The expertise and know-how developed in the Algorithms & Security group has already resulted in the formation of significant and valuable synergies with academic institutions, corporate R&D labs, and industry. Some of the projects (national, European and Industrial) the group has been involved with are highlighted below. Through these projects, the group has promoted the scientific and technological image of AIT, especially in the fields of computer and network security, and has contributed to making AIT known through innovation, excellence and professionalism.
SafeCity: Future Internet Applied to Public Safety in Smart Cities
SafeCity is a project approved for the European Union’s 7th Framework Program with a duration of two years and a starting date April 2011.
Safecity deals with smart Public safety and security in cities. The main objective is to enhance the role of Future Internet in ensuring people feel safe in their surroundings at time that their surroundings are protected. Safecity is the result of the elaboration of a vertical Use Case Scenario based on Public Safety in European cities. The main goal of this project is to collect specific requirements driven by relevant users on the Future of Internet versus to the generic ones that will be collected through other objectives.
The methodology followed to achieve this goal includes:
- The definition of specific scenarios to support the Safecity functionality, considering the involvement of main cities in Europe such as Madrid, Helsinki, Athens, Bucharest, Stockholm, etc. An Experts Committee consisting of other relevant European cities’ Public Safety agencies will support this project.
- Collection of specific enablers, technical and functional requirements on the Future Internet in relation with Public Safety in cities.
- Elaboration of a conceptual Safecity prototype and early trials in order to study the feasibility of this initiative. The demonstration of the concept will be carried out in Madrid as the main city but other specific requirements will be demonstrated in a second city such as Stockholm.
- A strong liaison with other FI-PPP use cases and the FI Core Platform will be essential to the success of the project. For that, Safecity will support the FI-PPP Essential Interworking programme governance and activities that will ensure the integration of the Project activities.
For more information about SafeCity, check out this brochure.
Role of the group
AlgoSec will actively participate in T3.1 “Specific Requirements Definition” and T4.1 “Conceptual prototypes”. The focus will be on the research and development of certain advanced Internet technologies including sensor, end-to-end security for safeguarding public safety communications, identification of generic enablers and platform design, prototyping and implementation. AlgoSec will also contribute to SafeCity’s specific requirements and Framework characterization. Furthermore, AIT will research upon and develop video-based processing and analysis engine prototypes that will allow crime-related information detection and subsequently crime prevention and alerting.
INGENIERA DE SISTEMAS PARA LA DEFENSA DE ESPANA SA-ISDEFE (Spain, Co-ordinator), Athens Information Technology (Greece), ARATOS TECHNOLOGIES S.A. (Greece), TEKEVER – TECNOLOGIAS DE INFORMACAO, S.A. (Portugal), ATHENA GS3-SECURITY IMPLEMENTATIONS LTD. (Israel), HI IBERIA INGENIERIA Y PROYECTOS SL. (Spain), AYUNTAMIENTO DE MADRID (Spain), MIRA TELECOM SRL (Romania), TELECOM ITALIA S.p.A (Italy), VTT -TEKNOLOGIAN TUTKIMUSKESKUS (Finland), EVERIS SPAIN SL (Spain), FOI-TOTALFORSVARETS FORSKNINGSINSTITUT (Sweden), KEMEA-CENTER FOR SECURITY STUDIES (Greece), THALES SERVICES SAS (France), TECNALIA RESEARCH & INNOVATION (Spain)
LOTUS (Localisation of Threat Substances in Urban Society)
LOTUS is a project approved for the European Union’s Seventh Framework Security Research Program, with an expected starting date around the end of 2008.
The concept and objectives of the LOTUS project is to create a system by which illicit production of explosives and drugs can be detected during the production stage. During the production of explosives, drugs and chemical warfare agents, elevated amounts of precursors are normally present in the air which makes detection possible over a wide urban area. Detectors may be placed at fixed positions although most detectors should be mobile. When a suspicious substance is detected in elevated amounts, information about the type, location, amount and time is registered and sent to a data collection and evaluation centre for analysis.
The demonstration system will be based on mobile devices mounted in law enforcement and/or other vehicles under community control.By using existing global infrastructures for positioning (GPS) and networking (GSM, GPRS or 3G) the LOTUS system can be used more or less anywhere in the world at relatively small cost for supporting installations and extra personnel. Special attention will be given to secure communication.
