Please go here for short summaries in Dutch.

Please go here (and scroll down to Innovatiemarkt) for posters of Sentinels projects.

Please go to www.sentinels.nl/projects/documents for relevant documents for project members, user committee members and Sentinels researchers.

S-Mobile: Security of software and services for mobile systems

dr. Bruno Crispo, VU - Computersystemen

The objective of S-Mobile is to create a framework and technological solutions for trusted deployment and execution of mobile applications in heterogeneous environments.

While today the development of third party applications for mobile platforms (i.e. mobile phones, cars, etc.) is tightly controlled by single entities (i.e. telecom operators, mainly due to security risks), there is a need to open the software market of nomadic devices (from smart phones to PDA, from RFID systems to cars) to third party applications with a higher degree of assurance.

S-Mobile will make this possible by extending the existing security model beyond the sandbox model and by integrating mechanisms for trust management and credentials negotiation.

A licence-based security mechanism will lie at the core of the framework. A licence will be associated to each application stating in detail what are the capabilities needed to be executed. A licence is a fine-grained claim done by a mobile application regarding the interaction with relevant security and privacy features of a mobile platform. This licence should be published by applications, understood by devices and all stakeholders (users, mobile operators, developers, platform developers, etc.). The licence should be enforced at time of delivery and loading, and during execution of the application by the mobile platform.

The resulting new paradigm will not replace, but enhance existing security mechanisms, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed.

Participating companies: Philips Research, TNO ICT

VISPER: The virtual security perimeter for digital, physical, and organisational security

prof.dr. Pieter H. Hartel, UT - Signals and Systems Group

The security perimeter, which once was simply defined as the fence around the premises of an organisation, is becoming increasingly flexible and adaptable to the environment and the circumstances. We call this process re-perimeterisation (ReP). The effects of ReP are felt in the digital domain (where data moves from organisation to organisation through networks), the social domain (where one individual may play a variety of roles in cooperating organisations) and the physical domain (where appliances such as mobile phones and laptops move around).

Re-perimeterisation brings about new security risks because of the difficulty of keeping the domains aligned. For example, stealing a laptop (social domain) with a motion sensor triggers an alarm (physical domain), which then selects a security policy that blocks access to all sensitive data (digital domain). By making the security perimeter explicit in business processes, security policies and security mechanisms, we intend to foster alignment of the three domains. This would then mitigate the risks of ReP.

Webpage VISPER.

Participating companies: Atos Origin, Belastingdienst, BiZZdesign, Fox-IT, Getronics PinkRoccade

SEDAN: Searchable data encryption

prof.dr.ir. Henk C.A. van Tilborg, TU/e - Coding and Cryptography group

Nowadays, personal data is stored at very diverse places. Consider, for instance, the emails handled by free web mail services, the personal preferences in an Ambient Intelligence setting, or medical data (e.g. the Dutch electronic patient record). In our increasingly connected world, personal data is often outsourced to external servers, some servers may even be in other countries.

This development raises concerns about the security and privacy of those data. The results of this project will allow us to address these concerns by storing the data in an encrypted format such that unauthorized parties (the storage server may even be one of them) cannot read the data, while still allowing efficient querying of the data by authorized parties. Building trust and confidence as well as enabling secure data access is paramount in this setting.

With XML becoming the dominant standard for describing and exchanging data, a huge amount of XML-formatted data is being produced, outsourced, and manipulated by different applications across multiple enterprizes on the Internet. The need to protect outsourced data from being disclosed and/or tampered with is growing rapidly. A typical technique for achieving security is to distribute and outsource data in encrypted form. However, this usually implies that one has to sacrifice efficiency for the obtained security.

In this project, we aim to bring the worlds of security and data management closer to each other. In particular, we will focus on efficient querying of encrypted XML data, where the major challenge lies in the development of techniques that deal with the seemingly contradictory requirements of security and efficiency. The main objective of this project is to build a multi-user database system capable of searching in encrypted data with powerful nested query capabilities.

