Embed Size (px)
Citation preview
1
COST Action IC1403: CRYPTACUSCOST Action IC1403: CRYPTACUSCRYPTAnalysis of Ubiquitous Computing Systems
MC Chair: Gildas Avoine, INSA Rennes, FranceMC Vice-Chair: Julio Hernandez-Castro, Univ. of Kent, UK
Grant Holder: INSA Rennes, FranceCOST Science Officer: Ralph Stübner
COST Administrative Officer: Matthias Kahlenborn
Improve the security and privacy of ubiquitous computing systems, from theory to practice.
Cryptography, Security, Privacy, Low-cost devices
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
2
Context
Implantable medical devices, ePassports, Access control, Car ignition keys, Payment,
Smart meters, GPS,…
Computing systems no longer consist only of connected servers, but involve a wide range of
pervasive and embedded devices, leading to the concept of "ubiquitous computing systems".
Battery-less devices.Low memory and processing capabilities.
Hardware and embedded software (long life-cycles).Personal data collected.
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
3
Most of ubiquitous computing systems are very weak
Examples of broken systems.
Mifare Classic. Keeloq car ignition system. Mifare DESfire. Transportation passes (Boston, London,…) Building access control. Implantable medical devices (insulin pump,…).
Examples of frauds: remotely-controlled garage door, payment fraud, stolen cars, ePassport cloning,…
Gap between theory and practice.
Context
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
4
Improve the analysis methodologies and tools for assessing the security and privacy of ubiquitous computing systems.
Ultimately providing guidelines for secure future designs.
Innovative because: Focus on cryptanalysis. Consider real-world applications. Consider privacy as well.
Impact for stakeholders and societal impact.
Objective and Impact
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
5
Partners18 partners participated in the proposal
12 involved countries
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
6
COST 35 COST Countries, 1 Cooperating Country
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
7
COST35 COST Countries, 1 Cooperating Country
Including 19 Inclusiveness Countries
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
8
Cryptacus23 COST Countries, 1 Cooperating Country
Including 10 Inclusiveness Countries
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
9
23 countries signed the MoU
Early Stage Researchers (phd ≤ 8y) 20 among 51
Gender Balance 7 among 51
Inclusiveness Countries 10 among 24
Industrial Partners 0
International Partners 0
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
MC Statistics
10
Stakeholders include chip manufacturers (e.g. NXP) and integrators (e.g. Oridao)
Partners are strongly connected to stakeholders.
Stakeholders will be able to join the project once accepted.
Stakeholders
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
“The research performed in this proposal concerning security in ubiquitous computing systems is an essential area for research and development at NXP.
Academic research activities in this field usually focus on pieces of the problem and resulting solutions are hardly applicable to commercial solutions.
The CRYPTACUS project addresses the question with a holistic and innovative bottom-up approach where the practical considerations settle in the core of the activities.
CRYPTACUS may have an important impact for our future developments, and NXP is consequently glad to fully support this European initiative.” [NXP]
“We strongly support CRYPTACUS initiative for 2 reasons:- IoT security aspects are today clearly underestimated (…)- The proposed consortium gathers worldwide recognized experts with a proven track record of combining theoretical approach with pragmatic real life scenarios.” [ORIDAO]
11
MC + 4 WG Meetings.
Scientific Committee.
Policy Enforcement Committee.
Organization
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
12
Working Groups
Security assessment of real-world
systems
Hardware and software security
engineering
Cryptanalysis of building blocks
Cryptographic models
Investigate how existing security and privacy models might be extended toconsider real-world settings e.g. physical noise, authentication server.
Objectives
1. Confront crypto & privacy communities’ views.
2. Confront models with practical scenarios.
Milestones
A security and privacy model for ubiquitous computing systems that could eventually lead to a security and privacy certification.
Outcomes
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
13
Working Groups
Security assessment of real-world
systems
Hardware and software security
engineering
Cryptanalysis of building blocks
Cryptographic models
Bridge the knowledge between the fields of cryptography and security and ubiquitous computing.
Objectives
1. Apply stream cipher theory to ultra-lightweight designs.
2. Develop a formalization of distance bounding protocols.
Milestones
New attacks, recommendations and assessment processes for the design of protocols and primitives.
