Skip to main content
European Commission logo
italiano italiano
CORDIS - Risultati della ricerca dell’UE
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary
Contenuto archiviato il 2024-05-27

Seamless Communication for Crisis Management

Final Report Summary - SECRICOM (Seamless Communication for Crisis Management)

Executive Summary:
SECRICOM was an FP7 collaborative research project in 2008-2012. Its aim was to create Seamless Communication for Crisis Management for EU safety. Thirteen partners from eight EU countries had united their capacities in order to produce a competitive solution for secure communication and collaboration of emergency responders with advanced functions. SECRICOM aim was to develop a reference security platform for EU crisis management operations with two essential ambitions:
(A) Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs.
(B) Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure.
SECRICOM has reached all of its objectives set at preparation stage. The project has demonstrated its achievements within an integrated communication infrastructure:
Security
• Non-repudiation, authenticity, integrity, confidentiality, accountability
• User authentication, state-of-the-art encryption
• Trust in hardware platform and execution environment
• Trusted docking station concept
• Chip-level security – Secure docking module (SDM)
• Threats and intrusion detection/monitoring
Quality of service
• Ready for Internet Protocol version 6
• Monitoring, prioritization – Monitoring and Control Centre
• Comfort of use – hide security specifications from users
Cross system/platform communication – SECRICOM Silentel
• Communication servers and gateways
• Services and applications for various types of modern devices
• Interoperability with legacy systems
• Integrated with distributed computing and process automation – smart agents
Resilient connectivity
• Multi-Bearer-Router (MBR)
• Extendable and on-site deployable network
Integrated and demonstrated
• Final demonstration in user plausible context of scripted scenarios
• Extensive testing results
Project Context and Objectives:
Project context
Project idea arose from European Security Research Advisory Board (ESRAB) report in 2006. It was setting the European security research agenda and the requirements on new communication infrastructures. These requirements included security, dependability, enhanced connectivity, transmission of multiple formats and advanced search functions.
... a system that ensures end-to-end secure transmission of data and services across heterogenous infrastructures with real time detection and recovery capabilities against intrusions, malfunctions and failures ...
SECRICOM was proposed as a collaborative research project aiming at development of a reference security platform for EU crisis management operations with two essential ambitions:
(A) Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs.
(B) Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure.
Achieving these two project ambitions would allow creating a pervasive and trusted communication infrastructure fulfilling requirements of crisis management users and ready for immediate application.

Project objectives
The SECRICOM solutions are based on four technological pillars:
(1) Secure encrypted mobile communication on existing infrastructures (GSM, UMTS networks) – secure push to talk system SECRICOM SILENTEL.
(2) Improved interoperability among various existing communicating systems, creating recoverable networks and seamless connectivity.
(3) Introduction of distributed systems and the agent paradigm forming a smart negotiating system for parameterization and independent handling of requests suitable for rapid reaction use.
(4) Security based on trusted hardware enhancing the confidentiality of data and the privacy of users.
The SECRICOM ambition was to interface from systems currently deployed for crisis management to systems of new generation which will be defined in next decade such as SDR. Important impact was to enable seamless and secure interoperability of existing hundreds thousands radios already deployed to ensure the protection of invested resources and adaptability to future development and emerging technologies.
The goals of the SECRICOM project were based on ESRAB requirements of future users of the system. The project has an ambition to investigate and prove new ways of secure operative communication and an innovative approach of distributed systems utilization:
• Secure in terms of protection against tapping and external intrusion.
• Trusted in the sense of behaving as expected by meaning minimising the threats for failure to be a basis for creating emergency solutions.
• Providing enhanced connectivity between various networks and devices.
• Transmission of various formats of information such as data, multimedia (voice, picture, video sequences, etc.), localisation data, etc.
• Advanced search functions embedded in infrastructure itself.
Main Technical Objectives:
The SECRICOM project has sought to create a communication and collaborative platform for secure crisis communication. This platform could serve as a communication basis for crisis management in Europe.
1. To exploit the existing publicly available communication network infrastructure with interface towards emerging SDR systems.
2. Interoperability among heterogeneous secure communication systems
3. Parallel distributed mobile agent-based transaction system for effective procurement
4. Secure infrastructure based on custom chip-level security
EU Objectives specified by the call:
• Enable progress towards society’s needs for a more free, secure and open Europe;
• Increase the global competitiveness of the EU based supply chain by research stimulating innovation and accelerating pull through into procured products and services.
Crisis Management Objectives based on ESRAB report:
• Reconfigurable, robust, integrated and scalable communications infrastructure for use inside and outside the EU;
• Robust, lightweight, mobile secured communications elements including software defined solutions (i.e. Software Defined Radios (SDR));
• End to end, interoperable, network independent secured communications;
• Communications network management and control (concept of a network supervisor);
• Fixed and mobile terminal and network access control, including rapid authentication.

