TU/e > Dept. of Mathematics and Computer Science > Security Group > research

EUROPEAN FUNDING

• TAS3

  

  EU Integrated Project
  Duration: January 2008 until December 2012

  Trusted Architecture for Securely Shared Services (TAS³) is a European Integrated Project with 19 partners, combining expertise of universities such as TU/e, KU Leuven, Kent, Karlsruhe and companies such as SAP and ORACLE.
  An increasing number of on-line services is based on personal information that is gathered over a human lifetime. This data is created and stored in different contexts by different authorities which may not use the same terminology. TAS³'s challenge is twofold: to give trusted services a complete picture of the relevant data and to empower the user to control how his private data can be used.
  The TAS³ project will provide an architecture enabling trustworthy interoperation of services. We will build on ontology hierarchies to enable services to find a common terminology for their interaction. Services, users, and the architecture itself need to generate the appropriate levels of trust. Therefore, TAS³ will build on state-of-the-art techniques for data protection, authentication and authorization, investigate new and powerful ways to manage trust and securely adapt live business processes and incorporate the legal setting in which the services must work.
  Applicability of the general TAS³ architecture is shown in two application areas with a clear need for a trustworthiness of data and services:

  • Electronic Health Services combine processes and information from different health care sources; hospital, GP, home care and monitoring.
  • Employability Services match job openings with jobseekers based on trusted personal portfolios containing information from many sources.

  
  
  Further information: http://www.tas3.eu/



• PRIAM: Privacy Issues and AMbient intelligence

  

  INRIA/Univ. St. Etienne collaboration, funded by INRIA
  Duration: January 2007 until December 2008
  Contact: Sandro Etalle

  Privacy policies are difficult to characterize, to specify and to implement. In addition, enforcing privacy cannot be tackled exclusively by technical means: this is clearly one of the areas where strong interactions are required between experts from various disciplines (at least technology, law, social sciences and economy). The PRIAM project is being put forward precisely to address these issues in a transversal and multidisciplinary way. To this aim, it includes partners from the technological camp (two groups with a formal methods background and two groups with a more practical orientation) and one partner from legal and social sciences. In addition, the participation of a European partner expert in the definition of privacy policies will ensure that the project does not take a French bias in the assessment of privacy issues.
  
  

  Further information: http://priam.citi.insa-lyon.fr/

NATIONAL FUNDING

• POSEIDON: System Evolvability and Reliability of Systems of Systems

  

  ESI/Thales collaboration, funded by BSIK
  Duration: June 2007 until June 2011
  Contact: Sandro Etalle

  The Poseidon project rises to the challenge to discover new ways on how to build advanced systems of systems, and therefore on how to allow for flexibility, adaptability and evolvability in systems of systems while ensuring reliability -- a crucial requirement, not only in the domain of maritime safety systems that provides Poseidon's exemplary application and the industrial laboratory needed for its success.

  
  
  Further information: http://www.esi.nl/poseidon



• PEARL: Privacy Enhanced security Architecture for RFID Labels

  

  TU/e/RUN/TUD collaboration, funded by STW/Sentinels under project nr. EIT.7639
  Duration: January 2007 until January 2011
  Contact: Sandro Etalle

  The goal of the PEARL project is to develop practical security controls for RFID-based systems, and a corresponding assessment methodology. The PEARL project addresses these two topics in two strongly connected themes. Theme A concerns the design of security and privacy controls and theme B concerns the assessment of the security and privacy properties of an RFID system. Both themes involve the development of novel methods and models, which will be validated through the interaction with our industrial partners. Due to resource constraints a roaming agent faces a dilemma between legitimate use and hostile tracking.

  
  
  Further information: http://www.pearl-project.org/



• S-Mobile: Security of Software and Services for Mobile Systems

  VU collaboration, funded by STW/Sentinels under project nr. VIT.7627
  Duration: January 2007 until January 2011
  Contact: Sandro Etalle

  The objective of S-Mobile is to create a framework and technological solutions for trusted deployment and execution of mobile applications in heterogeneous environments. While today the development of third party applications for mobile platforms (i.e. mobile phones, cars, etc.) is tightly controlled by single entities (i.e. telecom operators, mainly due to security risks), there is a need to open the software market of nomadic devices (from smart phones to PDA, from RFID systems to cars) to third party applications with a higher degree of assurance. S-Mobile will make this possible by extending the existing security model beyond the sandbox model and by integrating mechanisms for trust management and credentials negotiation. A licence-based security mechanism will lie at the core of the framework. A licence will be associated to each application stating in detail what are the capabilities needed to be executed. A licence is a fine-grained claim done by a mobile application regarding the interaction with relevant security and privacy features of a mobile platform. This licence should be published by applications, understood by devices and all stakeholders (users, mobile operators, developers, platform developers, etc.). The licence should be enforced at time of delivery and loading, and during execution of the application by the mobile platform. The resulting new paradigm will not replace, but enhance existing security mechanism, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed.

