TECHNOLOGICAL IMPLEMENTATION PLAN
Description of project


EC PROGRAMME: IST
PROJECT TITLE: Security for Heterogeneous Access in Mobile Applications and Networks
ACRONYM: SHAMAN
PROGRAMME TYPE: 5th FWP (Fifth Framework Programme)
CONTRACT NUMBER: IST-2000-25350
PROJECT WEB SITE (if any): http://www.ist-shaman.org
START DATE: 01 Dec 2000
END DATE: 30 Nov 2002
COORDINATOR DETAILS: Name: Nigel Jefferies
Organisation: Vodafone Group R&D
Address: Vodafone House, The Connection, RG14 2FN Newbury, UK
Telephone: +44 1635 673883
E-mail: nigel.jefferies@vodafone.com


PARTNERS NAME:
Royal Holloway and Bedford New College, Chris Mitchell
Nokia Corporation, Valtteri Niemi
Siemens Atea N.V., Jozef Dankers
Siemens Aktiengesellschaft, Günther Horn
T-Systems Nova GmbH , Peter Windirsch
Giesecke & Devrient GmbH, Hubert Ertl
Ericsson Radio Systems Aktiebolag, Rolf Blom
Vodafone Group R&D, Nigel Jefferies


Commission Officer Name: Jorge Pereira

 

Executive summary


Original research objectives
We shall conduct R&D on the security infrastructures for two major aspects of mobile communications that will become important following on from Release 2000 of UMTS. These are: - the ability of the mobile user to roam globally and to connect into the Network and its services using a variety of heterogeneous access networks, based on, for instance, wireless LAN and Bluetooth; - the development of mobile terminals consisting of dynamically configured components, some of which may be worn, and which use wireless communications; together with applications environments to support access to programs and data. We shall develop security architectures providing specifications of interfaces, protocols and mechanisms to provide protection. We shall also provide supporting technologies. PKI and smart card security modules. Results will be disseminated for adoption in international standards. Objectives: To develop extensions to the security architecture for future mobile telecommunications systems in order to provide secure global roaming, secure access over heterogeneous radio networks and security for highly configurable mobile terminals. This leads to the following sub-goals: - to review the security requirements arising from the identified security issues and define a comprehensive set of additional security features to be provided by the UMTS security architecture - to define a comprehensive set of additional security mechanisms, protocols and procedures required to provide the necessary security features - to specify a public key infrastructure to support security mechanisms, protocols and procedures defined to address the identified security issues - to define the security features and procedures involving smart cards and other security modules - to demonstrate the technical feasibility and the functionality of salient or critical aspects of the results and to validate the specifications - to disseminate the results of the project for adoption in the standards bodies and industrial forums, and in particular to provide a sound and validated technical basis for the definition of extensions to the UMTS security standards - to build on the work of and collaborate with relevant EC projects. Work description: The background of the work is the success of the ACTS USECA project in its contribution to the security architecture for Release 99 of the 3GPP standards for UMTS. The next release will include the incorporation of Internet protocols, and further security for the core networks. Beyond this, we see the two parallel developments providing major enhancements to the services available to the mobile user. These are: (i) the appearance of a variety of heterogeneous, locality-specific access networks supplementing the direct cellular connection (e.g. wireless LAN and Bluetooth), and (ii) the arrival of mobile terminals consisting of a number of components that may be reconfigured dynamically to support the particular service needs at that time. The work addresses the development of security services and architectures that enable these features to integrate into the overall UMTS security provision. Two independent tasks operate in parallel on these topics, supported by two further tasks that provide essential support for the security solutions. One addresses the public key infrastructure that will allow this seamless integration and operation to take place; the other will provide security modules based on smart card technology that will protect kernel security functionality and security-critical data and parameters in mobile terminals. A further task takes the salient and critical aspects of the technical results of these four workpackages and validates them through system design and prototyping. Result will fall into two categories: - technical and architectural specifications and reports destined for adoption in European and international standards; - validation and demonstration of the functionality and feasibility of critical or salient results and recommendations of the work. Milestones: Major mile-stoned results will be delivered in the following months: M06 - Intermediate reports on heterogeneous access and terminal architecture; M09 - Specifications of requirements for PKI and Security Modules; M12 - Intermediate functional and architectural specifications for HA and TA; M15 - Intermediate technical specifications for PKI and SM; M18 - Detailed technical specifications for HA and TA; M24 - Demonstration and final technical report containing all results.
Expected deliverables
all public deliverables are available at http://www.ist-haman.org/publicDocs/docs_index.htm
Project's actual outcome
the project completed successfully 27-MAR-2003
Broad dissemination and use intentions for the expected outputs
results will be contributed to appropriate standards bodies by the partners acting together, as individual participants or as members of national or other groupings.
Overview of all your main project results