Role of the group
Investigation and implementation of efficient algorithms and protocols for establishing secure communications between nodes and the information system data collection center or between the nodes themselves. Provision of system security against eavesdropping or feeding false information into the network; robustness against traffic analysis attacks. Design and evaluation of new cryptographic primitives suitable for nodes with constrained resources will be made.
The LOTUS early warning system
FOI, The Swedish Defence Research Agency is the coordinator of the LOTUS Project. Partners are Portendo, Saab and Secrab (Sweden), Bruker Daltonik (Germany), Ramem and the University of Barcelona (Spain), Bruhn NewTech (Denmark), Athens Information Technology (Greece) and TNO (The Netherlands).
GSRT-PENED National project: Algorithms for smart dust networks
The proposed research focuses in algorithmic and systemic questions of wireless sensor networks – and particularly in networks of “intelligent dust” (smart dust). These networks consist of a large number (in the order of thousands) of exceptionally small devices (in the dimension of a few cubic centimeters and in the very near future, millimeters) that incorporate sensing, computational and communication capabilities. The collaboration of these devices in order to form a spontaneous, ad-hoc network for information gathering and processing has numerous applications and raises important technological as well as algorithmic challenges.
The proposed research includes the design of abstract but realistic models for these types of networks and the design, analysis and implementation of efficient and stable protocols and software.
The focus is on the following aspects of computation on these types of networks:
- Scalability constraints
- New models of computation
- Tackling new computational problems that appear in the operation of such networks
- Design and implementation of new and efficient algorithms and protocols.
This project is in collaboration with the Research Academic Computer Technology Institute (RACTI) of the University of Patras, Greece.
INTRALOT is a leading provider of state-of-the-art integrated gaming systems to lottery organizations worldwide, delivering cutting edge game content, network integration, transaction processing and value added services.
As part of an ongoing collaboration with Intralot, the Algorithms and Security group has been involved in a number of projects related to secure gaming solutions. Short descriptions for these projects can be seen below:
Secure communications framework
This project is about designing and implementing a security framework that will allow clients (mobile phones, PCs, etc.) to engage in multiplayer games using Intralot’s platform. Using the platform, a client, equipped with software that permits it to play Intralot capable games, may request access to join a game by interacting with a dedicated game server. The goal of this project is to protect the interactions between clients and game servers for such issues as game code download and integrity/security of communications.
Specific objectives included:
- Investigation and design of secure code download processes and methods for achieving mobile code protection support.
- Security of client-server transactions.
- Analysis and robustness of proposed techniques.
- Prototype implementation.
The duration of the project was 1 year and was successfully delivered on July 2007.
This project is about providing software protection to Intralot’s deployed code. An important protection measure for mobile code is the ability to prevent undetected modifications of itself. Such changes include both intended malicious changes by code users and changes effected by some other malicious program (e.g. virus).
The modification detection mechanism should be in position to disable the execution of the code and, if possible, notify the code’s owner. Modification detection can be effected through the use of checksums, guards, or some form of assertion checking. To prevent such tampering, code should be added that
- Detects if the program has been altered, and
- Causes the program to fail or change its behavior when tampering is evident.
Simpleminded tamper proofing code like “if tampered() then exit” is unacceptable because it can be easily defeated by locating the point of failure and then reversing the test of the detection code. Various techniques will be evaluated (use of cryptographic hash functions, on the fly execution of a program, etc.) in order to produce a system that can be used in tamper-proofing.
Duration 1 year, Expected delivery: end of 2008
Fraud Detection and Response in Internet Gaming
Fraud refers to the intentional deception carried out by a person for the purpose of achieving some gain while causing injury to someone else. In this work, the topic to be studied is techniques to detect fraud against an Internet gaming operator or other player. Fraud detection in internet gaming seeks to reduce security risks by identifying potential perpetrators of fraud.
The result of this research proposal will be a system that is capable of detecting fraud in practice while maintaining false alarms to a comfortable operational level for the users of the system.
- Internet gaming fraud will defined in detail and known fraud scenarios in terms of threat modeling will be recorded and modeled. Part of the system functionality would be to detect “abnormal behavior” patterns that relate to fraud; one category of such patterns in player behavior could indicate a potential case of “identity compromise”.
- The system should be able to counter-measure against “identity spoofing” attacks and prior to that, develop techniques for recognizing such attacks.
- The system should support decision making processes in a workflow that will allow the user to see the evidence behind a suspected case of fraud and suggest counter-measures to react to a fraud attack depending on the attack scenario involved each time.
Duration 18 months, Expected delivery: end of 2009.