Security gets framed

Nov 28, 2005

Despite millions of dollars spent by IT companies, digital security still contains more holes than a Swiss cheese. One European project plans to plug those holes by creating a virtual security framework independent of both devices and the networks they are trying to access.

SEINIT, the Security Experts Initiative, offers the promise of seamless security regardless of hardware, software or access protocol, whether it's mobile phones, bluetooth, WiFi, ethernet or broadband connection. And they achieved this pervasive security without sacrificing privacy.

"We set ourselves the almost paradoxical goal of reconciling security and freedom," says Mr Andre Cotton, coordinator of the IST-funded SEINIT project and Head of the Advanced Information Technologies Laboratory at Thales Communication in France.

The project created a framework for security that negotiates between users and the service they are trying to access.

"Users decide at the beginning what level of information they want to reveal to the service. The framework then negotiates with the service and applies the appropriate security component or protocol," says Mr Cotton.

Users don't have to reveal more information than they want. It may not be possible to set up a secure connection in the way the user wants. Either the device can't cope with the protocols required, say a light PDA, or the user isn't willing to divulge a vital piece of information.

"For example, trying to access a bank account without disclosing the user’s name or identifier," says Mr Cotton. "In this case the framework alerts the user that the connection is not possible, and suggests alternatives."

Vitally, control of privacy is left with the user while the framework applies the appropriate level of security.

Deploying a system like this means that security is by its very nature hardware and software independent. It's governed by a framework rather than a particular piece of encryption or a specific programme.

What's more, SEINIT designed the framework security protocols and technologies as components. "So when new security components or technologies emerge, they can be added to the framework. This means the system is sustainable," says Mr Cotton.

The project team are finalising a demonstrator for the framework on Windows and popular Unix system Linux and across LANs, Internet, and wireless networks.

"But the framework has a small footprint and as of right now it could be implemented in a mobile phone. We simply want to demonstrate the principle," says Mr Cotton.

The next stage is the development of a user interface and that will take place in a separate project, called DISCREET, and due to start in January next year.

Ultimately, though, Mr Cotton hopes the SEINIT approach will be adopted as a formal security standard. "This is a demonstrator, but we hope to show the advantages of this approach," he says.

If deployed, Mr Cotton believes a security system like SEINIT could have a profound impact on society.

"If we had the capability for any platform, hard or soft, to be involved in a security agreement with any requirement and standard it would truly unlock the potential and promise of the information age," he says.

Source: IST Results

Explore further: Fitbit to Schumer: We don't sell personal data

add to favorites email to friend print save as pdf

Related Stories

What do we know about nano?

May 10, 2010

(PhysOrg.com) -- Nanotechnology involves manipulating the unimaginably small. A nanometer is about 5 carbon atoms in a row, or the distance your fingernail grows in one second. Matter behaves fundamentally ...

Recommended for you

Ahead of Emmys, Netflix already winning online

1 hour ago

Even if it doesn't take home any of the major trophies at Monday's Emmy Awards, Netflix will have already proven itself the top winner in one regard: Internet programming.

US warns shops to watch for customer data hacking

1 hour ago

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Official says hackers hit up to 25,000 US workers

2 hours ago

The internal records of as many as 25,000 Homeland Security Department employees were exposed during a recent computer break-in at a federal contractor that handles security clearances, an agency official said Friday.

Oregon sues Oracle over failed health care website

12 hours ago

Oregon Attorney General Ellen Rosenblum says she's filed a lawsuit against Oracle Corp. and several of its executives over the technology company's role in the state's troubled health insurance exchange.

Google buys product design firm Gecko

12 hours ago

Google on Friday confirmed that it bought Gecko Design to bolster its lab devoted to technology-advancing projects such as self-driving cars and Internet-linked Glass eyewear.

User comments : 0