Outcomes
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
14
Working Groups
Security assessment of real-world
systems
Hardware and software security
engineering
Cryptanalysis of building blocks
Cryptographic models
Develop new (in labs) attacks (and guidelines for countermeasures): side-channel attacks, reverse-engineering, location privacy,…
Objectives
1. Apply side-channel attacks to ubiquitous computing devices.
2. Develop suitable reverse-engineering techniques.
Milestones
Methodologies in hardware and software engineering and three software tools for side-channel attacks and reverse-engineering.
Outcomes
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
15
Working Groups
Security assessment of
real-world systems
Hardware and software security
engineering
Cryptanalysis of building blocks
Cryptographic models Attack and analyze real-world
systems.
Objectives
1. Evaluation of the current (in)security in the real world.
2. Define a generic attack procedure.
Milestones
(1) Provide companies with helpful recommendations, (2) challenge WGs with experimental results and (3) raise the awareness of citizens.
Outcomes
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
16
IC1306 is a COST Action related to cryptography for secure digital interaction, namely internet of computers (SSL, public-key crypto,...) and its future (secure cloud computing,…)
Example of considered primitives: e-voting, secure multiparty computations, formal verification methods, etc. based on asymmetric crypto such as lattice-based crypto or multi-linear mapping.
Other Related COST Action: 1306
Both Actions relate to crypto but there the overlap is small.
Cryptacus focuses on ubiquitous computing (embedded, lightweight) with a cryptanalysis approach.
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
17
IC1204 is a COST Action related to the manufacturing flows of secure hardware, as well as fault and active disturbances on actual hardware (ASIC, FPGA).
WG1: Manufacturing test of secure devices
WG2: Trustworthy manufacturing of secure devices
WG3: Fault attack detection and protection
WG4: Reconfigurable devices for secure functions
WG5: Validation, Evaluation, and Fault Injection
Other Related COST Action: 1204
Both Actions relate to crypto but there the overlap is small.
Cryptacus focuses on real-world ubiquitous computing (lightweight) with a cryptanalysis approach.
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
18
A book (Springer) on the security and privacy in ubiquitous systems authored the Action Participants.
Non technical articles aimed at large-audience in international and national magazines, edition of a special issue in IEEE Comm. or Comm. Of the ACM.
Three software tools (side-channel attacks and reverse-engineering).
Expertise passed on to young researchers and non-academic stakeholders through training schools.
Joint publications + Proceedings + Progress & Final reports + Website + Short Term Scientific Missions.
Dissemination
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
19
Memorandum of Understanding (MoU).
COST Vademecum.
E-COST online application.
Cryptacus website (not set up yet).
Documents and Tools
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
20
INSA (Institut National des Sciences Appliquées) is an engineering School (about 1’600 students).
INSA is affiliated to the computer science laboratory IRISA (joined lab with INRIA and CNRS) .
INSA assigned a part-time secretary (30%) to Crytpacus: Isabelle Mesguen.
Grant Holder
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
21
Organigram
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
22
The missions of the Scientific Committee are the evaluation of proposals for Short Term Scientific Missions (STSM) and proposals for the organization of events (Meetings, Workshops, and Training Schools). Missions of the Scientific Committee also include the monitoring of the achieved objectives.
The Scientific Committee consists of a Chair and four Working-Group Leaders.
Scientific Committee
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
23
The missions of the Policy Enforcement Committee are to monitor that the Action complies with the COST policies in terms of gender balance, inclusiveness, early stage researchers involvement, international cooperation, and industry participation, and suggest activities to enforce these policies.
The Policy Enforcement Committee consists of a Chair and a few members belonging to the Action (not necessarily belonging to the MC).
Policy Enforcement Committee
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
24
Working Groups consist of Researchers affiliated to a Participating COST Country and explicitly registered as WG Members. Working Groups are led by a Leader and a Vice-Leader.
MC Members can register to any WG without formal approval of the Leader, and each MC Member should be registered to at least one WG.
Other researchers must require the approval of the WG Leader to become a member of that WG.
Working Groups
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
25
MC+WG+TS Meeting in Spring 2015.
Croatia, Šibenik
May 31st – June 5th
MC+WG June (date to be announced later)
MC+WG Meeting in Fall 2015.
Date and location to be defined later.
Short Term Scientific Missions.
Work Plan
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous summerschool-croatia15.cs.ru.nl
26
First Grant Period is likely to start on Mach 1st, 2015.
Budget is 129’000 €.
