SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements added to Outcomes

SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements has been added to the Outcomes section and is available to download now.

The purpose of this document is to specify the case studies to be demonstrated in SAFEcrypto, and provide requirements that must be met by the technologies to be developed in Work Packages (WPs) 5-8. This specification of the case studies will also feed into WP3, in order to provide a basis for the vulnerability and risk analysis performed there.

This document specifies the three case studies used within SAFEcrypto:

  • Satellite Key Management – In this case study, satellites are considered as entities in a wider ‘network of space-based entities’, potentially involving other spacecraft, as well as on the ground multiple ground stations, Operational Control Centres (OCC) and end users. In terms of key management, each of these may need to establish keys with each other.
  • Commercial Off-The-Shelf (COTS) in Public Safety Communication – This case study aims towards the growing secure COTS communication marketplace. There is an increasing need for ‘critical communication’ markets (public safety, etc.) to require more secure communication but no longer have the economy of scale, nor budgets to build bespoke secure communication systems. Similarly, there are critical but insecure communication systems in operation (critical national infrastructure, power generation/grids, etc.) which will not encounter a technology refresh within a generation. In this case study we consider the possibility to ‘bolt on’ a security enabling component which can achieve this.
  • Privacy-Preserving Municipal Data Analytics – There are many areas in which analysis of large data sets owned by a governmental agency could provide significant opportunities for improvements in efficiency of operation, identification of fraud, government-citizen relationships, reduction of risk and other areas. The opportunity to derive insights from the large data sets owned by a government organization is greatly improved if the organization can invite academic and industry researchers to participate in collaborative analytics across the data set, both in shared projects and in sub-contracted projects. In this case study, we propose to use the SAFEcrypto cryptographic mechanisms, both to segment the data that it provides to the research participants and to protect information that may be subject to privacy concerns.

For each case study we provide a high level description, and assumptions about the scope and operating environment of the systems, or sub-systems, that we propose to consider in detail. A system architecture and corresponding security architecture are then provided. It is important to note that these architectures are not intended as detailed specifications of the systems, from which real development could take place. They are merely provided at the fairly low level of detail required to highlight the functionality used in each case study, and to generate the requirements for cryptographic algorithms and associated key management needed by WPs 3-8.

Based on the case study descriptions and architectures, requirements are then provided for the security solutions. These requirements cover functional requirements on the security solutions, non-functional requirements on the solutions (e.g. performance), and security assurance and certification requirements that may need to be kept in mind for the security solutions in the use-case context.

SAFEcrypto Work Package Leader takes on Presidency of PSCE

Dr David Lund, leader of SAFEcrypto Work Package 3 (Vulnerability and Risk Analysis), has recently taken on the Presidency of Public Safety Communication Europe (PSCE).  This follows two years as a member of the PSCE board.

In the coming year there will be a number of key turning points which influence the future of public safety communication.

There will be:

  1. decisions on spectrum availability at WRC’15,
  2. new standardised capabilities becoming available to enable critical features for broadband,
  3. and potential moves towards the first broadband deployments and considerations for European broadband interoperability.

Dr Lund therefore welcomes interested parties to join PSCE and contribute to its activities and help it to shape the future of public safety communications.

The PSCE board have spent time over the last year to carry out some improvements both to its organisational processes and the way it delivers its membership benefits. A new website will be published soon where it will start to collate a library of short white papers to easily share information for the benefit of its members. The organisation also intends to begin a series of online events to broaden the possibilities for members to join the discussion. Should people have any material to present either a 2 page white paper, and/or a 1 hour webinar, please contact the secretariat. This material should be informative relating to experiences of, problems solved for, and future capabilities required and addressed for the benefit of public safety professionals.

Please also help to spread the word and follow PSCE’s Twitter, Facebook and LinkedIn accounts.

Dr Lund invites you to save the date for PSCE’s next conference to be hosted by the University of Oxford, on 9-10 December 2015. Details of conference topics, speakers and sponsorship opportunities will follow soon.

SAFEcrypto publishes in ACM Transactions on Embedded Computing Systems

Collaborative research between SAFEcrypto partners QUB and RUB has led to the publication of a journal paper entitled Practical Lattice-Based Digital Signature Schemes in the ACM Transactions on Embedded Computing Systems (TECS) Special Issue on Embedded Platforms for Cryptography in the Coming Decade, Volume 14 Issue 3, April 2015.

The focus of the paper is on recent developments in lattice-based digital signatures and a comprehensive survey is presented with signature schemes evaluated with respect to practicality. Propositions for future research areas that are essential for the continued development of lattice based cryptography are discussed. http://dx.doi.org/10.1145/2724713

SAFEcrypto kick-off meeting

Queen’s University leading the way in pioneering, European cyber-security initiative

Queen’s University Belfast will be at the forefront of a major, new European push to combat increasingly sophisticated cyber-attacks.