Project objectives set on the preparation stage:
• to provide the secure communications infrastructure requested by ESRAB for public safety organisations and their users.
• must support multimedia C2 and SSA (and assessment) capabilities to enable/support incident response and detect, identify and authenticate, warning, decision making etc functions. SECRICOM must be robust, reliable, secure, manageable and support web, information management, planning, decision support, message exchange, common picture type applications.
• To specify, design, develop and demonstrate a reference security platform within an indicative infrastructure for EU CRISIS MANAGEMENT that:
1. Provides improved interoperability and resilience and security of the available crisis communications infrastructure (i.e. built on legacy bearers such as Tetra, Tetrapol, GSM, Citizen Band (i.e. push to talk – PTT, WiMax all/most supporting IPv6) to deliver/support voice and data (i.e. multimedia) services with SDR showing a future capability. The Multi Bearer Router (MBR) will provide one of the core SECRICOM platforms and will deliver the IPv6 network enabling overlay.
2. Adds new functions that enable users to more easily achieve inherently secure services; this is to be achieved by using agents and a hardware “chip” providing a secure docking station capability. Secure communication with secure agent infrastructure will create intrinsic part of the system in Milestones M3, M4, M6 and M7.
SECRICOM brings interconnectivity of PTT traffic between different networks. In addition to mobile handsets, the Push-to-Talk service will be complemented with fixed PC applications acting as PTT clients connected to the mobile operator. SECRICOM is to be designed for coordinating and managing large variable groups instantly.
The end to end service will support any SECRICOM user with any connections to any of the selected networks, as well as provide network access to the SECRICOM Control centre that will identify security issues with the provided end to end, multi bearer IP network and user services.
SECRICOM will deliver a secure and reliable platform for heterogeneous communication infrastructures among mobile communication devices at the lowest level to the upper layer formed by distributed IT systems. Model will be evaluated in terms of the features-assets that can be automated in monitoring and the seamlessness that can be achieved in terms of multi-domain security policy management. System with capability to operate at a risk system level with new degrees of automation, integration and flexibility will be delivered in Milestone M8.
It will provide a security solution for existing inexpensive easily accessible communication devices (Smartphones, PDAs, Laptops, etc.) which will be simply plugged in, preserving sensitive information, arranging authentication and encryption process during the communication.
Finally technological demonstrator of SECRICOM will be introduced with of the all SECRICOM subsystems, the design of gameplay scripts, the completion of the rehearsal demonstrations and the availability of all technical data and the bulk of supporting analysis results drawn from the building, testing and rehearsal activities in Milestone M10.
Project Results:
The SECRICOM solution is based of four technology pillars:
A. Secure encrypted mobile communications using existing infrastructures (GSM, UMTS, secure Push –to-talk (including PAMR) etc) and emerging new generations (i.e. SDR). [This is delivered by the secure wireless work package (WP3)];
B. Improved interoperability among existing comms systems, creating reliable/resilient networks achieving seamless and secure end-to-end connectivity. This is delivered by the QoS supporting IPV6 network [WP6] with integration enabled by the QinetiQ MBR [WP7, WP8]. A monitoring and control centre collects information to assure the secure status of the SECRICOM system, presenting this at a fixed location [WP9];
C. Provision of a distributed AGENT paradigm to achieve confidentiality and access to (comms) resources. It provides a smart negotiating system for parameterisation and independent handling of access requests to achieve rapid reaction. [This is delivered by the Secure Agent work package (WP4)];
D. Trusted hardware (i.e. secure docking station/chip) enhancing confidentiality of data and the privacy of user groups. This allows the distributed agents to dock on the secure communications infrastructure. [This is delivered by the secure docking module work package (WP5)]
System analysis and design (WP2)

The objective of the WP2 – System analysis and design was to have the overall and precise analysis of requirements and constraints, detailed decomposition of system to the level of functional blocks, interfaces and protocols, specification of the implementation of functional blocks and overall system, SWOT analysis, analysis of already used technologies, economical aspects and interoperability, security audit, analysis of communication environments at disposal, security mechanisms, required system functions, technological and economical feasibility study, report on existing secure network systems, analysis of distributed systems requirements (agents). This task has been completed by three major subtasks, entailing above mentioned, by Technical requirements assessment report, Crisis management requirements assessment report and Marketing requirements assessment report. All three reports have been discussed by the entire Consortium in order to catch the latest expertise of each Partner. The utilisation of all possible strengths of the individual technologies, their integration and synergies foundation for the creation of powerful communication system for crisis management operations is illustrated by the Figure 2 below:

Figure 2: SECRICOM Requirements


Three subtasks have been analysed in three subtasks - Bottom up requirements, Top down requirements and Crisis management communication. Figure 3 illustrates the general European emergency response multi-agency command & control high level process; with the SECRICOM project objective of demonstrating communications needs across state borders.

Figure 3: General European Emergency Response Multi-Agency C2 High Level Process
Marketing requirements assessment report describes the strategy defined to reach the best possible market approach for a further exploitation campaign, for the out-coming exploitable results from the SECRICOM project, moving the results from the research phase to industrial exploitation. Figure 4 below illustrates the features (Capability cap) which make the communication systems valuable and more competitive to existing communication systems.

Figure 4: Capability gap

WP3 Secure wireless fault tolerant communication (SECRICOM Silentel)
SECRICOM Silentel is a client-server communication system using Internet Protocol (IP) as illustrated in the Figure 5. It enables the use of mobile devices (i.e. smartphones, tablets or computers) together with technologies currently deployed (i.e. Tetra, SDR, etc.) for daily routines and crisis communication of public safety services. It optimizes and protects the way teams of people communicate without being concerned about misuse of information.
These main parts of the architecture were developed in SECRICOM:
• The Communication Server is a secure switching center module interconnecting all users of the system – as described by Figure 6.
• The Certification Authority is the trust module for Server and Users certification creation, validation and revocation (user can use his own CA as well).
• The Operator Studio serves as a tool for user account management and their personal contact list definition
The SECRICOM Silentel client application communicates only with the server. This approach was influenced by the fact that there are no static IP addresses and there is no support of IPv6 by current GSM network operators. There are two main communication channels; one is the signalization protocol (SIP) and the other is RTP for audio transmission. SIP uses TCP and RTP uses the UDP protocol.
During the session, the server only uses the SIP protocol to send updates about the presence status of user’s contact list; there are also regular “still-alive pings” from client to server.
As soon as the user starts a session, SIP is used to transmit more information, such as Talk Burst requests, text messages, pictures, information about users in the same session (users come and go) and encryption keys. The information structures transmitted by SIP are encoded in ASN.1. Each session is encrypted by different AES256 key. The same AES key is used for encryption of voice. When the user requests the Talk Burst, he can receive it back from the server - the application plays a signalization tone and changes Press-To-Talk button’s colour. The audio recording is transformed by AMR compression, then the AES encryption takes place and RTP transmission is started. The server knows what users are in what session and simply serves as router; the server does not process the audio information in any way.
Security provisions of SECRICOM Silentel include besides ciphering functions also user authentication and management tools for the control of user permissions. Unique user name and password with physical gridcard authentification protects user accounts. Smart card (microSD) and PIN (electronic signature) support the security of access. The Operator studio enables to manage rights, groups and visibility of clients with a possibility to block a suspiciously behaving account in real time.
The client and server have a layered architecture. Each layer, process or module communicates with the rest of the system using asynchronous messages. The concept was proven on various supported operating systems of Secricom Silentel client, i.e. Symbian, Windows Mobile, Android, iOS as well as Windows. Communication gateway was implemented for Tetra and CB radio services, and the implementation allows also integration with further systems. The concept is described on Figure 7.

