Welcome to the third edition of the Ecrypt newsletter. After a long interruption we are back with lots of news from the ECRYPT network.
For those readers who are not familiar with the ECRYPT network: ECRYPT stands for European Network of Excellence for Cryptology and it is a network of excellence funded within the Information Societies Technology (IST) Programme of the European Commission's Sixth Framework Programme (FP6) ECRYPT was launched on February 1st, 2004 and runs for 4.5 years. Its objective is to intensify the collaboration of European researchers in information security and more in particular in cryptology and digital watermarking.
Who is this newsletter for? This newsletter is meant for all partners involved in ECRYPT. But the focused audience is much broader than partners only. A whole research community focusing on cryptography and watermarking will find interesting information in it. This newsletter is particularly of interest to those with intentions of attending ECRYPT workshops and schools.
What can you find in the ECRYPT newsletter? You will be kept up to date on all latest developments within ECRYPT. Interesting documents will be presented as well as short reports on past visits within the network. Upcoming events will be clearly announced. If you missed out of some past events you will be able to read the event report. Eventually, some space will also be devoted to a more elaborate introduction of one of the 32 ECRYPT partners in the section partner highlight.
ECRYPT consists of 32 leading players in the field of cryptography and watermarking. Katholieke Universiteit Leuven takes up the role of project coordinator.
ECRYPT is drawing towards the end. It is too early to look back however; we still have some interesting events planned for the last coming months.
We are happy to announce the 3 day event ‘ECRYPT: perspectives and challenges for Academia and Industry’ which can be considered as the final ECRYPT event. The goals of the event are twofold: To give an overview of the main achievements during 4 years of ECRYPT at one hand and synchronizing industrial and academic interest fields at the other. The event includes 2 parts;
The premier part is called 4 YEARS of ECRYPT (27-28 May 2008) and summarizes the main results over the full duration of the ECRYPT project. Each ECRYPT virtual lab will highlight 2 main achievements or results in their research domain.
INDUSTRIAL PERSPECTIVES ON CRYPTOGRAPHY (28-29 May 2008) covers the second part of the event, bringing academia and industry closer together. Industry speakers will present problems and good practices related to cryptography in different industry segments. Following areas will be covered: Trusted computing, Cellular and fixed networks, Internet security and privacy, RFID networks, Consumer electronics, Content protection, Car industry, Financial industry and Government sector.We hope we may welcome you in Antwerp for this special occasion!
ECRYPT stimulates short visits to, from, and within ECRYPT to promote integration. The main purpose of these exchanges is not educational: both the visitor and the host have a considerable knowledge in the technical field discussed during the visit. You can read the reports of the most recent visits below.Are you an ECRYPT partner and want to host a visitor? Apply for funding here.
IBM hosts Anna Lysyanskaya (Brown University)
Visit duration: 12-20 July 2007Jan Camenisch and Anna Lysyanskaya have already defined several attractive anonymous credential schemes. Some of the work was done with the help of EU-funded projects PRIME and ECRYPT. Based on this, the magazine Technology Review has selected Anna Lysyanskaya as Young Innovator Under 35. The goal of this visit was to work on delegatable anonymous credentials; these are a natural generalization of the prior work. They were able to find a solution to this problem. A publication is in preparation.
http://www.technologyreview.com/TR35/Profile.aspx?Cand=T&TRID=618
KULeuven hosts Gary McGuire (School of Mathematical Sciences, UCD)
Visit Duration: 19-22 September 2007The goal of the visit was Gary McGuire to attend the Coding and Cryptography Contact forum in the Flemish Academy of Science and Art and to give a seminar in COSIC on the following topic: Some Recent Results on Fourier Transforms of Boolean Functions.
Abstract of the talk: We will discuss recent calculations of the Fourier (and Walsh-Hadamard) spectrum of APN functions. We will also talk about a recent analysis of the Fourier spectrum of some monomial bent functions using Stickelberger's theorem. Finally, we will discuss connections between bent functions and almost bent functions via restriction.