The Queen’s-led SAFEcrypto project will draw together cryptographers and other IT experts from Germany, France, Switzerland, Britain and Ireland to devise urgent security solutions capable of withstanding attack from the next generation of hackers.

The project will focus on an acute threat from emerging technologies including ‘quantum computers’ – capable of processing information many times faster than the silicon-based computers we use today.

The project, which will run for four years at a cost of €3.8million, will concentrate on three main areas:

• Protecting information passed via satellites
• Protecting public-safety communications systems, eg those used by police, fire and ambulance services
• Safeguarding the privacy of data collected by municipal authorities

Project lead Professor Máire O’Neill from the Centre for Secure Information Technologies (CSIT) at Queen’s said:

“CSIT was among the first centres in the UK to be recognised as a centre of academic excellence in cyber-security research in 2012, and it is a natural progression for us to start working on a larger, pan-European stage. Horizon 2020 has given us the opportunity to form a project consortium which is a true partnership between industry and academia. This is yet another example of how Queen’s is making a difference and having a global impact on society.”

Professor O’Neill, who was awarded a UK Royal Academy of Engineering Silver Medal in 2014 and who is a former British Female Inventor of the Year (2007), added: “Organisations are steadily increasing the level of spending on encryption products to protect their intellectual property and to maintain the privacy of customer details and personal information. It is estimated that 25% of enterprises globally operate an internal public key encryption infrastructure (PKI). We believe these present day PKI systems will become vulnerable to attack by a new form of very powerful quantum computers in the near future.”

SAFEcrypto represents the first major project to be co-ordinated in Northern Ireland using funding from Horizon 2020, the biggest EU research and innovation programme ever developed. The NI Assembly has set a target of winning €145 million from the Horizon programme between now and 2020.

Queen’s University is one of the UK’s leading research-intensive universities, and has recently been placed in the Top Ten in the UK for research intensity in the Research Excellence Framework assessment. In this exercise, 93% of the research conducted by CSIT academics was adjudged to be ‘world-leading’ or ‘internationally excellent’.

For further information, contact the Communications Office on 028 9097 5320 (Mon-Wed) or 028 9097 5310 (Thurs-Fri) or email comms.officer@qub.ac.uk

Notes To Editors:

(1) Professor Máire O’Neill is available for interview. Bids to the Communications Office on 028 9097 5320 (Mon-Wed) or 028 9097 5310 (Thurs-Fri) or email comms.officer@qub.ac.uk

(2) The SAFEcrypto project will enable CSIT to collaborate with leading researchers in Ruhr-Universität Bochum (Germany), Università Della Svizzera Italiana (Switzerland), and INRIA (France) as well as partners in industry EMC (Ireland), Thales Research and Technology Ltd (UK) and HWCommunications Ltd (UK)

(3) Horizon 2020 is the biggest EU Research and Innovation programme ever with nearly €80 billion of funding available over 7 years (2014 to 2020) – in addition to any private investment that the money will attract. It aims to deliver breakthroughs, discoveries and world-firsts by taking great ideas from the laboratory to the market

Cyber Security & Privacy Innovation Forum 2015

Cybersecurity & Privacy (CSP) Innovation Forum 2015

Two members of the SAFEcrypto project team will attend the Cybersecurity & Privacy (CSP) Innovation Forum 2015 which takes place in Brussels, Belgium on 28-29 April. Philip Mills and Gavin McWilliams, both from Queen’s University Belfast’s Centre for Secure Information Technologies (CSIT), are attending to showcase the work of the SAFEcrypto project consortium.

Full details regarding this event are outlined in the official Press Release below:

EU-Funded Cybersecurity and Privacy investment shortening the gap from research to innovation

  • Digital single market would create hundreds of thousands of jobs across a vibrant, knowledge-based EU society.

OVER 40 top tech, EU funded, trust and security projects with focused research activities in hot topical areas such as mobile devices technologies and tools, cloud security, cryptography and trustworthy network and services infrastructures are being showcased live at a major EU Innovation forum this week, where over 500 cyber security and privacy experts, project leaders, industry, academics and visionaries are also pooling their knowledge to create a safer and more secure ICT environment.

Over the past 9 years almost €361 million in EU funding has been invested in security and privacy research innovation, bringing together large industry, SME’s , public bodies and academics at an EU level to significantly improve and address the current and future cybersecurity and privacy issues faced by the end-citizen in the modern society we live in.

Their intensive work, with specific focus on technology transfer and impact, is helping shorten the gap between research and innovation as they work towards a digital single market, the 500 plus delegates at the Cybersecurity & Privacy (CSP) Innovation Forum 2015 will hear.