Results

No. Self-descriptive title of the result Category
A, B or C*
Partner(s) owning the result(s) (referring in particular to specific patents, copyrights, etc.) & involved in their further use
1 Security architecture to support heterogeneous access networks A Siemens Aktiengesellschaft
2 security architecture for post-3G mobile terminals A Ericsson Radio Systems Aktiebolag
3 Specification of a Security Module A Giesecke & Devrient GmbH
4 Public key infrastructure for next generation telecommunications A Royal Holloway and Bedford New College

   *A: results usable outside the consortium / B: results usable within the consortium / C: non usable results
 

Quantified Data on the dissemination and use of the project results


Items about the dissemination and use of the project results
(consolidated numbers)
Currently achieved quantity Estimated future* quantity
Product innovations 10 10
Process innovations 1 1
New services (commercial) 0 0
New services (public) 0 0
New methods 0 0
Scientific breakthrought 3 3
Technical standards to which this project has contributed 5 5
EU regulations/directives to which this project has contributed 0 0
International regulations to which this project has contributed 0 0
PhDs generated by the project 0 0
Grantees/trainees including transnational exchange of personnel 0 0

* "Future" means expectations within the next 3 years following the end of the project
 

Comment on European Interest


Community added value and contribution to EU policies

European dimension of the problem
leading actors in European mobile communications have collaborated in the development of the security architecture for important areas of the next generation; this is not only of European significance but will have impact on the worldwide standards for post 3-G sysems.
Contribution to developing S&T co-operation at international level. European added value
the work of SHAMAN built on already existing technical and scientific co-operation between major European actors.
Contribution to policy design or implementation
SHAMAN results will influence the standards governing the world wide development of post-3G mobile telecomms.

 
Contribution to Community social objectives
 

Improving the quality of life in the Community:
The impact of post-3G mobile telecomms will bring benefits to many aspects of the life of EU citizens. Security is fundamantal to the successful deployment by service providers and network operators, and to the perception of trustworthiness that will convince users.
Provision of appropriate incentives for monitoring and creating jobs in the Community (including use and development of skills):
Post-3G mobile telecomms has the potential to change the way we work and to create new opportunities for creation of employment.
Supporting sustainable development, preserving and/or enhancing the environment (including use/conservation of resources):
the evolution of mobile/wireless technologies and services to become the de facto personal and corporate measn of communications can have significatn impact on the conservation of resources in terms of reducing dependency on many aspects of travel and simplification of the workplace; the meeting of the security needs of such systems will be a key enabler to the take up and exploitation of future sytems and services.


 

Expected project impact (to be filled in by the project coordinator)


EU Policy Goals I
SCALE OF EXPECTED IMPACT OVER THE NEXT 10 YEARS
-1 0 1 2 3
II
other
Not applicable to project Project Impacttoo difficult to estimate
1. Improved sustainable economic development and growth, competitiveness 2
   
2. Improved employment 1
   
3. Improved quality of life and health and safety 1
   
4. Improved education 1
   
5. Improved preservation and enhancement of the environment 1
   
6. Improved scientific and technological quality 2
   
7. Regulatory and legislative environment 0
   
8. Other 0
√  


1. Economic development and growth, competitiveness
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Increased Turnover for project participants
   - national markets
2 2
b) Increased Turnover for project participants
   - international markets
2 2
c) Increased Productivity for project participants
1 1
d) Reduced costs for project participants
1 1
e) Improved output quality/high technology content
2 2


2. Employment
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Safeguarding of jobs
1 1
b) Net employment growth in projects participants staff
1 1
c) Net employment growth in customer and supply chains
1 1
d) Net employment growth in the European economy at large
1 1


3. Quality of Life and health and safety
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Improved health care
0 0
b) Improved food, nutrition
0 0
c) Improved safety (incl. consumers and workers safety)
1 1
d) Improved quality of life for the elderly and disabled
1 1
e) Improved life expectancy
0 0
f) Improved working conditions
1 1
g) Improved child care
1 1
h) Improved mobility of persons
2 2


4. Improved education
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Improved learning processes including lifelong learning
1 1
b) Development of new university curricula
1 1


5. Preservation and enhancement of the environment
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Improved prevention of emissions
1 1
b) Improved treatment of emissions
0 0
c) Improved preservation of natural resources and cultural heritage
1 1
d) Reduced energy consumption
1 1