The talk was very interesting and was followed by discussions with researchers from COSIC. Garry McGuire also attended the Contact Forum, which took place in Brussels on 20th of September. At the forum he had many discussions and made contacts with scientists from different universities, who are working on Boolean functions. As a consequence of these discussions new research ideas arose and several researchers (including one from Ecrypt partner university) visited the group of Gary McGuire in the School of Mathematical Sciences, UCD. We plan to keep working together and look for new ideas for joint research in the field of Boolean functions with good cryptographic properties.
ENS hosts Xavier Boyen (Computer Science, Stanford)
Visit duration: 7-12 October 2007Xavier Boyen visited the crypto team at ENS to work with Michel Abdalla and David Pointcheval on two different research directions. In the first one, they continued to investigate the use of hierarchical identity-based encryption and searchable encryption schemes as a tool to construct a new type of group signature scheme in which signatures of revoked users can be traced more efficiently. In the second one, they explored the use of passwords (i.e., low-entropy keys) to construct new types of primitives, such as password-based distributed decryption schemes. In addition to the collaborative work, Xavier also gave a talk on how to provide stronger defenses against offline dictionary attacks using halting password puzzles as part of the ENS cryptography seminar.
RHUL hosts Laura Hitt (University College Dublin/Shannon Institute, Ireland)
Visit duration: 15-19 October 2007The goals of the visit were to discuss open problems in pairings on hyperelliptic curves and cryptographic applications. And also to explore possibilies for future collaboration between Hitt and Galbraith. Laura gave a seminar ‘Hyperelliptic curves in cryptography’ which presented constructions of Frobenius polynomials of pairing-friendly abelian varieties. An open problem is to construct curves whose Jacobians are in such isogeny classes and we discussed this problem and a related problem which arose in the work of Galbraith-McKee-Valenca at Royal Holloway. A reciprocal visit of Galbraith to Dublin is planned for April 2008.
France Telecom R+D hosts Willi Meier (FHNW, Switzerland)
Visit duration: 11– 15 September 2006The final stages of the eSTREAM project provided an ideal backdrop for researchers at FTRD to host a visit by Willi Meier and to look at some of the remaining eSTREAM candidates. It also provided an excellent opportunity to discuss more general developments in stream cipher design and analysis. Of much interest was some of the developing work on stream cipher initialization which is one of the most surprising, and potentially far-reaching, results to have come out of eSTREAM. Rather fortuitously, work and discussions that were begun at FTRD dove-tailed nicely into other discussions during the Leuven stream cipher retreat some weeks later. While no specific publishable results were immediately generated by the visit, the opportunity to create stronger research links for future cooperation was a valuable one. The visit showed to all those involved just how closely aligned our research interests are. Additional visits between researchers is likely to continue and new research opportunities on a wide range of cryptographic topics are likely to develop.
Edizone hosts Dan Bernstein (University of Illinois, Chicago)
Visit duration: 7-9 November 2007From November 7-9 in 2007 there was a research meeting about integer factorization hosted by EDIZONE in Bonn. Participants were Tanja Lange (Technische Universiteit Eindhoven),Dan Bernstein (University of Illinois at Chicago), Thorsten Kleinjung (University of Bonn),Christine Priplata (EDIZONE) and Colin Stahlke (EDIZONE). Dan Bernstein was hosted as a visitor funded by ECRYPT. All relevant parts of the general number field sieve (GNFS) have been touched, starting with several new ideas about the polynomial search and functions measuring the sieving quality of polynomial pairs. It was pointed out in which way Kleinjung's record holding polynomial search finds a local optimum and where might be space for possible improvements. The inner sieving loop of the world record lattice siever was analyzed and possible improvements were tested, but nothing could beat the 2 cycles on an Athlon per sieving contribution. Finally there were discussions about new implementation approaches for the GNFS in present and future general purpose hardware. Some of the ideas will be presented during the workshop "Factoring Large Numbers" which will be held on April 22 at the IEM in Essen.
