research at MSEC
Vincent Naessens – Jorn Lapon – Jan Vossaert – Koen Decroix – Faysal Boukayoua – Laurens Lemaire
Overview
• Research scope MSEC
• RL 1: Identity Management on Mobile platforms
• RL 2: Formal Security and Privacy Analysis
• Applied research projects
Security research at KU Leuven
Research scope MSECo RL 1: Identity management using mobile platforms
• Jorn Lapon – Anonymous Credential Systems: From Theory Towards Practice• Jan Vossaert – Privacy friendly identity management• Faysal Boukayoua – Improving security and privacy on mobile devices
o RL 2: Formal security and privacy analysis• Koen Decroix – A Formal Approach for Inspecting Privacy and Trust in e-Services• Laurens Lemaire – Analysis and management of security in industrial control systems
Identity management on mobile platforms
• Extending the scope of Belgian eID technology (J. Lapon)
Proxycertificates
SecureStorage
1. Identification2. Authentication3. Digital signature
Identity management on mobile platforms
• Revocation strategies using anonymous credentials (J. Lapon)
• Strong authentication• Selective disclosure• Unlinkable transactions
• Complex revocation strategy as no serials numbers are exposed
Identity management on mobile platforms
• Privacy preserving smartcard authentication (J. Vossaert)
• Weak security• No personalisation
• No user control• Single point of attack
• Static set of attributes• Limited user control
1. Increased flexibility 2. User control3. Online/offline services
Identity management on mobile platforms
• Privacy preserving smartcard authentication (J. Vossaert)
SPi
IDX
IDY
IDZ
(personalized)policies
Cachedattributes
lastValTime
(1) mutual auth.
(2)attribute_queryCert_SP
(4)Attr query
(5) PIN
(7)release_attr’s
Service requestHandler
Service requestHandler
(6)collectattributes
(3)verifypolicy
Identity management on mobile platforms
• Client-Side Biometric Verification based on Trusted Computing (J. Vossaert)
[1]
[2]
[3]
[4]
• Secure authentication• Biometric attestation• Selective disclosure
1. Fingerprint templates are not exposed2. Solution based on trusted computing technology
Identity management on mobile platforms
• Improving secure data storage in Android (F. Boukayoua)
• KDF slows down brute force attacks• Secure element online attacks
• Closed system
• Open system
• Security based on passcode• Offline attacks
Identity management on mobile platforms
• Improving secure data storage in Android (F. Boukayoua)
[1]
[2]
• No denial-of-service attacks• Prevention of key stealing
• No dictionary attacks• Decryption keys are protected
Context aware security decisions to constraindata and credential availability
Formal Security and Privacy Analysis
• Inspecting Privacy and Trust in e-Services (K. Decroix)
• Modeling complex interations in advanced electronic services• Reasing about profiles compiled by service providers• Evaluating the impact of authentication technologies on privacy• Studying impact on trust on user selection
Formal Security and Privacy Analysis
• Inspecting Privacy and Trust in e-Services (K. Decroix)
IDP: a knowledge base system providing multiple forms of inference and a declarative programming environment for an extension of first order logic.
Formal Security and Privacy Analysis
• Analysing security in industrial control systems (L. Lemaire)
• Input1. Modeling ICS and SCADA systems2. Modeling advanced attacks
• Output/feedback1. Analysing the impact of security vulnerabilities2. Evaluating accountabilities3. Proposing countermeasures
Applied research projects
• Agency for Innovation by Science and Technologyo Strategic Basic Research
• DiCoMas – Distributed Collaboration using MAS architectures• MobCom – A Mobile Companion
• Middle/long term valorisation; user group: R&D departments
o Technology Transfer Projects• eIDea – Developing advanced applications for the Belgian eID• Wiscy – Developing secure wireless environments• SecureApps – Developing secure Mobile applications
• Short/middle term valorisation; user group: SMEs
Applied research projects
Applied research projects
• AXSMate – A platform for distributing digital keys
Simplifying key managementSupporting accountability
Manageable revocation
Applied research projects
• Torekes – An alternative currency systemo Increase social interaction in poor districts
o Attract students by alternative payment method