SECRICOM Silentel Capabilities

SECRICOM Silentel application features were designed to support the operation of public safety agencies and other actors in PTT
daily routines and crisis situations. As defined by the user requirements analysis undertaken by SECRICOM consortium, voice conversation still remains the very first requirement. SECRICOM Silentel enables to build a one-to-one call with full duplex voice transfer or one-to-many group call (Figure 8) with half duplex voice (press-to-talk). The management of any group is flexible with a possibility to add additional members by any of users involved in conversation. This voice service can be used for seamless involvement of actors using different devices and located in different countries.
Another feature offered by SECRICOM Silentel is textual service such as instant messaging (one-to-one or one-to-many) or long message up to 1000 unicode characters. (Figure 9) These were proven by a demonstration exercise as an useful tool for correct spelling of name (instant messaging) or treatment instructions for hazardous chemical sent by external expert (long message). Both services enable audit trail within protected environment and also delivery and read receipt.
Emergency response requires all senses in action including visual sense. Visual sense can be supported by use of images in daily business and special occasions. SECRICOM Silentel enables to send images in conversation groups, both saved from device memory and taken in real time. This feature was used for sending an image of hazardous barrel label in Portsmouth, UK to an external expert located in Poznan, PL. Similarly, some devices can use hand drawing over defined canvas to share directions – like sketching directions over building floor plan during evacuation. (Figure 10)
When managing a group of actors, their location and availability really matters. SECRICOM Silentel has a GPS positioning feature, so a master user (such as an operator) can see the current location of different resources on a map in real time. Every installed application contains a secured contact list with presence status – users can simply select one of pre-defined statuses, such as available/emergency state/non available/etc. This allows identifying available resources at a glance (Figure 11).

Conclusions
SECRICOM Silentel is a scalable ICT solution consisting of a communication server, a certification authority, an operator studio, end user application and interfaces to other systems. It was designed and developed in line with the SECRICOM vision - to provide technologies supporting performance of emergency responders in a comfortable way on standard devices and networks. It introduces new features for standard devices such as smartphones and laptops – they are turned into powerful and secure communication tools suitable for current actors and allowing involvement of new actors with certain responsibilities into emergency actions. These can include officers in emergency agencies, local government officials and also infrastructure services (water/gas/electricity/transport).
SECRICOM Silentel is open for further integration with systems currently in use by public safety services. Its ambition is not to replace, but supplement them by adding new devices and actors to emergency teams. Concerns about connectivity of IP based systems can be answered by listing priority users in public/private networks, extendable network means and/or use of Multi-Bearer-Router for seamless connectivity.
SECRICOM Silentel supports heterogeneous actors cooperating during emergency response, both cross-border and inter-agency. Security is taken as an integral part of the service in sense of transfer of data, access and user management. It allows using the infrastructure for security-sensitive operations as well. These features were demonstrated in an integrated demonstration of the project and are to be developed into a product by Ardaco in following months.

Secure agent infrastructure (WP4)
The main goal of WP4 was to design and implement the prototype of Secure Agent Infrastructure (SAI). The agents in the SAI framework provide a mean to automate access to legacy resources, human interaction or network configuration. Joint efforts of relevant workpackages in SECRICOM project resulted in secure and trusted agent-based infrastructure. Mainly, SAI infrastructure was empowered by Secure Docking Module establishing the concept of Trusted Docking Station.

Figure 12: Generic design of the Secure Agent Infrastructure (SAI) with references to related WPs.
• SAI was decomposed on the following subsystems in order to fulfill the architectural requirements:Process Management Subsystem (PMS) aims at execution of processes and coordination of involved agents. Briefly, the process constructed by PMS chains activities according to activity prerequisites, which allows information flow construction and aggregation of information acquired using secure agents. PMS makes use of OWL (Ontology Web Language) models to describe processes and resources to aggregate information.
• Agent Registry and PKI Infrastructure facilitate the protection of agents from being tampered by malicious persons. Each audited agent code is sealed by unique signature and protects this signature from theft. Thus, agents are protected from misuse, and once properly audited by a common trusted authority, may be considered secure.
• Resource Inquiry Subsystem (RIS) enables DSAP services to be described and registered in the distributed service registrars, and to be dynamically discovered in the network. Jini mechanisms are used to register service descriptions (called entries) and to search the most appropriate DSAP service instances. RIS entries are preferably organized in hierarchical structure which reflects the structure of describing resources.
• Distributed Secure Agent Platform (DSAP) implements core SAI services for secure and trusted agent deployment and communication. The concept of DSAP shown in Figure 13 is built using the Jini framework that provides technological foundations for implementing distributed applications. In the scope of WP4, specialized DSAP services were designed and implemented allowing agents to be deployed, managed and providing security and communication features while retaining the flexibility and scalability.