RUB hosts Saar Driemer (Cambridge University UK)
Visit duration: November 07-February 08Saar Driemer is a doctoral student in the group of Markus Kuhn at the University of Cambridge. He visited Ruhr University of Bochum for a three month period, from November 2007 until February 2008. Prior to coming to Cambridge, Saar had worked for several years at Xilinx, one of the leading FGPA companies. Saar visited Bochum in order to do joint work in the area of cryptographic algorithms on reconfigurable hardware. His main collaborators in Bochum were Tim Güneysu and Christof Paar. Our original plan had been to focus on IP protection on FPGAs. As so often in research, right in the beginning of his visit a new idea came up. We tried to use the DSP cores available on modern FPGAs for the implementation of AES. This is a counterintuitive approach as AES does not require DSP-like arithmetic. However, it turned out that some elements of the DSP cores are extremely useful for AES engines. The final research turned out to be extremely productive. Saar was able to design several AES engines with very little logic requirements and throughputs of several 10Gbit/sec. A paper just got submitted to FCCM 2008, one of the top conferences for reconfigurable hardware. We are all extremely happy with the visit. We plan to continue the collaboration and to address the issue of PUFs and IP protection in the future.
RHUL Frederic Stumpf (TU Darmstadt)
Visit duration: 20-22 November 2007The visitor worked with Shane Balfe (RHUL) on security aspects of Trusted Computing and e-commerce security, with a focus on cryptographic, attestation and virtualization issues. As a result of the work initiated during this visit, they wrote a joint paper, now accepted for publication:
Frederic Stumpf, Claudia Eckert and Shane Balfe; Towards Secure E-Commerce Based on Virtualization and Attestation Techniques. Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 2008), Barcelona, Spain, March 4 - 7, 2008, (to appear).
The visitor also gave a research seminar to the department on the topic of "Trust, Security and Privacy in VANETs - A Multilayered Security Architecture for Car2Car Communication" We are already looking in detail at the TPM specifications in an attempt to either find weaknesses in the command structures or to validate their correctness.
UNISA hosts Lior Malka (Department of Computer Science, University of Victoria CANADA)
Visit duration: 1-15 December 2007Commitment-schemes are a very common tool, and they are used in many cryptographic systems, especially in zero-knowledge protocols. Recently, a new type of these schemes, called instance-dependent commitment-schemes emerged in the study of zero-knowledge protocols. The difference between these schemes and the traditional definition is that the hiding and the binding properties depend on an instance of a problem, and may not hold simultaneously. One of the goals of our joint work with Lior was to investigate whether it is possible to add other useful properties to non-interactive instance-dependent commitment-scheme. Such properties, like trapdoorness and extractability, would enhance the applicability of these schemes. Since the cooperation was very productive, we are continuing this joint work, and we are looking forward to next visits in both institutions.
RHUL hosts Jonathan Katz (Computer Science department, University of
Maryland, USA)
Visit duration: 14-17 December 2007The goal of the visit was to share information about recent research in theoretical cryptography and to explore avenues for future collaboration. A very productive round-table discussion was held, comprising Katz, Kenny Paterson, Steven Galbraith, James Birkett and Sriram Srinivasan. Topics discussed include:
1. Relations between notions of plaintext awareness;
2. Identity-based cryptography in trapdoor discrete logarithm groups;
3. Identity-based cryptography in the multi-TA setting.
The benefits of the visit are twofold. First, since Katz is a central figure in US research in cryptography, the opportunity to highlight recent research at RHUL will raise awareness in the USA of European excellence. Second, the constructive suggestions made by Katz during our discussions should lead to enhanced research on these and related topics. Future plans: We are now exploring techniques for enabling inter-operation between TAs in identity-based systems and the security modeling of these functions. We plan to maintain contact about new research projects and potential collaboration.
RHUL hosts Colin Boyd (Queensland University of Technology)
Visit duration: January 6-11, 2008The goal of the visit was to discuss key exchange protocols and related topics, as part of an on-going collaboration between the visitor and Kenny Paterson. We looked in detail at one round, two party key exchange protocols having proofs of security in the standard model. We studied the existing security models for this problem, focussing on their ability to model extended security properties such as resilience to Key Compromise Impersonation attacks. We studied in detail the first paper on this topic (Jeong, Katz, Lee, ACNS 2004), and found a number of errors and inconsistencies in the proof of security. The on-line version of this paper has now been updated in response to our feedback. We also studied in detail a recent paper of Okamoto (Asiacrypt 2007), which uses Cramer-Shoup style techniques to establish the security of ID-based protocols.The visitor also gave a seminar to the department, entitled "Towards Non-Parallelizable Client Puzzles". This seminar provoked useful bi-lateral discussions about whether or not non-parallelisability is a requirement for client puzzles. We plan to update our paper on one round key exchange protocols (http://eprint.iacr.org/2008/007) in the light of the research carried out during the visit. We plan to examine the use of modular proof techniques in key exchange protocols.
