5th ETSI / IQC Quantum Safe Workshop

The 5th ETSI/IQC Workshop will take place in London (UK) on 13 – 15 September 2017.

Further details can be found here.

SAFEcrypto Project Review

We held a very successful project review last week (Wednesday 14 Sept) in Brussels for SAFEcrypto.  We were hosted in the Office of the NI Executive in Brussels (ONIEB) and we would like to thank ONIEB Director, Andrew Elliott and Senior EU Liaison Office Stephen Duffy for their support and hospitality during the review.  Andrew’s staff including Corrine Becquevort and Lucy Pollock where of invaluable help to us.

 

Deliverable D6.1 – Software Requirements Specification added to outcomes

One new deliverable has been added to the SAFEcrypto Outcomes page. This is:

SAFEcrypto: D6.1 – Software Requirements Specification

New SAFEcrypto deliverables have been added to Outcomes

Two new deliverables have been added to the SAFEcrypto Outcomes page. These are:

SAFEcrypto D3.1 Risk and Vulnerability Assessment of Lattice-based Cryptographic Architectures

SAFEcrypto D7.1 State-of-the-Art in Physical Side-Channel Attacks and Resistant Technologies

High-speed BLAKE2 Hash Function published as IETF RFC 7693

Internet Engineering Task Force (IETF), the main body behind standards for the Internet has on November 3 published RFC 7693 “The BLAKE2 Cryptographic Hash  and Message Authentication Code (MAC)”, edited by CSIT Research Fellow Dr.  Markku-Juhani O. Saarinen. RFC Text: https://tools.ietf.org/html/rfc7693

Publication of this SHA3 finalist as an RFC together with related ISO Object Identifiers enables its use in security protocols such as TLS and IPSec, in PKI  certificates, and other security applications. The algorithm comes in two variants, both of which have received extensive cryptanalysis. BLAKE2b  outperforms the MD5, MD6, SHA1, SHA2, and the SHA3 algorithm Keccak (by a factor of three), making it the fastest message integrity algorithm currently available. Thanks to its built-in MAC functionality we expect to see it used in high-performance applications such as VPN backbone links. The BLAKE2s variant is optimized for 8- to 32-bit platforms and has significantly smaller implementation footprint than any other secure cryptographic hash function. We expect to see it used in embedded, smart card, and Internet of Things (IoT) security applications. The design work of BLAKE was led by Jean-Philippe Aumasson, principal cryptographer at Kudelski Security, Switzerland. BLAKE2 is also described in the 2015 book “The Hash Function BLAKE”. For more information: http://blake2.net/

NSA announce plans to transition to Quantum-Safe algorithms

This month, the NSA announced plans that NIST’s Suite B cryptographic algorithms will be transitioning to quantum resistant algorithms in the not too distant future with the goal of providing cost-effective security against a potential quantum computer. They also advised vendors who have not yet transitioned to the Suite B elliptic curve algorithms to wait instead on the quantum-resistant algorithm suite. For the  full announcement, visit:

https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

 

SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements added to Outcomes

SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements has been added to the Outcomes section and is available to download now.

The purpose of this document is to specify the case studies to be demonstrated in SAFEcrypto, and provide requirements that must be met by the technologies to be developed in Work Packages (WPs) 5-8. This specification of the case studies will also feed into WP3, in order to provide a basis for the vulnerability and risk analysis performed there.

This document specifies the three case studies used within SAFEcrypto:

  • Satellite Key Management – In this case study, satellites are considered as entities in a wider ‘network of space-based entities’, potentially involving other spacecraft, as well as on the ground multiple ground stations, Operational Control Centres (OCC) and end users. In terms of key management, each of these may need to establish keys with each other.
  • Commercial Off-The-Shelf (COTS) in Public Safety Communication – This case study aims towards the growing secure COTS communication marketplace. There is an increasing need for ‘critical communication’ markets (public safety, etc.) to require more secure communication but no longer have the economy of scale, nor budgets to build bespoke secure communication systems. Similarly, there are critical but insecure communication systems in operation (critical national infrastructure, power generation/grids, etc.) which will not encounter a technology refresh within a generation. In this case study we consider the possibility to ‘bolt on’ a security enabling component which can achieve this.
  • Privacy-Preserving Municipal Data Analytics – There are many areas in which analysis of large data sets owned by a governmental agency could provide significant opportunities for improvements in efficiency of operation, identification of fraud, government-citizen relationships, reduction of risk and other areas. The opportunity to derive insights from the large data sets owned by a government organization is greatly improved if the organization can invite academic and industry researchers to participate in collaborative analytics across the data set, both in shared projects and in sub-contracted projects. In this case study, we propose to use the SAFEcrypto cryptographic mechanisms, both to segment the data that it provides to the research participants and to protect information that may be subject to privacy concerns.

For each case study we provide a high level description, and assumptions about the scope and operating environment of the systems, or sub-systems, that we propose to consider in detail. A system architecture and corresponding security architecture are then provided. It is important to note that these architectures are not intended as detailed specifications of the systems, from which real development could take place. They are merely provided at the fairly low level of detail required to highlight the functionality used in each case study, and to generate the requirements for cryptographic algorithms and associated key management needed by WPs 3-8.

Based on the case study descriptions and architectures, requirements are then provided for the security solutions. These requirements cover functional requirements on the security solutions, non-functional requirements on the solutions (e.g. performance), and security assurance and certification requirements that may need to be kept in mind for the security solutions in the use-case context.