Figure 13: Extending Jini by DSAP Service.
SAI core agents

In the SECRICOM scenario, the following three core agent types were identified and implemented:
• Information Delivery Agents (IDA) – the main role is to query/update information from/to legacy data sources. Each IDA agent instance must implement appropriate data connector to access information sources.
• User Communication Agents (UCA) – the role is to communicate information with human user using guided dialog. In the SECRICOM project, the main implementation of UCA agent is PTT agent which communicates information with end-users using Silentel Push-To-Talk devices.
• IP Agents (IPA) – the role is to monitor and configure network routing devices.
Outcomes conducted in WP4 include integration ok PKI security, early integration of trusted computing approaching developed in WP5, SAI implementation and code patterns for each core agent type supported with example codes.

Secure docking module (WP5)
A noteworthy S&T achievement of work package 5 was designing and implementing the Secure Docking Module and Trusted Docking Station. The Secure Docking Module and Trusted Docking Station are the pillars of a security concept targeted at preserving integrity and confidentiality beyond the communications channel. The main driver of the security concept is the Secure Agent Infrastructure developed as part of the SECRICOM project.
The Secure Agent Infrastructure uses mobile agents to perform its functionality. Mobile agents consist of executable code and data send to a number of heterogeneous, physical platforms. As such, mobile agents are prone to attack by maliciously modified platforms. Therefore, ensuring the integrity of these platforms, and the agent execution environments running thereon, became the primary goal of our security concept.
In order to establish the integrity of the agent execution environments we based our security concept on Trusted Computing methodologies. Specifically we introduced the concept of the Trusted Docking Station, a computing platform able to measure and report its software configuration in a secure manner. We then use the Secure Docking Module to verify the integrity of the software configuration on the Trusted Docking Station (Figure 14).



The Trusted Docking Station uses a dynamic root of trust for measurement to establish a secure chain of measurements of the platform software. Two ideas are at the core of the concept. First the platform is put into a clean-slate state. In this clean-slate state the platform is free of the influence of previously executed software. Then a strongly isolated partition is created to execute secure software. The second idea of the concept is to measure every software component in this isolated partition before it is executed. Thus a chain of measurements is created where each software component measures all its succeeding software components. The measurements are stored in a shielded location in the Trusted Platform Module of the Trusted Docking Station. The Trusted Platform Module is standardized, commodity-of-the-shelf security chip physically bonded to the Trusted Docking Station hardware platform. Trusted Platform Module equipped computers are widely available today.
The Secure Docking Module is a security module capable of verifying the software configuration integrity of a Trusted Docking Station. Furthermore, the Secure Docking Module provides cryptographic resources necessary to access the SECRICOM communication infrastructure. In order for the Trusted Docking Station to gain access to these resources, the Trusted Docking Station uses its Trusted Platform Module to generate an attested and cryptographically protected report of its software configuration. The Secure Docking Module verifies the cryptographic protection on the report, and the software configuration of the Trusted Docking Station. Only if these tests succeed, will the Secure Docking Module provide its cryptographic resources necessary for the Trusted Docking Station to communicate with the SECRICOM infrastructure.
The development of the Secure Docking Module in the SECRICOM project has led to several S&T achievements. The Secure Docking Module is based on a next generation security controller platform. This security controller was developed as the trusted kernel of the Secure Docking Module. This controller has to be secure and protected against any attacks from the outside, like invasive or noninvasive attacks, change of the code, or other manipulations. In the same way the certificates or critical data of the Secure Docking Module shall not be accessible from the outside, as such behavior could be used for cloning attacks against the Secure Docking Module.
We developed a new type of security controller which is fully based on a new double processor concept, where both processors work with some small delay, and the results of both processors are compared against each other. This is especially useful for detecting spike and error attacks from the outside. The system is stopped, when such an error is detected.
The advantage of this new system concept is the ability to implement it based on standard digital processing technology which is effort and cost optimized, compared to the traditional special security cell implementations with a lot of analog sensor overhead. All the necessary interfaces for system integration were also implemented to get a size, and complexity optimized contribution for SECRICOM.
After the project we further use the development results due to their advantages as fully digital, secure implementation as standard security processor kernel for market applications like smartcards, trusted platform modules, secure industrial controllers and more. Thus, as a highly welcomed side effect, the project generates an economic long time benefit.
The Secure Docking Module relies heavily on cryptographic components. These cryptographic components have been designed with attack resilience in mind. The architecture of the RSA and AES cryptographic components of the Secure Docking Module is especially fault attack resilient. Fault attacks are form of physical attack on security chips, where the attacker tries to induce a fault in the chip and thus gain knowledge about the cryptographic secrets stored therein.
The main task of the CEA-Leti in the WP5 was to develop a secure AES module to perform symmetric cryptography into the Secure Docking Module. The final design is implemented on a FPGA platform and features encryption and decryption – in both ECB and CBC mode – and three key sizes management. Several countermeasures – notably datapath duplication and CRC signatures – were added to strengthen the resistance to side-channel attacks and fault injection. Two ASICs were founded from previous versions to perform security characterisation.


IPv6 based secure communication (WP6)
The S&T activities in WP6 were focused on IPv6 achievements and IPv6 support for SECRICOM solution. SECRICOM solution for crises communications were based on particular solutions developed by consortium partners. Finally the role of WP6 can split into the two phases.

Phase1: based on user requirements doing research of nowadays knowledge of IPv6. This phase was successfully covered by Tasks 6.1: Existing enabled PTT solutions, Task 6.2: IPv4-IPv6 coexistence and interoperation, and Task 6.3: PTT enhancements by IPv6. Research findings and recommendations were published in to Deliverables D6.1: Report on existing IPv6 group call solutions and IPv6 based secure communications.