UCL hosts Jacques Patarin (UVSQ, France)
Visit duration: January 2008In Louvain la Neuve, Jacques Patarin has worked on two subjects: The first is "multi-rectangles attacks": these attacks are originally designed on unbalanced Feistel schemes with expanding functions (cf Asiacrypt'2007).Classification of different variants of these attacks and analyze some of these variants.The second subject covers "the design of a simulator of random permutations from a Feistel schemes with 6 rounds, with possible access to the 6 internal round functions".This is related to a famous open problem with random oracles. There were also interesting discussions with the UCL group and two seminars about recent research.Future plans involve further research multi-rectangles attacks. On "the design of a simulator of random permutations from a Feistel schemes with 6 rounds, with possible access to the 6 internal round functions" a paper is being produced.
ECRYPT organises yearly numerous schools and workshops. These schools and workshops bring many researchers together in Europe and therefore are an excellent means for integration and dissemination. You can read the reports of the most recent workshops and schools below.
RFIDSec-07
11th-13 July 2007 in Málaga (Spain)
Organizer: University of Malaga on behalf of Vampire
URL: http://www.rfidsec07.etsit.uma.es/confhome.htm
RFID security issues are a challenge for researchers due to the implementation constraints imposed by its low complexity. Conference on RFID Security was the third of the successful “Workshop on RFID Sec” held in Graz (Austria) in the previous two years, organized by the IAIK and ECRYPT. The Conference aimed to provide a bridge between academia and industry working on this fast-growing research area to share their experiences and state-of-the-art works.
The Programme Committee consisted of:
Vincent Rijmen (Chair) , TU Graz, Austria
Gildas Avoine, MIT, USA
Kevin Fu, UMass Amherst, USA
Christof Paar, RUB, Germany
Bart Preneel, KULeuven, Belgium
Arturo Ribagorda, Carlos III, Spain
François X.Standaert, UCL, Belgium
Johannes Wolkerstorfer, TU Graz, Austria
The members of University of Málaga who worked to organize the Conference were:
Alberto Peinado (Chair)
Jorge Munilla
Ana M. Barbancho
Isabel Barbancho
Andrés Ortiz
As highlights of the program the four invited talks can be mentioned. They were given by:
Melanie R. Rieback, Vrije Universiteit Amsterdam, Netherlands.
Adi Shamir, Weizman Institute of Science, Israel.
Martin Feldhofer, IAIK, Austria.
Florian Michahelles, AutoIDLabs St.Gallen, Switzerland.
The number of participants was 68. The 30% of them worked for industry. Although most of participants were European, a 15% came from other continents, especially from United States, Korea and Japan. All of them enjoyed with a interesting combination of interesting talks, beneficial discussions and jolly social events.
Tools for Cryptanalysis Workshop 2007
24-25 September 2007, Krakow, Poland
Organizer: IMPAN on behalf of STVL
URL: http://www.impan.gov.pl/BC/Program/conferences/07Crypt.html
Tools for Cryptanalysis 2007 was an ECRYPT workshop held in the beautiful town of Krakow in the south of Poland on September 24-25 2005. It was organized by the Institute of Mathematics of the Polish Academy of Sciences and the Stefan Banach International Mathematical Center. The workshop was chaired by Aleksander Wittlin, and Jacques Patarin chaired the international program committee.The program committee accepted 13 contributed papers to be presented and invited six speakers: Eli Biham, Nicolas Courtois, Henri Gilbert, David Naccache, Bart Preneel and Jean-Jacques Quisquater. The workshop was devoted to cryptanalysis research,new cryptanalysis tools and ideas. One presentation was different,and loved by everybody: the invited presentation of Bart Preneel, on a real cryptanalysis that he has done of messages sent in the former Belgian Congo at the critical time of the independence. Thus, past and present, theory and practice, and many useful discussions were presented at the workshop. "Tools for Crtptanalysis" attracted 51 participants (including 5 women) from 17 countries.
