SENTINELS Security in ICT, networks and information systems

ions Commercial protocols are larger than the protocols typically appearing in the academic literature and it is an open question how developed verification methods scale up in practice. Hui and Lowe have developed simplifying transformations that have the property of preserving faults, which means that a protocol is secure if its simplified version is secure. These transformations can be used to simplify a commercial protocol to the point that standard analysis techniques can be applied. There has been a limited amount of work on the methodology to develop secure protocols. Abadi and Needham [] have proposed a list of prudent engineering principles for protocol design, which, if followed, prevent most attacks upon protocols. Type flaw attacks are attacks where a field of one type is misinterpreted as being of another type; Heather et al. have developed an implementation technique that prevents all type flaw attacks. . Research programs related to security There are a number of research programs which provide funding for areas that have some overlap with security. These are mentioned in the following sections. A short comparison with sentinels is included. Some of the following research programs are for certain specific scientific area’s. Progress is for embedded systems, Freeband for broadband infrastructures, GenCom for communication in the home environment, and Jacquard is for software engineering. Another difference is that sentinels addresses a number of topics that are not addressed at all by any of the other funding programs, such as verification of security protocols, cryptology, biometrics, smart cards, hardware tamper resistance, and secure systems engineering. .. European IST program The European IST program is currently starting the th framework program. Projects are in progress for building roadmaps to define the European research agenda for the coming - years. Work in security related areas includes smart cards, mobile privacy & security, biometrics, cryptography, and dependability. 2 Computer, network and information security  The sentinels community is heavily involved in European Security projects to ensure that the strength of Dutch research is recognized in the European context. It is leading in a number of areas, such as electronic voting, cryptography and smart card evaluation and verification, and active in FP and FP as detailed below. For brevity, only project partners from the sentinels community are mentioned below. For further information see their respective websites. EC Framework Program  FP RTD projects include: • CyberVote (www.eucybervote.org). Develops an innovative cyber voting system for Internet terminals and mobile phones. Coordinator: Berry Schoenmakers (TU/e), partner: Bart Preneel (Leuven). • NESSIE (www.cosic.esat.kuleuven.ac.be/nessie). New European Schemes for Signature, Integrity and Encryption. Coordinator: Bart Preneel (Leuven). • Verificard (www.verificard.org). Tool-assisted Specification and Verification of JavaCard programs. Coordinator: Bart Jacobs (KUN). • AREHCC (www.arehcc.com). Advanced Research on Elliptic and Hyperelliptic Curve Cryptography. Coordinator: Bart Preneel (Leuven). • PISA (www.tno.nl/instit/fel/pisa). Privacy Incorporated Software Agent. Coordinator: Jan Huizenga (TNO-FEL), partner: TUD. • CaberNet (www.research.ec.org/cabernet). Network of Excellence in Distributed and Dependable Computing Systems. Partners: Andy Tanenbaum (VU) and Pieter Hartel (UT). As part of FP and in the run up to FP, the EU has funded ten Roadmap projects related to security (see www.cordis.lu/ist/ka/rmapsecurity.html). Eight of those roadmap projects involve members of the sentinels community as follows: • AMSD (www.am-sd.org). Accompanying Measure on System Dependability. Technical board members: Pieter Hartel (UT) and Otto Vermeulen (PricewaterhouseCoopers). • RAPID (www.ra-pid.org). Roadmap for Advanced Research in Privacy and IDentity management. Coordinator: Otto Vermeulen (PricewaterhouseCoopers), partner: TNO-FEL. • ACIP (www.eu-acip.de). Analysis & Assessment for Critical Infrastructure Protection. Partners: Andrew Rathmell (RAND Europe, Netherlands) and Eric Luiijf (TNO-FEL). • PAMPAS (www.pampas.eu.org). Pioneering Advanced Mobile Privacy and Security. Partners: Henk Eertink (Telematica Instituut) and TNO-FEL. • RESET (www.erciom.org/reset). Roadmap for European Research on Smartcard Technologies. Founding members: Pieter Hartel (UT) and Bart Jacobs (KUN). • STORK (www.stork.eu.org). Strategic Roadmap for Crypto. Coordinator: Bart Preneel (Leuven). • DDSI (www.ddsi.org). Dependability Development Support Initiative. Leading Partner: Maarten Botterman (RAND Europe, Netherlands). • BVN (no web site yet). Roadmap to successful deployments of biometrics from the user and integrator perspective. Partner: Ben Schoute (CWI). 2 Computer, network and information security  EC Framework Program , Expressions of Interest One of the  main strategic objectives addressed in Call  of FP is “Towards a global dependability and security framework”. In preparation of FP, the sentinels community is partnering in a number of Expressions of Interests, both for Integrated Projects (IP) and Networks of Excellence (NoE). Out of the total  proposals submitted, a large number mention security as an important research topic. Here, only those that elevate words like cryptography, security and dependability in the title and which involve the sentinels community, are listed. Integrated Projects: • FormalCard. Formal methods for safe and secure smart card software. Participant: Pieter Hartel (UT). • MobilSafe. Mobile Communications used for improvement of the safety and security of emergency personnel and citizens during critical situations. Participants: Dimitri Konstantas, Pieter Hartel (UT). • SecureGrid. Industrial-Grade Security for Grids. Coordinator: Kors Bos (Nikhef). • ISDI. Information Society Dependability Initiative. Technical board member: Pieter Hartel (UT). Networks of Excellence: • ESORICS. European Symposium On Research In Computer Security. Member: Pieter Hartel (UT). • TRUST. Technology and Research for Ubiquitous Security and Trust. Participant: Sandro Etalle (UT). • CLUES. Scientific and Technical Support for Cybersecurity Policy. Partner: TNO-FEL and Leuven. The European Commission is currently evaluating the first round of FP proposals; the outcomes are not fully know yet, and all information is confidential at the time of writing (August ).