sensors, which are these little amber lights that are in the side view mirrors that indicate when there's somebody in your blind spot. But the problem is that they don't work at speed necessarily and they don't work when a car is way behind you. So when you have these cars transmitting data to one another, you enable that you don't need a sensor that has to shoot that far behind you. You just communicate via what is effectively a Wi Fi like standard. The car's position is relative to one another. Then the car in front knows, hey, I shouldn't merge over.
So uh I have to drop it but the vehicle to vehicle time is finished. And um we can uh we can share, I can share the uh the, the video with you on linkedin on, on this um on this uh on this presentation on this uh uh the uh on, on the conference web page and on linkedin, just follow me on linkedin. Uh It's Ameni Shafi as it's written here, I will write it on the um chat box and I will answer your questions on the chat post box in this session or uh on a linkedin. Just ping me and all your questions are welcome. Thank you for uh being here and for your support to women tech network and for this uh conference. So uh please uh uh be, be here and support women tech uh conference and I will uh answer all your question. I will uh I I it was my honor to be here today. Uh Thank you for attending this session and uh see you on linkedin. Thank you very much.