2nd ECRYPT Summer School on Multimedia Security
24-27 September 2007, University of Thessaloniki, Greece
Organizer: Aristotle University of Thessaloniki on behalf of WAVILA
URL: http://poseidon.csd.auth.gr/GR/ecrypt_summer_school_2007/index.htmTopic of the Summer Course was Multimedia Security (watermarking, data hiding, encryption, DRM systems, perceptual hashing). Program committee consisted of Ioannis Pitas, Nikos Nikolaidis and Vassilios Solachidis. Aristotle University of Thessaloniki hosted in Thessaloniki, Greece, the 2nd ECRYPT Summer School on Multimedia Security on September 24-27, 2007. The School was intended for Ph.D students, M.Sc students and researchers whose interests lie in the general area of multimedia security and was organized within the scope of ECRYPT Watermarking and Perceptual Hashing Virtual Lab (WAVILA) The School included twelve in-depth tutorial and state-of-the-art presentations from eleven leading scientists from European and US universities, research institutes and companies. The topics that were covered included watermarking, data hiding & steganography, encryption, DRM systems and perceptual hashing.
The school was attended by 35 participants (students, researches, academic staff) from Europe (Italy, France, Germany, UK, Belgium, Greece) as well as from Asia (Singapore, Korea and Malaysia). Three participants received scholarships that covered flight tickets, accommodation and summer school fees. All participants received the speakers’ presentations. The summer school was a success as justified by the big number of participants, the positive feedback received from the participants, the useful discussions that took place and the very interesting, state-of-the-art topics that were presented.
2nd European Trusted Infrastructure Summer School (ETISS) 2007
29th September to 5th October, Bochum, Germany
Organizer: RUB on behalf of PROVILAB and VAMPIRE
URL: http://etiss.orgBuilding on the success of the first European Summer School on Trusted Infrastructure Technologies, hosted 2006 in Oxford, UK, ETISS 2007 was organized by the Chair of System Security at Ruhr-University Bochum, in close cooperation with ECRYPT. The steering committee was formed by Ahmad-Reza Sadeghi, Ruhr-University Bochum (chair), Boris Balacheff, HP Labs, Bristol, Andrew Martin,University of Oxford, Kenny Paterson,Royal Holloway University of London, and Bart Preneel, Katholieke Universiteit Leuven.
ETISS 2007 hosted around 100 students and leading researchers from European academia, industry, and governments to provide tuition and held a research dialog on questions of IT security for next generation Information Infrastructure Technologies. Extensive financial sponsorship was provided for a selected number of students from European Universities whose applications were submitted by a research department.The 6-day long program comprised a variety of lectures considering a wide range of related subjects, research workshops on recent results in Trusted Infrastructure Technologies, and practical assignments for the students.
In every newsletter one of the 32 ECRYPT partners will be put in the spotlight. In this newsletter we focus on IMPAN, Institute of Mathematics of the Polish Academy of Sciences in Poland.
Who is involved in ECRYPT at IMPAN?There are six people involved in ECRYPT at present; Kazimierz Alster, Robert Drylo, Zbigniew Jelonek and Aleksander Wittlin from IMPAN and Jerzy Gawinecki and Michal Misztal from WAT and IMPAN. Michal Misztal just finishes his PhD, Robert Drylo is a postdoc, and the others are faculty members.
In which virtual labs is IMPAN most active?
Activities of IMPAN group are mostly related to STVL. Some earlier activities during year 1 and 2 of the project IMPAN also involved participation in AZTEC.
What did IMPAN accomplish within ECRYPT?
The main accomplishment is building of a professional cryptology group at IMPAN with strong international ties in Europe and elsewhere. More generally, it is the development of the research crypto community in Warsaw, centered around the IMPAN ECRYPT group. That includes both, research which already to some extent produced published results, and education. The education brings more students and PhD students into cryptology research, and increases cryptology related and data security awareness at the industry and in the public sector.
Scientifically, the accomplishments by Zbigniew Jelonek and Robert Drylo could be mentioned; their results on new algorithms for solutions of large polynomial systems in finite fields could lead to a class of faster algebraic attacks.