SAFEcrypto Work Package Leader takes on Presidency of PSCE

Dr David Lund, leader of SAFEcrypto Work Package 3 (Vulnerability and Risk Analysis), has recently taken on the Presidency of Public Safety Communication Europe (PSCE).  This follows two years as a member of the PSCE board.

In the coming year there will be a number of key turning points which influence the future of public safety communication.

There will be:

  1. decisions on spectrum availability at WRC’15,
  2. new standardised capabilities becoming available to enable critical features for broadband,
  3. and potential moves towards the first broadband deployments and considerations for European broadband interoperability.

Dr Lund therefore welcomes interested parties to join PSCE and contribute to its activities and help it to shape the future of public safety communications.

The PSCE board have spent time over the last year to carry out some improvements both to its organisational processes and the way it delivers its membership benefits. A new website will be published soon where it will start to collate a library of short white papers to easily share information for the benefit of its members. The organisation also intends to begin a series of online events to broaden the possibilities for members to join the discussion. Should people have any material to present either a 2 page white paper, and/or a 1 hour webinar, please contact the secretariat. This material should be informative relating to experiences of, problems solved for, and future capabilities required and addressed for the benefit of public safety professionals.

Please also help to spread the word and follow PSCE’s Twitter, Facebook and LinkedIn accounts.

Dr Lund invites you to save the date for PSCE’s next conference to be hosted by the University of Oxford, on 9-10 December 2015. Details of conference topics, speakers and sponsorship opportunities will follow soon.

SAFEcrypto publishes in ACM Transactions on Embedded Computing Systems

Collaborative research between SAFEcrypto partners QUB and RUB has led to the publication of a journal paper entitled Practical Lattice-Based Digital Signature Schemes in the ACM Transactions on Embedded Computing Systems (TECS) Special Issue on Embedded Platforms for Cryptography in the Coming Decade, Volume 14 Issue 3, April 2015.

The focus of the paper is on recent developments in lattice-based digital signatures and a comprehensive survey is presented with signature schemes evaluated with respect to practicality. Propositions for future research areas that are essential for the continued development of lattice based cryptography are discussed. http://dx.doi.org/10.1145/2724713

SAFEcrypto kick-off meeting

Queen’s University leading the way in pioneering, European cyber-security initiative

Queen’s University Belfast will be at the forefront of a major, new European push to combat increasingly sophisticated cyber-attacks.

The Queen’s-led SAFEcrypto project will draw together cryptographers and other IT experts from Germany, France, Switzerland, Britain and Ireland to devise urgent security solutions capable of withstanding attack from the next generation of hackers.

The project will focus on an acute threat from emerging technologies including ‘quantum computers’ – capable of processing information many times faster than the silicon-based computers we use today.

The project, which will run for four years at a cost of €3.8million, will concentrate on three main areas:

• Protecting information passed via satellites
• Protecting public-safety communications systems, eg those used by police, fire and ambulance services
• Safeguarding the privacy of data collected by municipal authorities

Project lead Professor Máire O’Neill from the Centre for Secure Information Technologies (CSIT) at Queen’s said:

“CSIT was among the first centres in the UK to be recognised as a centre of academic excellence in cyber-security research in 2012, and it is a natural progression for us to start working on a larger, pan-European stage. Horizon 2020 has given us the opportunity to form a project consortium which is a true partnership between industry and academia. This is yet another example of how Queen’s is making a difference and having a global impact on society.”

Professor O’Neill, who was awarded a UK Royal Academy of Engineering Silver Medal in 2014 and who is a former British Female Inventor of the Year (2007), added: “Organisations are steadily increasing the level of spending on encryption products to protect their intellectual property and to maintain the privacy of customer details and personal information. It is estimated that 25% of enterprises globally operate an internal public key encryption infrastructure (PKI). We believe these present day PKI systems will become vulnerable to attack by a new form of very powerful quantum computers in the near future.”

SAFEcrypto represents the first major project to be co-ordinated in Northern Ireland using funding from Horizon 2020, the biggest EU research and innovation programme ever developed. The NI Assembly has set a target of winning €145 million from the Horizon programme between now and 2020.

Queen’s University is one of the UK’s leading research-intensive universities, and has recently been placed in the Top Ten in the UK for research intensity in the Research Excellence Framework assessment. In this exercise, 93% of the research conducted by CSIT academics was adjudged to be ‘world-leading’ or ‘internationally excellent’.

For further information, contact the Communications Office on 028 9097 5320 (Mon-Wed) or 028 9097 5310 (Thurs-Fri) or email comms.officer@qub.ac.uk

Notes To Editors:

(1) Professor Máire O’Neill is available for interview. Bids to the Communications Office on 028 9097 5320 (Mon-Wed) or 028 9097 5310 (Thurs-Fri) or email comms.officer@qub.ac.uk

(2) The SAFEcrypto project will enable CSIT to collaborate with leading researchers in Ruhr-Universität Bochum (Germany), Università Della Svizzera Italiana (Switzerland), and INRIA (France) as well as partners in industry EMC (Ireland), Thales Research and Technology Ltd (UK) and HWCommunications Ltd (UK)

(3) Horizon 2020 is the biggest EU Research and Innovation programme ever with nearly €80 billion of funding available over 7 years (2014 to 2020) – in addition to any private investment that the money will attract. It aims to deliver breakthroughs, discoveries and world-firsts by taking great ideas from the laboratory to the market