  
  
  Further information: http://www.few.vu.nl/~mconti/prj/smobile/smobile.html



• PINPASJC: Program Inferred Power Analysis in Software -- JavaCard

  

  TU/e/RUN collaboration, funded by STW/Sentinels under project nr. TIF.6687
  Duration: January 2005 until December 2008
  Contact: Sandro Etalle/Jerry den Hartog

  The PINPAS JC project aims to improve the scientific understanding of side-channels attacks, in particular for the new generation JavaCard smartcards. Such understanding is necessary to identify threats, to specify and evaluate countermeasures, both in relation to JavaCard applications and to the underlying JavaCard platform. More concretely, the aim is to develop techniques, design criteria, and associated tools that can be used to ensure resilience to side-channels attacks, in the design and development phase as well as in the evaluation phase.
  
  

  Further information: http://www.win.tue.nl/pinpasjc/



• CREST: Collusion RESistant Tracing

  Collaboration of EiPSI, Civolution and Irdeto, funded by STW/Sentinels
  Duration: until December 2012
  Contact: Boris Skoric

  The CREST project (Collusion RESistant Tracing) investigates the resilience of digital watermarks against coalition attacks. A watermark is a sequence of hidden data embedded in audio/video or other data, and is intended e.g. to trace the origin and distribution of files. A collusion attack is an attempt by multiple people, who each possess a differently marked version of the same file, to remove or distort the watermark. The cat-and-mouse game of attack and defense gives rise to nontrivial mathematics, involving combinatorics, coding theory, information theory and broadcast encryption. The practical side is equally complex, with much work in progress on attack strategies, signal processing attacks, optimal code constructions, efficient decoding algorithms, and embedding methods.
  CREST is a joint project of EiPSI (Eindhoven Institute for the Protection of Systems and Information) and two industrial partners, Civolution and Irdeto. The aim of the CREST project is to make progress on both the mathematical understanding and practical realization of collusion resistant watermarking.
  
  Further information: http://www.win.tue.nl/CREST/



• Mobiman: Identity Management for Mobile Devices

  

  Collaboration of TU/e, Radboud University Nijmegen, TNO, Novay and Ericsson, funded by STW/Sentinels
  Duration: from January 2010 until December 2014
  Contact: Sandro Etalle

  Mobile devices such as GSM phones, PDA's, RFID, offer a technological platform which can help solving the problems of ID management for the roaming user, as they can be employed as trusted control interface for applications using personal and privacy sensitive information. However, the implementation of identity management concepts on mobile devices with their typical restrictions and features is still a challenge. The aim of the project is to contribute to a solution to give the user full control over his mobile identity (i.e., the digital identity of an entity when using a mobile device), in a flexible and privacy-friendly manner, by relying on their mobile devices as identity proxy and identity agent.
  
  

  Further information: http://www.mobiman.me/



• uCan - A universal web-centric CAN-interface

  Collaboration of Beijer Automotive BV, TASS BV and Technische Universiteit Eindhoven
  Duration: from September 2010 until August 2012
  Contact: Sandro Etalle

  Vehicle data is already available on the CAN-bus (Controller area network) operating network of all modern vehicles. Combined with GPS and GPRS data this data can play an important role in connected automotive services.
  Current in-car CAN-interfaces are application specific. To make CAN-vehicle data available on-line in real-time a universal aftermarket OBU (On Board Unit) which can be configured remotely is needed. In addition, by supporting 3G/4G communication the new OBU becomes and in-car communication platform which provides the outside world with access to the car network and visa versa. The car becomes part of the automotive network.
  By letting the OBU communicate on-line with a web-based server the vehicle data is made centrally available in real-time. Building the server as a scalable and secure open service platform will enable support use of the network of vehicles by existing and new commercial and government service-providers.
  
  

  Further information: http://www.ucan-solutions.com/



• Trusted Healthcare Services (THeCS) Project: COMMIT program

  

  Duration: from 2012 until August 2016
  Contact: Milan Petkovic

  Trusted Healthcare Services (THeCS) is a Dutch national project in the COMMIT program with 11 partners including representatives from industry, Dutch research institutes, Dutch universities and hospitals. The project addresses trust as one of the key issues for new eHealth services. Novel eHealth services include home healthcare and rehabilitation services as well as patient portals in professional medical world. In these services, healthcare providers need to trust the patient data they obtain remotely from the measurement devices deployed in patient’s home. Additionally, patients need to trust the service in general, as well as that the service will properly protect their personal data. Standard internet security techniques provide authentication and encryption of the communication with a service provider. However they do not provide the user with means to judge the trustworthiness and control how a service provider will actually use personal information. The patient must be able to make an informed decision to trust a service provider on the basis of facts, such as reputation, and security attributes.
  THeCS project aims to create measurable and enforceable trust. This notion is new for electronic healthcare services (and for internet services in general), and it is fundamental for their success. This project creates new techniques to measure and control the reliability and use of (healthcare) information. These techniques allow users and service providers to trust each other and to benefit from these new services. In a healthcare setting, trust is of special relevance because of the sensitive and personal nature of health information and because of the possibly very adverse consequences of late or incorrect decisions related to one’s health.
  
  

  Further information: http://www.commit-nl.nl/projects/trusted-healthcare-services /
  http://security1.win.tue.nl/THeCS/