Michal Misztal's research on new techniques of differential analysis of block ciphers is also of great interest. That last contribution is also Michal Misztal's PhD thesis which will be defended at WAT in May this year.
An important share of our ECRYPT activities was the organization of two successful conferences in Krakow. The first one devoted to hash functions took place in the ideal moment of publication of new and important attacks on hash functions; therefore it brought many leading world researchers and participants from all over the world. If you want to read more on the Hash Functions Workshop, please click here http://www.impan.gov.pl/BC/05Hash.html. The second conference was devoted to recent and active research on algebraic attacks and again it attracted over 50 participants from 17 countries worldwide including many leading that field researchers.
If you want to read more on the Tools for Cryptanalysis Workshop, please click here http://www.impan.gov.pl/BC/Program/conferences/07Crypt.html
What did IMPAN gain from being part of the ECRYPT network?
There is widely shared opinion at IMPAN, that participation at ECRYPT mobilized several "pure mathematicians" to widen their horizon into more applied research, also to attack fundamental problems stemming from practical needs of cryptanalysis. It also brought several young bright scientists into cryptology research. Moreover, IMPAN gained, as mentioned before, important European ties and collaborations in that briskly expanding area of research. We also gained more visibility and recognition within Polish industry and in the public sector institutions which users develop cryptology-related products, services and infrastructure. ECRYPT gave us also very important and interesting insight into challenging and productive collaborations between research academic institutions and leading European industrial companies within the framework of complex multi-threaded project. Such collaborations are still very rare in Poland and, therefore, ECRYPT experience has been quite unique and fruitful.
What are your plans for the future?
Considering research, we shall focus on these areas where we have excellent expertise and results. In particular we shall continue work on new techniques and tools for cryptanalysis. We also plan, following successful experience of our partners at ECRYPT, in particular of Bochum, Leuven and Louvain La Neuve to establish a small applied research cryptanalytic laboratory, in collaboration with WAT and perhaps together with industrial partners. As our continuous and important priority we consider getting more PhD students and postdoc level researchers into IMPAN crypto group. That also includes active search for additional funds for that, also from the industry. Last but not least, we definitely look forward to future collaboration within Europe, with our present partners.
Secure Component and System identification - SECSI Place: Berlin, Germany
Date: 17-18 March 2008 url: http://www.secsi-workshop.org/ Joint Summer School on advanced Topics in Cryptography Place: Crete, Greece Date: 12-16 May 2008 url: http://summerschool08.iaik.tugraz.at/ ECRYPT: Challenges and Perspectives for Academia and Industry Place: Antwerp, Belgium Date: May 27-29 2008 url: Link will soon be announced Summer School on Rational Cryptography Place: Bertinoro, Italy Date: 1-6 June 2008
url: Link will soon be announced
Urgent Call for Contributions to
ISSE 2008
INFORMATION SECURITY SOLUTIONS EUROPE CONFERENCE
7 – 9 OCTOBER 2008, MADRID, SPAIN
Deadline 31st of March 2008
New FP7 projects that are crypto-related
Secure SCM
Supply Chain Management is about optimizing the supply and delivery costs in an organization. It is known that if all organizations share their supply and/or delivery information with the entire supply chain, then optimizing over the entire supply chain will reduce the overall cost of the supply chain even further. However, this information is usually kept confidential within one company. The risks of sharing this information are believed to outweigh the gain of global optimization. SecureSCM is about how to use cryptography--and techniques from secure multiparty computation in particular--to enable global optimization over the entire supply chain, such that under reasonable assumptions no participant or attacker is able to learn (other) participants' private information. The project aims at both theoretical contributions and the development of a software package to be used in practice.CACE
The goal of this project is to design, develop and deploy a toolbox that will support the specific domain of cryptographic software engineering. Ordinarily, development of cryptographic software is a huge challenge: security and trust is mission critical and modern applications processing sensitive data typically require the deployment of sophisticated cryptographic techniques. The proposed toolbox will allow non-experts to develop high-level cryptographic applications and business models by means of cryptography-aware high-level programming languages and compilers. The description of such applications in this way will allow automatic analysis and transformation of cryptographic software to detect security critical implementation failures, e.g., software and hardware based side-channel attacks, when realizing low level cryptographic primitives and protocols.