Participating companies: Philips Research

VRIEND: Value-based security risk mitigation in enterprise networks that are decentralized

prof.dr. Roel J. Wieringa, UT – Information Systems Group

In industrial practice, security engineering is risk management: how to mitigate security risk given a finite budget? Today the IT of a business is connected to that of others in a value web of business partners, suppliers and customers, each of whom has its own confidentiality, integrity and availability requirements. This creates new security challenges, because there is no central decision-making authority in these networks. The question to be investigated in VRIEND is how to extend current risk management practices with methods and techniques to deal with security risks in decentralized networks.

We will investigate this, firstly, by developing methods and techniques to build up a security baseline for a value web, which is a set of security patterns agreed upon by members of a value web, of which the risk-mitigating properties have been quantitavely specified, and which are related to business goals and external legislation that therse patterns help to achieve. Secondly, we will develop quantitative techniques for security architecture design in decentralized networks, by means of which in a business project can compose the security mechanisms in the baseline into a security architecture of the business project result.

In a value web where each business has its own commercial interests, architecture design must use cost/benefit techniques to lead to agreement among different business partners. We will develop dynamic quantitative techniques, that allow businesses to incorporate the appearance of new security mechanisms, the occurrence of new threats or incidents, and of changes in security goals over time.

Webpage VRIEND.

Participating companies: Akzo Nobel, Corus, DSM, Hoffmann Bedrijfsrecherche, Philips Research

PEARL: Privacy enhanced security architecture for RFID labels

dr. Sandro Etalle, UT - Computer Science

In Radio Frequency Identification (RFID) systems very small RF tags communicate wirelessly with tag readers as soon as they are close enough to each other. The data transmitted by the tag can provide identification or location information, or specifics about the product tagged. RFID systems have great potential for further automating warehousing, tracking & tracing, and can help prevent fraud or counterfeiting.

Widespread use of RFID tags would raise enormous privacy concerns. RFID tags embedded in clothes - for inventory managment or to prevent shoplifting - could be exploited (after the purchase) to track your movements. Moreover, warehousing based on RFID technology increases the risk of corporate espionage.

Classical security measures or privacy enhancing technologies cannot be applied to RFID systems due to their pervasiveness and limited computing power. The goal of this project is to develop tools and methodologies as well as their theoretical foundations for using RFID systems while preserving the user's privacy. We will formally model the relevant privacy and security properties, develop new privacy enhancing protocols for the extremely resource constrained RFID environment, shape a context in which the user can check the privacy policies enforced by the RFID-based application, and develop methods to secure the integration of RFID tags and the backoffice applications that will support them.

Webpage PEARL.

Participating companies: Philips Research, TNO ICT

JASON, Generic and Secure Remote Management Infrastructure

dr. Erik Poll, RU - Security of Systems

The core of the practical problem in this project is to build remotely manageable devices, that are owned, controlled and/or accessed by several different parties with different, sometimes even conflicting interests. Several applications of such devices will appear in the near future. For these devices to be successful, they will have to satisfy strong security and privacy guarantees.

To this end, the JASON project develops a secure, object oriented, distributed programming platform for smart cards and embedded systems that provides

• separation of concerns: application programmer only needs to specify the security properties, not implement them, and
• generic secure access to objects and their methods, irrespective of their current location.

Webpage JASON.

Participating company: Chess

IPID, Integrated Policy-based Intrusion Detection

prof. dr. R.J. (Roel) Wieringa, UT – Information Systems Group

Currently available intrusion detection tools monitor events at a relatively low level of abstraction. Due to the large number of events that occur at that level, and due to the low abstraction level, these tools are either ineffective (by generating a large number of false negatives) or inefficient (by generating a large number of false positives). The objective of IPID is to increase both effectiveness and efficiency of these tools by relating low-level events to a smaller number of events at a high level that are meaningful to the business.

Webpage IPID.