Significant results of Phase 1:
• Analyses and theory of various QoS,
• Early testing of SECRICOM modules in IPv6 environment,
• Benefits of IPv6 in PoC (Push to Talk over Cellular ) proved,
• QoS in PoC analysed.

Phase2: the rest of S&T activities were covered by remaining Task 6.4: Preparation for demonstration and dissemination. To achieve aims of Task6.4 University of Luxembourg installed separated SECRICOM server with modules of SECRICOM solution. Purpose of setting up server at University of Luxembourg were in the line of idea to have another server for SECRICOM project running mainly all solutions developed during the project lifetime, to have possibility to restart communication in the case of main server failed. Secondary, to do this task we followed promise mentioned during last review to set up Public Safety Laboratory were the outputs from SECRICOM project can be presented for end users.
TAHI project as the base of IPv6 Ready Logo Program were chosen as testing method. The IPv6 Ready Logo program is an international testing program intended to increase user confidence by demonstrating that IPv6 is currently available for today's deployment and use.
The key objective and benefit of the IPv6 Ready Logo program is three fold;
• Verify protocol implementation and validate interoperability of IPv6 products.
• Provide access to free self-testing tools.
• Provide IPv6 Ready Logo testing laboratories across the globe dedicated to provide testing assistance or services.

Next S&T activities for WP6 were setting own IPv6 tunnel. Freenet 6 was good based for setting up point of present in Luxembourg.
Freenet 6 was good based for setting up point of present in Luxembourg. Freenet6 is an IPv6 access service offered to the community for free. This service enables thousands of people from all over the world to experience the best solution for a smooth and incremental deployment of IPv6. Freenet6 users can get IPv6 connectivity from anywhere, including from behind any NAT device or from outside of their home network. On Freenet6, a single, permanent IPv6 address and a DNS name are assigned to each user, making their PC reachable from anywhere on the IPv6 internet. A full /56 prefix may also be assigned to a router, enabling the distribution of IPv6 connectivity to an entire network.
Instead of a Web interface, which is usually offered by traditional tunnel brokers, Freenet6 uses an innovative model based on a client/server architecture. The Client is software that usually runs on a PC and that implements the Tunnel Setup Protocol (TSP). The Client is used to automatically negotiate a configured tunnel between a PC or router and the Freenet6 tunnel broker, making IPv6 easy to install and maintain. The Client source code is licensed under the GPL. A commercial license is also available.
Significant result of Phase 2:
• IPv6 Silver Logo Program
• IPv6 Tunnel Freenet 6 cooperation
• Public Safety Laboratory
• Future connection with EU projects

Highlights of WP6
 IPv6 proved during all demonstrations
 Extending work beyond the DoW
 perfect cooperation with partners

WP6 Conclusion
 SECRICOM Solution is ready for IPv6 in the future
 Continuity
 After project activities in this field
 IPv6 Tunnel Luxembourg – open for EU
 Public Safety Laboratory (open for end users)
 Benefits from u-2010 and Secricom project
 Use for future projects
 Exploitation

Integration of research results (WP7)
One of main achievements of SECRICOM is the integration of research and development results. The strategy of process has changed to continuous integration. It enabled creation of integrated test modules and prototypes in multiple iterations. This approach led to end-to-end testing on various stages of the project and partial demonstrations.
WP was organized in three activities:
1. Validation of results
Was undertaken in two rounds – First happened after conclusion of development in Secure communication system (WP3), Distributed computing system (WP4) and Chip security (WP5). Results were published in D7.1 Report from validation process. Second round was undertaken after the conclusion of Internetwork interfaces (WP8) and Monitoring centre (WP9). Results were published in D7.3 Report from validation process 2. Both report state that particular components of the system were developed in expected manner and quality.
2. Integration of other WP outputs into communication system
Integration of particular results was undertaken continuously from month 22 to month 42. The partial prototypes were driven by need of small- scale demonstrations planned in second half of the project. The communication and collaboration system SECRICOM has been successively constructed in multiple iterations. Single functionalities were integrated and tested in progress of time. Main result from this activity was final prototype suitable for final demonstration.
3. Testing and metering
Testing was inseparable from development and integration. Two testing reports were published (D7.2 in month 25 and D7.4 in month 42) as result of this activity. They were focused in testing of integrated components and subsystems. This approach led to end-to-end testing on various stages of the project and partial demonstrations. Some testing was made in outdoor environment in harsh conditions.
There was created a secure communication system testing base at Ardaco premises consisting of:
a) Mobile devices from various manufacturers running on multiple operating systems: iOS, Android, Symbian, Windows, Windows Mobile) – these include more than 20 smartphones, tablet PCs, PDAs and laptops;
b) Mobile radio stations (CB, Tetra);
c) Gateways to radio systems (CB, Tetra);
d) Fixed devices simulating the crisis communication command centre consisting of more than 10 PCs and servers.
A Network Testing Base was spread in multiple European countries – United Kingdom (Headquarters 1) – Slovakia – Poland – Spain (Headquarters 2) – Luxembourg.

