Spotlight on EU projects in trust and security
The Journal of Computer Security has launched a special issue highlighting the results of six projects funded under the 'Information society technologies' (IST) Thematic area of the EU's Sixth Framework Programme (FP6). The journal's editors called on the six projects to submit papers because they received exceptional reviews in the ICT [information and communication technology] Trust and Security EU calls. The special issue underlines the pivotal role security and trust play in research. Trust and security have also been instrumental in fuelling the EU's Framework Programmes (FPs) for research and development (R&D) over the last decade. What is particularly unique about research projects in trust and security is that key actors across myriad sectors, from system integrators and technology and service providers to laboratory researchers active in various interdisciplinary fields, have forged substantial partnerships that have and continue to fuel knowledge about the conflicts and synergies between security, privacy and free market economics. Such research has also had a hand in raising awareness about the psychology and sociology of trust and security when designing and launching new technologies. Ultimately, these research efforts get the financial support they need so as to ensure that the EU's expertise in security, privacy and trust lead to economic gains. The special issue draws attention to the fact that pioneering scientific and technological (S&T) research emerged in ICT for trust and security from 1998 to 2002, under the Fifth Framework Programme (FP5). During this period, Europe was behind a number of innovative advances in biometrics, cryptology and smart cards. Thanks to the funding granted by the EU, European researchers have been instrumental in bringing to light new concepts relating to risk analysis, privacy and dependability. The researchers further strengthened their efforts between 2002 and 2006, under FP6, when 37 R&D projects clinched EUR 140 million from the EU to continue investigations in ICT trust and security. The papers presented in the journal are by the FP6-funded IST projects ANTIPHISH, S3MS, SECOQC, OPENTC, PRIME and HUMABIO. Backed with EUR 1.4 million, ANTIPHISH ('Anticipatory learning for reliable phishing prevention') presented innovative solutions to tackle e-mail phishing, a common e-mail fraud scam aiming at information or identity theft. The project partners said measures that can offset this criminal process include using sequential analysis of e-mail texts and external links contained in an e-mail. The solutions proposed by ANTIPHISH have been tested on real e-mails pre-labelled as legitimate, spam and phishing. The ANTIPHISH system was found to have very low error rates and it outperformed other schemes that had been proposed in the past. The S3MS ('Security of software services of mobile systems') project received EUR 2.4 million in financial support. The project partners developed the 'security-by-contract' paradigm, which consists of the use of policies, monitoring and monitor inlining (a program rewriting technique that guarantees the program complies with a given security policy) to secure third-party mistrusted applications running on mobile devices. Their paper spotlights the design and implementation of inlined reference monitors. SECOQC ('Development of a global network for secure communication based on quantum cryptography') studied how feasible an open quantum key distribution (QKD) infrastructure is, and how to enable this technology. QKD uses quantum mechanics to guarantee secure communication. With more than EUR 11.3 million in funding, the SECOQC partners targeted better security technologies with new and secure ways of performing long-range and high-rate distribution of secret keys. The SECOQC paper proposes a proven secure method using the QKD protocols in a trusted key repeater network. The OPENTC ('Open trusted computing') project was funded to the tune of EUR 12 million. The researchers used open-source software to combine virtualisation and trusted computing in order to enhance computing infrastructure security. The OPENTC paper showcases security architecture for virtual data centres based on Trusted Computing technologies. Automatic use of the security mechanisms are enabled by the architecture. Supported with more than EUR 10 million, the PRIME ('Privacy and identity management for Europe') project developed methods to enhance privacy and integrated them into a working prototype of a privacy-enhancing identity management system. The PRIME paper provides insight into how using anonymous credentials for privacy protection in real life is not a practical solution. The authors present the cryptographic constructions for anonymous credentials as well as the necessary relative extensions to apply them in real life. The HUMABIO ('Human monitoring and authentication using biodynamic indicators and behavioural analysis') project focused on combining biometrics with advanced sensorial techniques to boost security across a number of applications. The authors of the paper discuss how biometric authentication is a leading security mechanism; they demonstrate how to establish and boost authentication measures. By combining data from multiple biometric sensors, such as facial properties, an authentication framework can be established which would protect users' privacy but also heighten the identification process. HUMABIO was backed with EUR 2.5 million in funding.