Security gets framed

November 28, 2005

SEINIT, the Security Experts Initiative, offers the promise of seamless security regardless of hardware, software or access protocol, whether it's mobile phones, bluetooth, WiFi, ethernet or broadband connection. And they achieved this pervasive security without sacrificing privacy.

"We set ourselves and the almost paradoxical goal of reconciling security and freedom," says Mr Andre Cotton, coordinator of the IST-funded SEINIT project and Head of the Advanced Information Technologies Laboratory at Thales Communication in France.

The project created a framework for security that negotiates between users and the service they are trying to access.

"Users decide at the beginning what level of information they want to reveal to the service. The framework then negotiates with the service and applies the appropriate security component or protocol," says Mr Cotton.

Users don't have to reveal more information than they want. It may not be possible to set up a secure connection in the way the user wants. Either the device can't cope with the protocols required, say a light PDA, or the user isn't willing to divulge a vital piece of information.

"For example, trying to access a bank account without disclosing the user's name or identifier," says Mr Cotton. "In this case the framework alerts the user that the connection is not possible, and suggests alternatives."

Vitally, control of privacy is left with the user while the framework applies the appropriate level of security.

Deploying a system like this means that security is by its very nature hardware and software independent. It's governed by a framework rather than a particular piece of encryption or a specific programme.

What's more, SEINIT designed the framework security protocols and technologies as components. "So when new security components or technologies emerge, they can be added to the framework. This means the system is sustainable," says Mr Cotton.

The project team are finalising a demonstrator for the framework on Windows and popular Unix system Linux and across LANs, Internet, and wireless networks.

"But the framework has a small footprint and as of right now it could be implemented in a mobile phone. We simply want to demonstrate the principle," says Mr Cotton.

The next stage is the development of a user interface and that will take place in a separate project, called DISCREET, and due to start in January next year.

Ultimately, though, Mr Cotton hopes the SEINIT approach will be adopted as a formal security standard. "This is a demonstrator, but we hope to show the advantages of this approach," he says.

If deployed, Mr Cotton believes a security system like SEINIT could have a profound impact on society.

"If we had the capability for any platform, hard or soft, to be involved in a security agreement with any requirement and standard it would truly unlock the potential and promise of the information age," he says.
-end-
Contact:
André Cotton
Head of the Advanced Information Technologies Laboratory
THALES Communications
F-92704 Colombes Cedex
France
Tel: +33-1-46132216
Email: andre.cotton@fr.thalesgroup.com


IST Results

Related Security Articles from Brightsurf:

The development of climate security discourse in Japan
This research traced discourses related to climate security in Japan to determine why so little exists in Japan and whether or not such discourse could suggest new areas for consideration to more comprehensively respond to the climate change problem.

Data Security in Website Tracking
Tracking of our browsing behavior is part of the daily routine of Internet use.

High-security identification that cannot be counterfeited
Researchers from University of Tsukuba have used the principles that underpin the whispering-gallery effect to create an unbeatable anti-counterfeiting system.

New security system to revolutionise communications privacy
A new uncrackable security system created by researchers at King Abdullah University of Science and Technology (KAUST), the University of St Andrews and the Center for Unconventional Processes of Sciences (CUP Sciences) is set to revolutionize communications privacy.

Focus on food security and sustainability
The number of malnourished people is increasing worldwide. More than two billion people suffer from a lack of micronutrients.

Eliminating infamous security threats
Speculative memory side-channel attacks like Meltdown and Spectre are security vulnerabilities in computers.

Holographic color printing for optical security
Researchers from the Singapore University of Technology and Design (SUTD) have invented a new type of anti-counterfeiting device that can be useful for counterfeit deterrence of important documents such as identity cards, passports and banknotes.

UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.

Peatland contributions to UK water security
Scientists from the University of Leeds have developed a new global index that identifies water supplied from peatlands as a significant source of drinking water for the UK and the Republic of Ireland.

Doctors exploring how to prescribe income security
Physicians at St. Michael's Hospital are studying how full-time income support workers hired by health-care clinics can help vulnerable patients or those living in poverty improve their finances and their health.

Read More: Security News and Security Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.