Following RTD results were integrated into final demonstrator (SECRICOM system prototype):
• SECRICOM Silentel parts: server, operator centre, certification authority, mobile device clients (Symbian, Android, iOS, Windows Mobile, Windows, Linux) (WP3)
• Distributed system security, above nowadays standards - Docking Station (TPM/TDS/SDM) concepts used to access trusted computing functionalities (platform attestation, private keys storage, encryption of agents and of the communication) (WP4 and WP5)
• Interaction of the agents in distributed environment - DSAP (Distributed Secure Agent Platform) build above Jini framework – Jini communication protocol used (WP4 and WP8)
• Interaction of agent module with legacy information systems - Agents (UCA – User Communication Agents, DBA – DataBase Access Agent, IPA – IP Agent) used to access legacy information systems, including end-users (WP4 and WP3)
• Secure docking module (WP5)
• IPv6 test base in Luxembourg (WP6)
• MBR into test networks of SECRICOM partners (WP8)
• SECRICOM Analogue Radio Gateway (WP8)
• TETRA-SECRICOM PTT Gateway (WP8)
• Network monitoring centre (WP9)

WP7 has significantly contributed to SECRICOM vision about a novel communication system with following characteristics:
1) Cross system/platform communication
• Communication servers and gateways (WP3, WP7)
• Services and applications for various types of modern devices (WP3)
• Interoperability with legacy systems (WP7, WP8)
• Distributed computing and process automation – smart agents (WP4)
2) Security (non-repudiation, authenticity, integrity, confidentiality, accountability)
• User authentication, state-of-the-art encryption (WP3)
• Trust in hardware platform and execution environment (WP5)
o Trusted docking station concept
o Chip-level security – Secure docking module (SDM)
• Threats and intrusion detection/monitoring (WP9)
3) Quality of service
• Ready for new internet protocol version 6 and using its benefits (WP6)
• Monitoring, prioritization - control centre (WP9)
• Comfort of use – hide security from users
4) Resilient connectivity
• Multi-Bearer-Router (WP8)
• Extendable and on-site deployable network (WP8)
5) Results integrated and demonstrated in hand-on-fashion
• User plausible context and scripted scenarios (WP10)












Figure 16: WP3 integration on heterogeneous platforms












Figure 17: WP4 integration – Agent technologies for databases search
















Figure 18: WP5 integration – Secure docking module

















Figure 19: WP6 integration – Ipv6
















Figure 20: WP8 Integration - Extendable and resilient network, GW to Tetra and CB
















Figure 21: WP9 Integration – Quality of service and Security

Internetwork interfaces, interoperable, recoverable and extendable network (WP8)


During this work package several software systems were developed to assist in the interoperability of all partner systems. The developed systems ranged from hardware implementations to provide a way of TETRA interoperating with other users on the network via IP; all the way to software implementations to assist the Multi-Bearer Router in quicker recovery within complex mesh network environments.


Figure 22: SECRICOM network


Ardaco extended their Silentel application to integrate analogue (CB) and digital (TETRA) radio systems into the SECRICOM push-to-talk communication network. They also helped network extendibility by creating the fast deployable nomadic node (FDMN) which could be active within 30 minutes from a cold start. This served as an extension of the MBR Deployed Metropolitan Area Network (DMAN) which was active on the PTP site for the final demonstration. Figure 23 provides a pictorial representation of the internal infrastructure of the DMAN and an example of the FDMN.



Figure 23: SECRICOM Fast Deployable Nomadic Node

QinetiQ developed a software defined radio emulated testbed to confirm interoperability between SECRICOM systems and possible future technologies such as software defined radios. We also extended the MBR to have a new interface into the 3G network, as well as an interface for management through Simple Network Management Protocol for assisting in IP bearer monitoring.


Figure 24: QinetiQ’s SECRIOM Lab
With UI SAV, QinetiQ integrated the Secure Agent Infrastructure to ensure the MBR can recover quickly enough in a complex mesh network.

Nextel integrated their CSMCC Platform with Ardaco’s PTT Service, the GPS positioning data of the PTT users on the CSMCC Server User Interface.


Figure 25: SECRICOM network connectivity

Communication infrastructure security monitoring and control center (WP9)
Main achievements in WP9 are listed below:
• Set and identify the requirements of SECRICOM security model for service interoperability assurance and analyse overall SECRICOM system operation.
• SECRICOM critical networking, information and operational assets deep analysis.
• Analyse SECRICOM security framework and potential security threats. Risk assessment and risk treatment security control requirements.
• Define the security protocols and mechanisms to cover and avoid any potential security threats that may affect the SECRICOM system and to create effective security countermeasures.
• Define enhanced security policy mechanisms for multi-domain environments specifying particular security controls in terms of access control and overall security information management systems.
• Define distributed security policy management architecture for dynamic communication infrastructures.
• Deliver the SERCICOM Security Model that defines security specifications and framework of a trusted communication infrastructure bringing interconnectivity between different networks.
• SECRICOM communications continuity plan established.
• Analysis and integration of communication infrastructure specific monitoring tools for improved detection and network management.
• Software prototype definition that allows the evaluation of the SECRICOM Security model: Communication Security Monitoring Communication Centre (CSMCC) Platform.
• Integration tasks between CSMCC Platform and other SECRICOM systems:
o Development of message integrity checks process between CSMCC Server, CSMCC Sensors and Agent Platform.
o Development of GPS positioning data of the PTT user integration on CSMCC Server.
• Development of control and reaction capabilities of the CSMCC Platform:
o Development of the application level traffic filtering process, for instance filtering FTP connection depending on the user.
o Development of the anomalous traffic blocking process, which performs corrective actions against the detected security events.
• Deploy secure connections among CSMCC components, encrypting traffic between CSMCC Server and CSMCC Sensors. Encrypted connection also includes the communication between CSMCC Sensor and Agent Platform.
• Improve CSMCC Server dashboard visualization, to show the most relevant network performance information.


