Post on 18-Dec-2014
description
Information SecurityIngrid VerbauwhedeDanny De Cock
2
Outline
Information security: we need it! Partners Competences within IBBT Illustrations
3
IBBT focus areas
Every focus area needs information security! eHealth: patient data protection New Media: digital rights management & trusted
archiving eGovernment: secure identification & identity
managementeID cards and embedded biometry
Mobility: trusted communicationIn mobile terminals, in RFID devices
Other applications: eVoting, eCommerce, eBusiness, …
4
Partners
Security requires a wide range of technologies: K.U.Leuven – COSIC
Computer Security and Industrial cryptography K.U.Leuven – Distrinet
Secure software K.U.Leuven – ICRI
Legal aspects U. Gent
Network security V.U.B
Multimedia security
5
Expertise 1: fundamental research
Cryptographic algorithms and protocols Technologies for privacy and anonymity Chip cards and secure tokens Secure software and hardware obfuscation & side-channel
attacks Digital rights management, watermarking and perceptual
hashing Trusted computing Biometry Document security
6
Key
Sch
edul
eround
.....
round
round
round
S S S S S S S S S S S S S S S S
S S S S S S S S S S S S S S S SMixColumns MixColumns MixColumns MixColumns
key length: 16/24/32 bytes block length:
Rijndael: 16/24/32 bytes AES: 16 bytes
Example: Rijndael/AES
7
Expertise 2:Security for state of the art systems
Network security (fixed, ad-hoc and wireless) Embedded systems RFID and sensor nodes Ambient intelligence and pervasive
SIMSIMSIMSIM
Confidentiality
IdentificationIntegrity
8
Example: secure embedded systems
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCAJava
JVM
CLK
DQ
Vcc
CPUMEM
JCAJava
KVM
CLK
Protocol: Wireless authentication protocol design
Algorithm: Embedded fingerprint matchingalgorithms, crypto algorithms
Architecture: Co-design, HW/SW, SOC
Circuit: Circuit techniques to combat sidechannel analysis attacks
Micro-Architecture: co-processor design
Identification
ConfidentialityIntegrity
SIM
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
9
Example: Side channel analysis: EMA
10
Expertise 3: Security for software platforms
Enterprise middleware & application servers Web services AAA (Authentication, Authorization, Access control)
services Identity and credential management Non repudiation services and accountability Time stamping and trusted archiving
Such research has for instance been conducted in the T-CASE project (see further).
11
Expertise 4: Secure development
Analysis of security requirements Development process and certification Secure software architecture Software security Software verification and assurance
Such research has for instance been conducted in theIDEM project (https://projects.ibbt.be/idem)
12
Expertise 5:Security management & deployment
Risk analysis Policy language and policy enforcement Architectures for monitoring and management Run-time verification Security infrastructures
13
Demonstration:Belgian eID card & RFID Passport
Identity file Chip-specific:
Chip number Citizen-specific:
Name First 2 names First letter of 3rd first name RRN identification number Nationality Birth location and date Gender Noble condition Special status SHA-1 hash of citizen photo
Card-specific: Card number Validity’s begin and end date Card delivery municipality Document type
Digital signature on identity file issued byRRN
Citizen’s main address file Street + number Zip code Municipality
Digital signature on main address issued by RRN Citizen’s JPEG photo ~3 Kbyte
Belgian citizen or child, European community citizen, non-Belgian citizen or child, European community citizen, non-European community citizen, bootstrap card,European community citizen, bootstrap card,habilitation/machtigings cardhabilitation/machtigings card
No status, white cane (blindNo status, white cane (blindpeople), yellow cane (partiallypeople), yellow cane (partiallysighted people), extended minority,sighted people), extended minority,any combinationany combination
King, Prince, Count, Earl, Baron,King, Prince, Count, Earl, Baron,……
14
To illustrate the approach: 4 projects
4 projects demonstrated in the back of the room
ISBO – QOE: (security part of it): anonymous Voice overIP
IPEA (security part of it): format compliant encryption ofvideo stream
TCASE – Technologies and Capabilities for ServiceEnabling
EHIP – E-Health Information Platforms
Thank you!