The EU-wide Forum is organised by the European Commission, DG CNECT (Unit H4 Trust & Security), the Cybersecurity & Privacy (CSP) Forum and supporting projects (IPACSO, TREsPASS, PRIPARE, A4CLOUD, SECURED, ATTPS). Collectively, all involved are helping foster a digital single market which experts say has the potential to create up to €250 billion in additional growth and hundreds of thousands of jobs across a vibrant, knowledge-based EU society.

Among the significant and most successful, pioneering projects featured in a comprehensive booklet produced for all delegates by the EU funded CSA project SecCord, “Security and Trust Coordination and Enhanced Collaboration” are success stories which include:

  • ACDC – an advanced cyber defence centre funded to the tune of €7.7 million which acts as a dedicated online service for EU citizens and informs them of cyber threats and botnets
  • SECURED – it received €2.7million and provides improved protection to the end user, whether they’re using a laptop which has plenty software to cover against threats, or a car entertainment system or smart television which has far less. Telefonica is already exploring how to use it and HP is interested in offering it on its network devices.
  • The Tabula Rasa – it got €4 million and its face recognition, software countermeasure team is working with world leader in biometric solutions, Morpho (Safran) on the project.
  • ABC4Trust – an €8.8 million privacy-preserving communications network which was successfully trialled in a Swedish school and is expected to be rolled out across a variety of EU public services and organisations.

The SecCord project examined EU-financed projects in detail and found that many of the European research projects in ICT security and trust have “been particularly successful in shortening the gap from research to innovation, thus creating the stepping stone for a vibrant market in secure and trustworthy ICT in Europe.”

Over the two day Brussels event, delegates will speak directly to the 41 pioneering teams showcasing and to the European Commission project and policy officers in this domain. They will network and discuss hot topics such as cybersecurity and privacy issues and how they are being dealt with on a daily level, impacting end users and industry. They will also actively debate potential solutions, future roadmaps and challenges that need to be considered now in order to address such concerns.

Trust and security in the digital world are the very foundations of a Digital Single Market according to Jakub Boratynski, Head of Unit of Trust and Security, DG CONNECT, European Commission in his contribution to the SecCord publication.

“Millions of EU citizens rely on the Internet for ever more services, while at the same time the digital world is still vulnerable. Technical failures and malicious attacks occur at alarming intervals and failure to respond to these incidents will mean consumers losing confidence in the digital world, businesses losing money and even national security being at stake.

“European citizens have to know and trust that the systems underpinning the digital world are safe and secure so they, and also business, can fully reap the benefits of the digital economy. The European Strategy on Cybersecurity sets out ways to strengthen network and information security across the EU to make Europe more trusted and secure online,” he said.

Mr Boratynski commended those involved in the SecCord project for the difficult task the team undertook in analysing the projects and presenting their findings in a comprehensive brochure for delegates. “European scientists and companies are working hard to make the journey to a trustworthy digital world,” he remarked.

The Brussels Forum includes addresses from European Commission experts, among them Zoran Stančič, Deputy Director-General; Giovanni Buttarelli, European Data Protection Supervisor, Paul Timmers. Director of the Sustainable & Secure Society Directorate and Jakub Boratynski Head of Unit, Trust and Security.

The EU-funded FP7 Research & Development Framework Programme has financed a host of ground-breaking industry and problem-focused R&D projects addressing the security and privacy of ICT.

ETSI

SAFEcrypto and ETSI

In March 2015, the European Telecommunications Standards Institute (ETSI) created a new Industry Specification Group focussed on Quantum Safe Cryptography (QSC). The first meeting was held at ETSI Headquarters in Sophia Antipolis from 23rd to 26th March 2015, and was attended by Philip Mills (Queen’s University Belfast). The attendees drafted an initial Work Programme with work items ranging from purely scientific/mathematical through to impementation and real-world use cases. The scope of these aligned well with the SAFECRYPTO objectives, which were presented to the group as part of the discussion. The SAFECRYPTO team will follow the standardisation work at ETSI with interest and seek to participate where appropriate. More information can be found on the ETSI portal here. The next meeting of ETSI QSC will take place on 3rd and 4th September 2015 at ETSI headquarters in Sophia Antipolis, France.

NIST Logo

SAFEcrypto at NIST

Members of the SAFEcrypto team attended the NIST Workshop on Cybersecurity in a Post-Quantum World on the 2nd and 3rd April 2015. Máire O’Neill of Queen’s University Belfast and Principal Investigator of SAFEcrypto, presented a report on Practical Lattice-based Digital Signature Schemes on behalf of the team. Bob Griffen of RSA and Standards Liaison Manager and Work-package 8 Leader in SAFEcrypto, acted as moderator for a Panel discussion on Key Management for quantum-safe cryptography. Joining the Panel were William Whyte of Security Innovation, Gregoire Ribordy of ID Quantique, Sean Parkinson of RSA and Elizabeth O’Sullivan of Queen’s University Belfast and Work-package 6 Leader of SAFEcrypto.