Figure 26: Roadmap to WP9


Figure 27: Security Management Model

Demonstration (WP10)


Work package 10 contained the actual Final Demonstration for the reviewers and for stakeholders, but also the lead up to it – including the maintenance of SECRICOM TaCD network providing end-to-end IPv4 and IPv6 seamless connectivity. Each previous demonstration was built upon to extend it to the configuration and level of integration visible in the final demonstration. The iterative development of a stakeholder focused proof of concept demonstration storyboard complemented by a detailed script for actors in the context of a realistic user based scenario drawn from the project scenario helped the delivery of a very successful end-user and stakeholder based demonstration using multiple bearer systems, multiple devices across 5 countries.

Figure 28: Demonstration Strategy



Figure 29: SECRICOM Demonstrations



Figure 30: IERs used to determine capabilty gap

The scope of each demonstration was defined through an activity to assess the information exchange requirements (IER). This activity identified shortcomings in existing communication capability, primarily concerned with technology interoperability. The shortcomings were used to build a number of vignettes where technology interoperability was demonstrated.


QinetiQ performed a site survey of Portsdown Technology Park to asses a suitable location for the rapid deployment satellite dish of the on-site nomadic node. Extra development of the Ardaco MBR nodes configuration took place to allow them to dynamically connect from any land infrastructure and/or mobile satellite communications. As well as some minor configuration changes to house an MBR within a vehicle to seamlessly switch from the local WiFi network across to the wider 3g network (and back when necessary).


Figure 31: SECRICOM stakeholder demonstration network
From January 2011 to April 2011 B-APCO made preparations for live demonstration for end-users at B-APCO 2011 in London. A full storyboard prepared for 2 exercises prepared followed by drafting of a detailed script then was reviewed by selected end-users prior to the live exercise. The live exercise was undertaken at B-APCO 2011 with much learning obtained. Subsequent de-brief points collated for future learning. From August 2011 a revised storyboard was developed and agreed for the final stakeholder demonstration planned for March 2012. Following agreement to the storyboard and ICT to be used a detailed script for 2 exercises was completed by January 2012. The script and storyboard was exercised along with visualisation needs being identified for the final demonstration. After the successful final demonstration that exercised resilient communications across international borders.


Figure 32: SECRICOM stakeholder demonstration scenario and exercise
Potential Impact:
Potential impact of the project
The SECRICOM project provided a proof-of-concept solution, which was demonstrated through four major live demonstrations during the lifetime, all of them being judged excellent by a majority of the audience. Each of them showed an increasing level of integration and involved many potential stakeholders, coming essentially from European countries.
Among stakeholders could notably be found:
• Professionals and ICT experts, operational officers, technical managers from the police, fire and health services.
• Governmental agencies: Polish Ministry of Defence, Intelligence Services, military staff, EU government officers.
Using scripted scenarios – based on possible real life incidents – the demonstrations showed how SECRICOM technologies can be applied to real-world information exchanges in order to handle crisis management. Attendants were impressed by the level of integration of services, and most shared the same, positive opinion about SECRICOM.
After the final demonstration, the end-users were asked to comment the exercises. The potential impact of the SECRICOM project can be assessed from this feedback. Among the things that SECRICOM technologies would allow the responders to do and that they could not do at the present time are:
• More effective operations jointly executed by a number of collaboration agencies with use of multi-bearers to multi-platform devices, including non-TETRA users.
• Ability to add users to talk groups on the fly and dynamically connect them on multiple bearers with instant access to live information every time, everywhere.
• For multi-bearer communications at local incidents, it would allow a number of communication devices to be available at the incident.
• Moving the level of communication from a strategic to much lower tactical levels.
• Promoting interagency working.
SECRICOM showed that “technology is not a barrier to multi-agency/national operations” and that functional business requirements could be considered irrespective of the underlying technology. The demonstrated technology could have a “broad” cross-agency, cross-border, cross-function and cross-hierarchy impact. SECRICOM can be seen as a great opportunity for connecting heterogeneous systems as privatisation brings in new stakeholders and new partners. However, the deployment of such a solution could require long term strategic and policy changes spanning over “7-12 years’ time” and that funding could be a big issue.
This development work should continue, even for ‘local incidents’ situations where cross-agency communications are also required. Some of the suggested improvements are:
• Addition of two key capabilities: multi-bearer and multi-network in handheld devices and ability to dynamically assign talk groups to TETRA radio.
• Need for much more focussed activity if SECRICOM is to deliver real world benefits because convincing someone to invest into the resources under current budget pressures will be a challenge.
• Long term vision about where SECRICOM goes from here.
At the end, the SECRICOM project foresaw what could be crisis management communications in a near future. These results could be a good start to deploy a seamless communication system at a wider scale.
Main dissemination activities
One objective of the WP11 was to raise awareness of the project and its results. The public website – www.secricom.eu – was regularly updated with events announcements and deliverables. Furthermore, accounts were created on Facebook and YouTube to provide information and interactive content to the public. The project was also presented over 70 times in professional conferences and workshops. Several demonstrations or presentations were disseminated through general articles in local newspapers or company newspapers.
The partners contributed to augment the body of knowledge by publishing over 40 scientific articles, ten of them being accepted in international technical journals or as book chapters, the others being technical papers submitted in high quality peer-reviewed international conferences.
The main results were presented during local events, national and international conferences held in Belgium, Czech Republic, France, Germany, Greece, Luxembourg, the Netherlands, Poland, Slovakia, Spain, Turkey, the United Kingdom and the United Sates.
Four live integrated demonstrations were set up:
• The first one was held during the Civil Protection NATO Seminar in September 2010 in Slovakia. Its aim was to give a formal presentation and to exhibit the project and its solution. The main technologies demonstrated were the seamless delivery of PTT voice and IPv6 video thanks to the Multi-Bearer Router (MBR). The Civil Protection exercise proved that the system could operate in a multi-agency and a multi-national context, in an integrated and cohesive manner.
• The second one happened in London for BAPCO 2011, exhibition which gathered over 700 people. Based on two user-scripted scenarios involving PTT voice, telephony, messaging video, imagery and chat, the following capabilities were presented: the secure Push-To-Talk, the Multi-Bearer Router and the network monitoring centre.
• The ASTER workshop was a civil protection event organised by the Polish Ministry of Defence in 2011. It was another opportunity to demonstrate the SECRICOM technologies. The visitors were mostly interested in possibilities to integrate SECRICOM into existing military systems
• The final demonstration was organised in March 2012 in Portsmouth. The final project’s solution was exhibited to over 40 stakeholders from Poland, Slovakia, Spain and Luxembourg. The two exercises proved that all SECRICOM technologies can be integrated as a whole to perform secure and seamless communication.

