• 2011/02/15: Vacancy: Engineer / Developer Secure Mobile Systems

  • 2011/01/12: Conference proceedings of Mobisec 2010 published

  • 2010/09/09 Smart OpenID presentation at the Smart Mobility conference

  • 2010/09/09 Publication "Trusted Platform Validation and Management" in International Journal of Dependable and Trustworthy Information Systems

  • 2009/11/27: Master Thesis Offer / Trusted User Interfaces

  • 2009/11/06: Job advertisement: Researcher / Developer Secure Mobile Systems

  • 2009/10/14: Andreas Schmidt publishes conference proceedings of Mobisec 2009

  • 2009/09/03: MIT Kerberos Blog on Andreas Leicher's Trusted Ticket System for Kerberos

Job advertisement: Engineer / Developer Secure Mobile Systems

PDF

We are looking for a engineer and developer to reinforce our team.

Conference proceedings of Mobisec 2010 published

MobiSec 2010 was the second ICST conference on security of mobile information and communication systems. The most interesting and important contributions are now combined in the conference proceedings. In this volume, published by Springer-Verlag under the title "Security and Privacy in Mobile Information and Communication Systems," present selected papers from the conference. Subjects range from access control, authentication, security policies to privacy and data protection in mobile information and communication. New trends, methods, and technologies of this forward-looking area are detailed in 14 chapters.

The volume can be ordered on the web site of Springer-Verlag.

Smart OpenID presentation at the Smart Mobility conference

We presented a concept for the use of the OpenID protocol with mobile end devices, based on Smartcard webserver technology, at the Smart Mobility conference

Abstract:

OpenID is a standardised lightweight, easy to implement and deploy approach to Single-Sign-On (SSO) and identity management, and has great potential for large scale user adoption especially for mobile applications. Recently, the interworking of OpenID and the GBA has been explored and standardised by 3GPP. The wide range of scenarios emerging from the combination of OpenID, the mobile network infrastructure, mobile devices, and smart cards, has so far not been explored. Placement of OpenID entities on various network elements, user devices, and secure elements, enables security to be scaled and gives rise to new use case scenarios. We focus, as a particularly flexible case, on the concept of an OpenID Provider on top of the Smart Card Web Server (SCWS) on a UICC or other secure element. This has immediate benefits to mobile operators, service providers, and users, and presents a great use case for the SCWS in truly mobile scenarios. Operators can address new business opportunities by exploiting their existing infrastructure for accounting and service charging with minimum CAPEX for deployment. Service providers on the general Web get direct access to a large user base without catering for special ‘mobile network’ access, plus an enhanced trust in transactions. The user gets seamless, secure SSO to all his / her mobile services, with control over her / his smart card and device located credentials – providing greater incentives to participate in mobile communities for instance. An OpenID Provider on the SCWS yields persistence to Identities across mobile and fixed Internet application scenarios, without loading device or network resources. The security of this solution scales from simple Web-style authentication to corporate networks, payment systems, and even eGovernment applications. Based on an OpenID Provider on SCWS architecture, we show platform-independent implementation options employing OMTP BONDI as a vehicle for an application specific secure user interface.

Publication "Trusted Platform Validation and Management" in International Journal of Dependable and Trustworthy Information Systems

Abstract:

Computing platforms are approaching the era of truly distributed and mobile systems. For such large scale deployments of partly autonomously communicating and connecting network elements, trust issues acquire new qualities. Remote establishment of trust and an enabling architecture to manage distributed network elements remotely become essential. Following the authors’ previous analysis on trust establishment, this paper presents base concepts for platform validation and management, with scalable trust properties and flexible security. The presentation is set in context of machine-to-machine communication and intelligent gateways in mobile networks.

Master Thesis Offer / Trusted User Interfaces

PDF

We are looking for an ambitious student of computer science to carry out a master thesis on trsuted user interfaces under our supervision.