Grant Agreement
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
27
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
A. COST Networking Tools EUR
(1) Meetings 70,040
(2) Training Schools 13,140
(3) STSMs 25,000
(4) Dissemination 3,500
(5) Other Expenses (Bank Fees) 400
B. Total Science Expenditure 112,080
C. FSAC (15%) 16,812
D. Total Expenditure (B+C) 128,892
Budget Plan
28
Do you approve the organigram, namely the structure (chair, vice-chair, scientific committee, policy enforcement committee, working group
leaders and vice-leaders, website manager) and the people already assigned ?
Decision 1: Organigram
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
29
Decision 2: Working Plan
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Do you approve the first-year working plan, i.e.:
MC+WG+TS Meeting in Spring 2015
MC+WG Meeting in Fall or winter 2015
At least 10 Short Term Scientific Missions.
30
Decision 3: Budget Plan
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Do you approve the first-year budget plan?
31
Decision 4: Next Meeting
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Do you approve the following date and location for next MC+WG+TS Meeting, namely:
Croatia, Šibenik, 2015
During of right after the Training School: May 31st – June 5th.
32
Decision 5: Invitation/Reimbursement
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Invitations to attend meetings will be sent at least 30 calendar days in advance to Management Committee Members.
MC Members and Substitutes who do not confirm their attendance at least 15 calendar days in advance will not be reimbursed.
The Chair can decide to use the saved money to reimbursed other participants.
In such a case, the scientific committee will be requested to provide the Chair with a ranked list of candidates to be reimbursed.
The MC delegates its authority to the MC Chair to apply this rule.
33
Decision 6: Working Group Members
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Each MC Member must belong to at least one WG
MC Members do not need the approval of WG Leaders to become members of any WG.
Working Group Leaders must keep up-to-date lists of official WG Members.
Apart from MC Members, becoming a WG Member requires the prior approval of the WG Leader.
Approval criteria are let to the discretion of each WG Leader.
34
Decision 7: WG Vice-Leaders
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Working Group Vice-Leaders who are not MC Members are reimbursed to attend WG Meetings.
35
Decision 8: STSM Selection
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
The Scientific Committee is in charge of selecting candidates for Short Term Scientific Missions.
The MC delegates its authority to the MC Chair to approve the selection suggested by the Scientific Committee. In case of conflict of interest, the authority is delegated to the MC Vice-Chair.
36
The first Grant Period will start on March 1st, 2015.
Assigned to: COST Office and Grant Holder.
Action: Grant Agreement
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
37
Suggest WG Vice-Leaders to MC by March 1st, 2015.
Assigned to: WG Leaders.
Action: WG Vice-Leaders
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
38
Suggest members for the Policy Enforcement Committee by March 1st.
Evaluate the compliance of Cryptacus with the COST policies and suggest ideas to enforce the rules if needed, by next MC Meeting.
Assigned to: Policy Enforcement Committee Chair.
Action: Policy Enforcement Committee
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
39
Practical details about MC+WG+TS Meeting in Croatia are announced (activities and program) by March 31st, 2015.
Invitations will be sent soon after March 1st.
Assigned to: Core Group
Action: MC+WG+TS Meeting
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
40
Procedures and criteria to apply to STSMs will be defined by March 1st, 2015.
Assigned to: Scientific Committee Chair.
Action: Procedure for STSMs
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
41
Call for STSMs announced by March 1st, 2015.
Assigned to: MC Chair
Action: Call for STSMs
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
42
The website (www.cryptacus.eu) will be set up by March 1st, 2015.
Current mailing lists (@irisa.fr) will be moved to cryptacus.eu by March 31st, 2015.
The website will be fully operational by May 31st, 2015.
Assigned to: Website Manager, Core Group.
In the meanwhile, documents will be uploaded to: URL: www.avoine.net/cryptacus/mc/ Login: mc Pwd: mc=allofus*
Action: Website
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
43
A logo should be designed by March, 31st, 2015.
Assigned to: Core Group (MC will be consulted).
Action: Logo
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
44
An e-vote will be organized before March 1st:
Approve WG Vice-Leaders.
Approve members of the Policy Enforcement Committee.
Approve the procedures and criterias for STSMs
…
Action: Next Vote
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
45
Floor is open for questions.
Miscellaneous
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
46
ArtiSauce
Proposer
Context
Objective
Partners
Stakeholders
Organization
Working Groups
Other Actions
Dissemination
Implementation
Decisions
Actions
Miscellaneous
Chaussée de Waterloo 421 - 1050 BRUXELLES ( IXELLES ) - ( 400m place du Chatelain) Téléphone:0483.65.65.16Site
web: www.artisauce.com