All dissemination activities tend to confirm the success of the SECRICOM project, as its results convinced scientific committees and potential end-users.
Exploitation results
The project consortium is made up of academic institutions, industrial partners and end users, which explains the large scope of the exploitation results: collaboration in future projects, commercialization of new products and services, contribution to standard committee and evolution of educational contents.
The SECRICOM project created a strong working community within the consortium, willing to collaborate together during the project lifetime but also ready to keep working on the subject of secure telecommunications. That’s why several European Union project proposals were submitted by consortium members:
• AginFire was submitted in November 2010, and notably involved Ardaco, the University of Luxembourg, the Institute of Informatics SAV.
• FREESIC (Free Secure Interoperable Communications) was submitted in November 2010 and accepted. It will be the continuation of SECRICOM for several partners: Ardaco, BAPCO, Nextel, ITT and the University of Luxembourg. “FREESIC will open broader possibilities for existing interoperability solutions such as gateways. It will be operated free-of-charge and will offer open source gateway, documentation and operational guidelines for others to use. It is the project ambition to continue the free-of-charge operation after the project’s end as well. The operational costs will be covered by the new business opportunities.” (Source http://www.freesic.eu).
• PISTIS and TARANIS were two proposals, submitted in November 2011 and January 2012 respectively, involving Ardaco, Graz University of Technology, University of Patras, CEA-Leti and Infineon.
• The SATORI project was proposed in January 2011 and involved the Institute of Informatics SAV.
• TrustinCloud was a proposal from Graz University of Technology, University of Luxembourg and Institute of Informatics SAV, released in November 2011
The project allowed industrial partners to develop new product and services:
• Ardaco enhanced its Push-To-Talk solution called Silentel. The competitive advantage of this technology is based on seamless and secure interoperability of already existing hundreds thousands mobile devices. It creates a pervasive and trusted communication infrastructure, able to support user traffic over different communication bearers. Driven by end users requirements, new security functions can be introduced to ensure collaboration and teamwork of emergency responders.
• QinetiQ engineered its Multi-Bearer Router, which exploits publicly available communications to create a resilient and reliable network with a degree of self-healing network services adapted to crisis management situations. A MBR-based device thus enables interoperability amongst heterogeneous networks and communications systems.
• Infineon commercialized the integrated circuit used in the Secure Docking Module. To meet the requirements of secure communication, Infineon tailored its existing technologies and developed a special device in the scope of this project. It integrates dedicated external interfaces and specific software drivers. This trust and security chip can be used in similar scenarios, but also for other markets and applications.
• Nextel will exploit the project results in terms of Information and Communication Technology security services. The security model that was developed will define the security mechanisms and the architecture of the future information security management systems. The results will also help to provide better supporting services and ICT consultancy.
• Using its better understanding of the problem, ITTI will prepare new relevant market analysis to promote the deployment of the SECRICOM solution, notably in Poland where there is a lack of common system for crisis management. As a consulting company, it will be a great opportunity to participate in the process of choosing as well as implementing such a system.
• Geothermal Anywhere, s.r.o. (SMT) will use the results for future analyses of application in large critical distributed industrial complexes, such as geothermal and exploitation sites. Moreover, support will be provided to medical services, by giving them recommendations for managing epidemic situations and adopting proper responses.
The demonstration of the proof-of-concept solution illustrates that the deployment of new technologies can be complementary to existing ones. For example, the TETRA system doesn’t have to be seen as a limiting factor.
The SECRICOM was also an opportunity to contribute to standard committees.
• Using the results and experiences of the project, Infineon enhanced the current standard of the Trusted Computing Group, the worldwide industry standardization organization.
• The University of Luxembourg contributed to the standard on IPv6.
• The CEA-Leti enhanced the security evaluation standards, by providing state-of-the-art characterisation techniques to its security evaluation laboratory, called CESTI. The CESTI is a world-wide renowned team which has a full accreditation for carrying Common Criteria and other commercially-approved certifications.
• Graz University Technology submitted suitable project results to the standardisation process ETSI.
The academic institutions enriched their educational and teaching materials with the research done in the project.
• Graz University of Technology will then update its lecture on Advanced Computer Networks – master level – to include design and development of new secure routing protocols. The Trusted Computing lecture will also take into account the progress made in SECRICOM to enable trustworthy execution environments.
• The CEA-Leti contributes to teaching activities covering topics digital electronics or attack techniques. Using the results of the design of new countermeasures and the advances in attacks methods, these lectures are made more interesting with new state-of-the-art items.
• The Institute of Informatics SAS exploited the scientific results to propose several bachelors and diploma thesis related to secure multi-agent platform. So far, one bachelor has defended its thesis linked with the SECRICOM project.
Thus, all consortium members succeeded in promoting the SECRICOM projects, whereas it was by putting new products and services on the market, by improving on going standards or by diffusing the project ideas into the educational world.

List of Websites:
Public website address: www.secricom.eu
Project Co-ordinator contact details: John Stoodley, QinetiQ, jastoodley@QinetiQ.com
final1-secricom-final-report-figures.pdf