Thesis description

Trusted Computing (TC) as defined by the Trusted Computing Group is usually seen as a protection technology centred on single devices and communication endpoints. But this upcoming technology has many facets which applied information security can benefit from. Seen as a platform-neutral security infrastructure, TC offers ways to establish trust between entities that are otherwise separated by technical boundaries, e.g., different access technologies and access control structures. Commercial applications of TC in this respect abound in particular in the mobile sector. The thesis work shall explore the possibilities offered by TC to provide trust properties to the human-computer interface. In particular, visual attestation of the state and the identity of a platform, binding of graphical credentials to a device, and visually securing transactions with third parties, are core research subjects. The realisation of the developed concepts shall use an existing software framework for Trusted computing experimentation.

Requirements

Good knowledge of authentication concepts. Elemntary Knowledge in cryptography. Elements of Trusted Computing, graphical user interfaces, and biometry. Good programming skills, particularly in Java and C++, and knowledge of contemporary Web-application technology. Written and oral fluency in English.

Novalyst promotes the publication of research results in high-ranked international journals and conferences.

We are looking forward to receive Your application by e-mail.

Job advertisement: Researcher / Developer Secure Mobile Systems

PDF

We are looking for a Researcher and Software Developer to reinforce our team of IT Security specialists.

Job description

The postholder will carry out research and development on the security of mobile devices and networks. He/she develops architectural concepts, implementation plans, and realises them.

Requirements

The postholder should hold a degree in a relevant field and have a proven professional experience with C++ and Java programming. Expertise in IT Security is essential. Furthermore, the successful candidate should have profound knowledge in at least two of the following fields:

Trusted Computing
Mobile network architectures and standards
Mobile network security
Mobile device architectures, hardware security
Mobile application security
Virtualisation
Low-level, kernel programming
Identity management
Embedded security
Security protocols and algorithms
Security certification

The successful researcher will be able to work independently and interact well within a team of IT security engineers. The position requires the ability to work under time pressure and the dedication to communicate frequently with team members in the project.The candidate will have excellent communication and interpersonal skills, and should enjoy working in a stimulating and international culture. Written and oral fluency in English is a must.

Novalyst promotes the publication of research results in high-ranked international journals and conferences.

We are looking forward to receive Your application by e-mail.

Andreas Schmidt publishes conference proceedings of Mobisec 2009

MobiSec 2009 was the first ICST conference on security of mobile information and communication systems. The most interesting and important contributions are now combined in the conference proceedings. In this volume, published by Springer-Verlag under the title "Security and Privacy in Mobile Information and Communication Systems," editors Dr. Andreas U. Schmidt (Novalyst) and Shiguo Lian (France Telecom R&D, Beijing) present selected papers from the conference. Subjects range from access control, authentication, security policies to privacy and data protection in mobile information and communication. New trends, methods, and technologies of this forward-looking area are detailed in 24 chapters.

The volume can be ordered on the web site of Springer-Verlag.

MIT Kerberos blog presents results from thesis on a Trusted Ticket System for Kerberos

The MIT Kerberos Blog comments on the Diploma project of Andreas Leicher (now with Novalyst IT) on a Kerberos Trusted Ticket System. The thesis presents a concept to use the Trusted Platform Module (TPM) hardware to increase the security of the ticketing process in Kerberos. The TPM is used to perform the crypto relevant crypto operations and by the use of TPM-resident keys it is possible to bind the Kerberos tickets to a specific TPM and thus to a single platform. To further increase the security, the concept goes beyond these ideas and makes use of the fundamental building blocks of trusted computing technology, including measurements of the system and the attestation of the system's state to the Kerberos AS/TGS. Thus, the Kerberos ticket is bound to the platform and it's state which increases the overall security. In addition to the development of a Trusted Computing development and experimentation environment, a proof-of-concept demonstartor of the Trusted Ticket System was implemented.

To read the full blog article, please visit: Kerberos Blog: Trusted Ticket System for Kerberos

The published research paper can be obtained from: Research Paper: Trusted Ticket System for Kerberos