3. IBBT focus areas
Every focus area needs information security!
eHealth: patient data protection
New Media: digital rights management & trusted
archiving
eGovernment: secure identification & identity
management
eID cards and embedded biometry
Mobility: trusted communication
In mobile terminals, in RFID devices
Other applications:
eVoting, eCommerce, eBusiness, …
3
4. Partners
Security requires a wide range of technologies:
K.U.Leuven – COSIC
Computer Security and Industrial cryptography
K.U.Leuven – Distrinet
Secure software
K.U.Leuven – ICRI
Legal aspects
U. Gent
Network security
V.U.B
Multimedia security
4
5. Expertise 1: fundamental research
Cryptographic algorithms and protocols
Technologies for privacy and anonymity
Chip cards and secure tokens
Secure software and hardware obfuscation & side-channel
attacks
Digital rights management, watermarking and perceptual
hashing
Trusted computing
Biometry
Document security
5
6. Example: Rijndael/AES
S S S S S S S S S S S S S S S S
round
Key Schedule
round S S S S S S S S S S S S S S S S
MixColumns MixColumns MixColumns MixColumns
round key length: 16/24/32 bytes
block length:
.
.
. Rijndael: 16/24/32 bytes
.
. AES: 16 bytes
round
6
7. Expertise 2:
Security for state of the art systems
Network security (fixed, ad-hoc and wireless)
Embedded systems
RFID and sensor nodes
Ambient intelligence and pervasive
Confidentialit
y
Identification
Integrity
SIM
SIM
7
8. Example: secure embedded systems
Confidentiality
Integrity Protocol: Wireless authentication protocol
Identification design
SIM
Cipher Design, Algorithm: Embedded fingerprint matching
Biometrics
algorithms, crypto algorithms
Java
JCA Architecture: Co-design, HW/SW, SOC
KVM
JVM
CPU
Crypto Micro-Architecture: co-processor design
MEM
Vcc
D
Q Circuit: Circuit techniques to combat side
CLK
channel analysis attacks
8
10. Expertise 3: Security for software platforms
Enterprise middleware & application servers
Web services
AAA (Authentication, Authorization, Access control)
services
Identity and credential management
Non repudiation services and accountability
Time stamping and trusted archiving
Such research has for instance been conducted in the T-
CASE project (see further).
10
11. Expertise 4: Secure development
Analysis of security requirements
Development process and certification
Secure software architecture
Software security
Software verification and assurance
Such research has for instance been conducted in the
IDEM project (https://projects.ibbt.be/idem)
11
12. Expertise 5:
Security management & deployment
Risk analysis
Policy language and policy enforcement
Architectures for monitoring and management
Run-time verification
Security infrastructures
12
13. Demonstration:
Belgian eID card & RFID Passport
Identity file Citizen’s main address file
Chip-specific: Street + number
Zip code
Chip number Municipality
Citizen-specific: Digital signature on main address issued by RRN
Name Citizen’s JPEG photo ~3 Kbyte
First 2 names
First letter of 3rd first name
RRN identification number King, Prince, Count, Earl, Baron,…
Baron,…
Nationality
No status, white cane (blind
Birth location and date people), yellow cane (partially
Gender sighted people), extended minority,
Noble condition any combination
Special status
SHA-1 hash of citizen photo
Card-specific:
Card number
Validity’s begin and end date
Card delivery municipality
Document type
Digital signature on identity file issued by
RRN
Belgian citizen or child, European community citizen, non-
European community citizen, bootstrap card,
habilitation/machtigings card 13
14. To illustrate the approach: 4 projects
4 projects demonstrated in the back of the room
ISBO – QOE: (security part of it): anonymous Voice over
IP
IPEA (security part of it): format compliant encryption of
video stream
TCASE – Technologies and Capabilities for Service
Enabling
EHIP – E-Health Information Platforms
14