Ultimately, the end result will be better quality, more robust cryptographic software at much lower cost; this provides both a clear economic benefit to the European industry in the short term, and positions it better in dealing with any future roadblocks to ICT development in the longer term.
Partners; TECHNIKON Forschungs- und Planungsgesellschaft, Ruhr Universität Bochum, University of Bristol, TU Eindhoven, University of Minho, Bern University of Applied Sciences, Aarhus University, University of Haifa, Sirrix AG security technologies, , Helsinki University of Technology Nokia, Alexandra Institute.
CACE is an FP 7 project funded by the European Union. CACE will start beginning of 2008 and run for 3 years. More information can be found on http://www.cace-project.eu/PRIMELIFE
Individuals in the Information Society want to protect their autonomy and retain control over personal information, irrespective of their activities. Information technologies hardly consider those requirements, thereby putting the privacy of the citizen at risk. Today, the increasingly collaborative character of the Internet enables anyone to compose service and contribute and distribute information. Individuals will contribute throughout their life leaving a life-long trail of personal data.
This raises substantial new privacy challenges: A first technical challenge is how to protect privacy in emerging Internet applications such as collaborative scenarios and virtual communities. A second challenge is how to maintain life-long privacy.
PrimeLife will resolve the core privacy and trust issues pertaining to these challenges. Its long-term vision is to counter the trend to life-long personal data trails without compromising on functionality. We will build upon and expand the sound foundation of the FP6 project PRIME that has shown how privacy technologies can enable citizens to execute their legal rights to control personal information in on-line transactions.
Resolving these issues requires substantial progress in many underlying technologies. PrimeLife will substantially advance the state of the art in the areas of human computer interfaces, configurable policy languages, web service federations, infrastructures and privacy-enhancing cryptography.
PrimeLife will ensure that the community at large adopts privacy technologies. To this effect PrimeLife will work with the relevant Open Source communities and standardisation bodies, and partner projects. It will further organise workshops with interested parties such as partner projects to transfer technologies and concepts. This will also validate the project’s results on a large scale. European industry will be strengthened by providing building blocks for trustworthy treatment of customers’ data.
Partners: IBM (Coordinator), ULD, TUD, KAU, UNIMI, GUF, TILT, ERCIM/W3C, K.U. Leuven, UNIBG, GD, CURE, EMIC, SAP, UBR
TURBINE
TURBINE proposes a multi-disciplinary privacy enhancing authentication technology. Based on innovative developments in cryptography and fingerprint biometrics, it aims to resolve the current privacy concerns regarding the use of fingerprint biometrics for ID management. To achieve this it will develop and evaluate the foundation and application of revocable protected biometric templates and pseudo-identity bit-strings using fingerprint data. It will provide:Its primary objective is to develop and then demonstrate that the technology and its performance in practice is sufficiently mature for deployment as a solution to large scale eID requirements. Expert groups will advise the consortium on i) data protection, privacy issues and ii) requirements of key application sectors for eID management solutions. Furthermore, a comprehensive verification test, demonstrator environment will evaluate how single fingerprint data of an individual may be used to generate several secure unique pseudo-identity bit-strings with different levels of trust. It will include revocation and issuance of an equivalent re-generated biometric identity based on the same specific fingerprint data without weakening the overall security.
- cryptographic techniques applied to fingerprint biometrics to obtain a non-invertible and protected pseudo-identity bit-string for enrolment and subsequent verification
- multiple re-generation of independent unique bit-strings based on the same fingerprint
- revocable and multiple pseudo-identity management scheme based on these unique bit-strings
- highly reliable biometric fingerprint 1:1 secure verifications using these unique bit-strings
- multi-vendor interoperability of these unique bit-strings
- detailed verification performance analysis, evaluated against very large public and private fingerprint databases
- comprehensive risk analysis and system security
- contribution to developing international standards for biometric template protection.
Partners; Sagem Securité, Precise Biometrics AB, Philips Research Europe, KULeuven (COSIC, ICRI), Gjovik University College, Cryptolog, Sagem ORGA, Arttic, 3D-GAA. S.A.
http://www.turbine-project.org/