Framework for beating cyber-fiends
IT companies have pumped millions of euros into finding a robust digital security solution for an increasingly web-weary world. But high-level breaches are still common, viruses are ever lurking and e-commerce is still waiting for an all-purpose digital cure. One EU-funded project, called SEINIT is keen to meet these demands by creating a virtual security framework independent of both devices and the networks they use.
SEINIT, the Security Experts Initiative, offers the promise of seamless security regardless of hardware, software or access protocol. This means it could work with mobile phones, bluetooth, WiFi, ethernet or broadband connection. And the two-year Sixth Framework Programme (FP6) project found a solution for providing pervasive security without sacrificing privacy, according to a recent IST Results report.
|Guaranteeing eSecurity no matter what device or software.|
SEINIT created a framework for security that negotiates between users and the service they are trying to access. ”We set ourselves the almost paradoxical goal of reconciling security and freedom,” says Andre Cotton, coordinator of the SEINIT project and Head of the Advanced Information Technologies Laboratory at Thales Communication in France.
Setting up secure connections can be difficult for several reasons. Sometimes the device – for example, a PDA – cannot cope with the protocols required, or the user is not willing to divulge a vital piece of information to complete the secure connection. With SEINIT’s solution, users decide at the beginning what level of information they want to reveal to the service. The framework then negotiates with the service and applies the appropriate security component or protocol.
A security framework
Cotton offers the example of trying to access a bank account without disclosing the user’s name or identifier. “In this case, the framework alerts the user that the connection is not possible, and suggests alternatives,” he told IST Results. Control of privacy is left with the user while the framework applies the appropriate level of security.
Deploying a system like this means that security is by its very nature both hardware and software independent. It is governed by a framework instead of a particular piece of encryption or a programme. What's more, SEINIT designed the framework security protocols and technologies as components. This means when new security components or technologies emerge, they can be added to the framework.
The project team are finalising a demonstrator for the framework on Windows and the popular Unix system Linux and across Local Area Networks (LANs), internet, and wireless networks. “But the framework has a small footprint and, as of right now, it could be implemented in a mobile phone. We simply want to demonstrate the principle,” explains Cotton.
The next stage is to develop a user interface. A separate EU project, called DISCREET, which is due to start in January 2006, will carry out this work, according to IST Results. “If we had the capability for any platform – hard or soft – to be involved in a security agreement with any requirement and standard, it would truly unlock the potential and promise of the information age," concludes Cotton.
European Commission, IST Results
Research Contacts page