Description: There is undoubtedly an increasing trend towards mobile communications and mobile applications. It is to be expected that mobile devices will become the main guardians and managers of our multiple electronic identities for a broad range of applications and services which include payments, e-health, e-government, etc.
The mobile companion will become the natural user interface in a ubiquitous computing environment, through which users will access services and perform their daily transactions. Most communication will be wireless and other parties can be malicious. The companion should protect the interests of all the stakeholders: (1) the user who wants to protect his privacy and prevent identity fraud or theft, but also wants to be able to use his rights to access preferably highly customized services; (2) the service provider that needs to verify the user's rights to access services, and should be able to get access to pro filing information in order to customize the offered services; moreover, in case of abuse, it needs appropriate evidence to be able to hold the abuser accountable; (3) the authorities that wish to punish unethical behavior such as money laundering, computer crime, etc.
The mobile companion should only require user intervention occasionally. Policies shift most of the burden of operational decision making from people to the technology. In this project, we will focus on privacy policies (which restrict the disclosure of personal information) context-dependent policies (which regulate the use of the mobile device in a particular context) and attestation policies (which control the use of biometrics in entity authentication).
Advanced cryptographic protocols are necessary to minimize the disclosure of the user's attributes (including personal identifiers, location and previous interactions) while limiting the trust in any other party as much as possible. On the other hand, these protocols need to be robust in case
of failures and should allow for audits and identification of abusers. This project will focus on efficient protocols for showing credentials, determining the distance of an entity to a specific node and for payments and refunds. Location privacy is also a research challenge.
The project will research how a TPM can be used to create a secure virtual environment on a mobile device and new primitives (device attestation) will be developed to assess the trustworthiness of the device. Also, user attestation protocols need to be designed that allow for binding a user to a device and for generating a proof that a certain device is registered to a user or to his delegate (which may require verification of biometric data).
One of the objectives of the MobCom project is the development of a reusable security and software architecture that enables the development of applications that require mobile user identities and pro files. It is based on and will extend a privacy framework developed in a previous project. Appropriate tools and a methodology will assist the application developer. A simulation environment will allow for rapid prototyping.
Personalization and customization are also very important aspects. Instead of the current practice, where a service provider (SP) maintains a profile for every user, the mobile companion will manage these pro files and provide limited access to the service providers. Such profiles are more useful since they span different service providers, while remaining under full control of the user. In this project, a general framework will be designed to accomplish this task.
This project provides the opportunity for an in-depth study of these issues and will integrate the research results into a reusable security and software architecture. Throughout the research, a continuous validation in a real-world setting will provide suitable feedback to ensure the usability of the architecture and hence, its valorization potential.
Key words: identity management, PET, anonymous credential, privacy, security, location-based, mobility, smartphone
Latest application date: 2011-12-31
Financing: available
Type of Position: scholarship
Source of Funding: IWT
Duration of the Project : 4 years
Link: http://www.msec.be/mobcom
Research group: Department of Computer Science
Remarks: The applicant must have some background knowledge in security and
privacy enhancing technologies (PET). At least credits for a few security related courses (master level) must have been obtained.
The applicant must have sufficient experience in developing Java programs.
Apply to Click here to apply to this project
No comments:
Post a Comment