research at MSEC
Vincent Naessens – Jorn Lapon – Jan Vossaert –
Koen Decroix – Faysal Boukayoua – Laurens Lemaire
Overview
• Research scope MSEC
• RL 1: Identity Management on Mobile platforms
• RL 2: Formal Security and Privacy Analysis
• Applied research projects
Security research at KU Leuven
• Department of Electrical Engineering
• Cryptographic algoritms and protocols
• Hardware support and embedded design
• Department of Computer Science
• Middleware for security
• Methodological support
• Technology driven
• Close collaboration with industry
Research scope MSEC
o
RL 1: Identity management using mobile platforms
Jorn Lapon – Anonymous Credential Systems: From Theory Towards Practice
• Jan Vossaert – Privacy friendly identity management
• Faysal Boukayoua – Improving security and privacy on mobile devices
•
o
RL 2: Formal security and privacy analysis
Koen Decroix – A Formal Approach for Inspecting Privacy and Trust in e-Services
• Laurens Lemaire – Analysis and management of security in industrial control systems
•
Identity management on mobile platforms
• Extending the scope of Belgian eID technology (J. Lapon)
Secure
Storage
1.
2.
3.
Identification
Authentication
Digital signature
Proxy
certificates
Identity management on mobile platforms
• Revocation strategies using anonymous credentials (J. Lapon)
• Strong authentication
• Selective disclosure
• Unlinkable transactions
• Complex revocation strategy as no
serials numbers are exposed
Identity management on mobile platforms
• Privacy preserving smartcard authentication (J. Vossaert)
• Weak security
• No personalisation
• No user control
• Single point of attack
• Static set of attributes
• Limited user control
1. Increased flexibility
2. User control
3. Online/offline services
Identity management on mobile platforms
• Privacy preserving smartcard authentication (J. Vossaert)
(6)collect
attributes
IDX
IDY
(3)verify
policy
(1) mutual auth.
Service request
Handler
(2)attribute_query
Cached
attributes
lastValTime
Cert_SP
(personalized
)
policies
IDZ
(4)Attr
query
(5) PIN
SPi
(7)release_attr’s
Identity management on mobile platforms
• Client-Side Biometric Verification based on Trusted Computing (J. Vossaert)
[2]
[4]
[3]
• Secure authentication
• Biometric attestation
• Selective disclosure
1. Fingerprint templates are not exposed
2. Solution based on trusted computing technology
[1]
Identity management on mobile platforms
• Improving secure data storage in Android (F. Boukayoua)
• KDF slows down brute force attacks
• Secure element  online attacks
• Closed system
• Open system
• Security based on passcode
• Offline attacks
Identity management on mobile platforms
• Improving secure data storage in Android (F. Boukayoua)
• No denial-of-service attacks
• Prevention of key stealing
• No dictionary attacks
• Decryption keys are protected
[2]
[1]
Context aware security decisions to constrain
data and credential availability
Formal Security and Privacy Analysis
• Inspecting Privacy and Trust in e-Services (K. Decroix)
•
•
•
•
Modeling complex interations in advanced electronic services
Reasing about profiles compiled by service providers
Evaluating the impact of authentication technologies on privacy
Studying impact on trust on user selection
Formal Security and Privacy Analysis
• Inspecting Privacy and Trust in e-Services (K. Decroix)
IDP: a knowledge base system providing multiple forms of inference
and a declarative programming environment for an extension of first order logic.
Formal Security and Privacy Analysis
• Analysing security in industrial control systems (L. Lemaire)
• Input
1. Modeling ICS and SCADA systems
2. Modeling advanced attacks
• Output/feedback
1. Analysing the impact of security vulnerabilities
2. Evaluating accountabilities
3. Proposing countermeasures
Applied research projects
• Agency for Innovation by Science and Technology
o
Strategic Basic Research
DiCoMas – Distributed Collaboration using MAS architectures
• MobCom – A Mobile Companion
•
• Middle/long term valorisation; user group: R&D departments
o
Technology Transfer Projects
eIDea – Developing advanced applications for the Belgian eID
• Wiscy – Developing secure wireless environments
• SecureApps – Developing secure Mobile applications
•
• Short/middle term valorisation; user group: SMEs
Applied research projects
Applied research projects
• AXSMate – A platform for distributing digital keys
Simplifying key management
Supporting accountability
Manageable revocation
Applied research projects
• Torekes – An alternative currency system
o
Increase social interaction in poor districts
o
Attract students by alternative payment method