research at MSEC

Vincent Naessens – Jorn Lapon – Jan Vossaert – Koen Decroix – Faysal Boukayoua – Laurens Lemaire

Overview

• Research scope MSEC

• RL 1: Identity Management on Mobile platforms

• RL 2: Formal Security and Privacy Analysis

• Applied research projects

Security research at KU Leuven

Research scope MSECo RL 1: Identity management using mobile platforms

• Jorn Lapon – Anonymous Credential Systems: From Theory Towards Practice• Jan Vossaert – Privacy friendly identity management• Faysal Boukayoua – Improving security and privacy on mobile devices

o RL 2: Formal security and privacy analysis• Koen Decroix – A Formal Approach for Inspecting Privacy and Trust in e-Services• Laurens Lemaire – Analysis and management of security in industrial control systems

Identity management on mobile platforms

• Extending the scope of Belgian eID technology (J. Lapon)

Proxycertificates

SecureStorage

1. Identification2. Authentication3. Digital signature

Identity management on mobile platforms

• Revocation strategies using anonymous credentials (J. Lapon)

• Strong authentication• Selective disclosure• Unlinkable transactions

• Complex revocation strategy as no serials numbers are exposed

Identity management on mobile platforms

• Privacy preserving smartcard authentication (J. Vossaert)

• Weak security• No personalisation

• No user control• Single point of attack

• Static set of attributes• Limited user control

1. Increased flexibility 2. User control3. Online/offline services

Identity management on mobile platforms

• Privacy preserving smartcard authentication (J. Vossaert)

SPi

IDX

IDY

IDZ

(personalized)policies

Cachedattributes

lastValTime

(1) mutual auth.

(2)attribute_queryCert_SP

(4)Attr query

(5) PIN

(7)release_attr’s

Service requestHandler

Service requestHandler

(6)collectattributes

(3)verifypolicy

Identity management on mobile platforms

• Client-Side Biometric Verification based on Trusted Computing (J. Vossaert)

[1]

[2]

[3]

[4]

• Secure authentication• Biometric attestation• Selective disclosure

1. Fingerprint templates are not exposed2. Solution based on trusted computing technology

Identity management on mobile platforms

• Improving secure data storage in Android (F. Boukayoua)

• KDF slows down brute force attacks• Secure element online attacks

• Closed system

• Open system

• Security based on passcode• Offline attacks

Identity management on mobile platforms

• Improving secure data storage in Android (F. Boukayoua)

[1]

[2]

• No denial-of-service attacks• Prevention of key stealing

• No dictionary attacks• Decryption keys are protected

Context aware security decisions to constraindata and credential availability

Formal Security and Privacy Analysis

• Inspecting Privacy and Trust in e-Services (K. Decroix)

• Modeling complex interations in advanced electronic services• Reasing about profiles compiled by service providers• Evaluating the impact of authentication technologies on privacy• Studying impact on trust on user selection

Formal Security and Privacy Analysis

• Inspecting Privacy and Trust in e-Services (K. Decroix)

IDP: a knowledge base system providing multiple forms of inference and a declarative programming environment for an extension of first order logic.

Formal Security and Privacy Analysis

• Analysing security in industrial control systems (L. Lemaire)

• Input1. Modeling ICS and SCADA systems2. Modeling advanced attacks

• Output/feedback1. Analysing the impact of security vulnerabilities2. Evaluating accountabilities3. Proposing countermeasures

Applied research projects

• Agency for Innovation by Science and Technologyo Strategic Basic Research

• DiCoMas – Distributed Collaboration using MAS architectures• MobCom – A Mobile Companion

• Middle/long term valorisation; user group: R&D departments

o Technology Transfer Projects• eIDea – Developing advanced applications for the Belgian eID• Wiscy – Developing secure wireless environments• SecureApps – Developing secure Mobile applications

• Short/middle term valorisation; user group: SMEs

Applied research projects

Applied research projects

• AXSMate – A platform for distributing digital keys

Simplifying key managementSupporting accountability

Manageable revocation

Applied research projects

• Torekes – An alternative currency systemo Increase social interaction in poor districts

o Attract students by alternative payment method