Participating companies: Rabobank Nederland, TNO ICT

Practical Approaches to Secure Cooperation

prof. dr. R.J.F. (Ronald) Cramer, CWI - Cryptology and Information Security Research

This project focuses on cryptographic primitives and methods which do not yet belong to the standard toolkit of the security engineer, as opposed to methods for establishing private or authentic channels. We strongly believe that there is now a need to further strengthen the efforts to modernise the existing and very well traveled bridge between cryptography research and the real world, so that more security tools of a fundamental nature can be transferred across it.

It is especially worthwhile when this concerns tools that enable enhanced security levels or new security sensitive applications that could otherwise not be realized satisfactorily by a combination of already more standard security tools. Our project intends to contribute in that direction.

Concretely, in this project we apply this philosophy to elements from the area of Secure Computation, a very broad, active and fundamental field of cryptographic research. This area is fairly well understood in the cryptographic literature, at least in its basic incarnations and in a theoretical sense.

As opposed to the situation where two trusting parties wish to secure their communication channel from malicious outsiders, Secure Computation can deal with a fundamentally different scenario of two or more parties who wish to achieve some given joint task securely even though they are mutually distrusting and wish to keep sensitive, private information secret from each other. This is sometimes called multi-lateral security, as opposed to unilateral security in the case of secure communications.

We zero in on those methods and applications of Secure Computation which we see most fit for transfer to the real world in a short or medium time-frame. This presents an interesting and important research challenge, with a possible impact on security engineering in the near future. Example application areas include Digital Rights Management and Biometric Authentication, Threshold Cryptography, Profile Matching and Secure Datamining.

As a starting point for our research, we will take general results on Secure Computation, including recent results by the members of our project team, and study the possibilities of suitably specializing them to our practical applications. Our expectation is that we will design attractive solutions of practical value, thereby contributing to opening up a new area of practical security applications.

No webpage yet.

Participating company: Philips Research

ProBiTe, Protection of Biometric Templates

dr. ir. R. (Raymond) Veldhuis, UT – Signals and Systems Group

ProBiTe concerns the integration of biometric identification in security systems. A considerable research effort has been spent on the individual topics of biometric identification and security, but their combination has lead to new research questions. In particular, ProBiTe focusses on the problems of combining biometric identification and template protection.

Storing biometric templates in a database introduces security and privacy risks, which increase if the database is part of a network. A solution is to apply template-protection techniques, which make it impossible to recover the biometric data from the templates. The project's goals are (a) to solve the problems of combining biometric identification and template protection and (b) to validate the solutions in a home-network demonstrator, to be developed at Philips Research. Fingerprint recognition will be used to identify the user and to control the access to content and devices. Template protection will be used to protect biometric data.

Webpage ProBite.

Participating company: Philips Research

DeWorm, Worm monitoring on Internet backbones

dr. ir. H.J. (Herbert) Bos, VU – Computersystemen

DeWorm is aimed at developing an automated response system that is capable of (1) detecting zero-day worms on the Internet, (2) generating signatures for the attacks, and (3) using these signatures to block malicious traffic. The goal is to make it fast enough to react to fast-spreading worms. We do this by means of two tiers. In tier I, traffic on fast links that is considered (somewhat) suspect is steered towards a deep scan node (Tier II) for detailed analysis. The deep scan node analyses the traffic and generates signatures if it finds the traffic malicious.

Webpage DeWorm.

Participating company: TNO ICT

PINPAS JC, Program INferred Power-Analysis in Software for Java Card

dr. E.P. (Erik) de Vink, TU/e – Computer science

The PINPAS JC project studies side-channel attacks on smartcards, in particular fault attacks for the JavaCard platform. Various fault-based and related attacks will be assessed on their impact for JavaCard, both at the source code as well as the byte code level. The formal method JML will be used to specify security requirements and to prove safety of reference applets. In order to facilitate experiments a software environment will be constructed. This tool can also be exploited for the validation of the impact rating and counter measures developed during the project.

Webpage PINPAS JC.

Participating companies: STMicroElectronics, TNO ITSEF