6. S&T quality
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Production of new knowledge
1 1
b) Safeguarding or development of expertise in a research area
1 1
c) Acceleration of RTD, transfer or uptake
2 2
d) Enhance skills of RTD staff
2 2
e) Transfer expertise/know-how/technology
2 2
f) Improved access to knowledge-based networks
1 1
g) Identifying appropriate partners and expertise
1 1
h) Develop international S&T co-operation
1 1
i) Increased gender equality
0 0


7. Regulatory and legislative environment
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
a) Contribution to EU policy formulation
0 0
Contribution to EU policy implementation
0 0


8. Other (please specify)
Scale of Expected Impacts over the next 10 years (2)
By Project End
-1 0 1 2 3
After Project End
-1 0 1 2 3
 
   
Description of Results


 

No. Title
1 Security architecture to support heterogeneous access networks

 
CONTACT PERSON FOR THIS RESULT

Name Günther Horn
Position Senior research engineer
Organisation Siemens AG
Address Otto-Hahn-Ring 6
81739, München
DE
Telephone +49-89-636-41494
Fax  
E-mail guenther.horn@mchp.siemens.de
URL http://www.siemens.com/
Specific Result
URL
http://www.isrc.rhul.ac.uk/shaman/docs/d13a1v1.pdf

 
SUMMARY

While there are still many open questions concerning the specifics of the architecture of post 3G mobile systems, there seems to be a common understanding that they will be characterised by the following features: - the ubiquity of the IP-protocol, resulting in an all-IP based core network and probably an extended use of IP up to the edge of the access network, - the coexistence of several radio access technologies (like UTRAN, WLAN, Bluetooth and others). A user in a post 3G system should be able to use services from anywhere in the system (global roaming), and the use of a particular access network technology should be transparent to him when using these services. Although the specifics of post 3G architectures are still open, the design of a security architecture has to be based on a concrete network reference architecture. In an earlier stage of the work of SHAMAN WP it was decided to use the reference architecture designed in the IST-project BRAIN to serve as a basis for the work. This doesn't mean, however, that the security considerations in this document strictly depend on particularities of the BRAIN architecture. Indeed, they can easily be generalised to other types of all-IP mobile systems. Furthermore, the original BRAIN architecture is enhanced to accommodate security aspects associated with the wireless transmission link. Among the many security issues relating to post 3G systems, the concepts developed in this document focus on the security features and mechanisms required to provide global IP connectivity and various forms of mobility to a globally roaming user in a post-3G mobile system. A secondary focus is on security for Quality of Service procedures in such a system. Security aspects of services and applications (web-browsing, e-commerce etc.) are out of scope. In order to reduce the complexity of the task of defining a security architecture for future mobile systems and to cope with the uncertainties of the concrete architectures of such systems, a modular approach is chosen. Five basic functional building blocks are identified which are likely to be required in any type of post-3G mobile system. The different building blocks are selected in such a way that it should be possible to create the overall security architecture by suitably combining these building blocks. Additionally, a change in one building block would have a minimal effect on the other building blocks. The five main building blocks identified are: - Secure address configuration, - Authentication and session key establishment, - IP layer security, - Link layer security, and - Network domain security. They represent the basic sequence of steps a mobile node performs while attaching to a (foreign) access network. Please see the public deliverable for all the details. The results will be contributed to the standards process for post-3G systems.


SUBJECT DESCRIPTORS CODES
424 NETWORK TECHNOLOGY, NETWORK SECURITY
609 TELECOMMUNICATION ENGINEERING/TECHNOLOGY
399 MOBILE COMMUNICATIONS
679 WIRELESS SYSTEMS, RADIO TECHNOLOGY

 
DOCUMENTATION AND INFORMATION ON THE RESULT

Documentation type Details (Title, ref. number, general description, language) Status: PU=Public CO=Confidential
Deliverable D13 Annex A see: http://www.isrc.rhul.ac.uk/shaman/docs/D13_V1.pdf [overview of results] and http://www.isrc.rhul.ac.uk/shaman/docs/d13a1v1.pdf [Annex A - WP1 specifics] Public
Deliverable D02 - Intermediate Report: Results of Review, Requirements and Reference Architecture see http://www.isrc.rhul.ac.uk/shaman/docs/d02v2.pdf Public
Deliverable D09 - Detailed specification of security for heterogeneous access see http://www.isrc.rhul.ac.uk/shaman/docs/d09v1.pdf Public


 
INTELLECTUAL PROPERTY RIGHTS

Type of IPR KNOWLEDGE:
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
Pre-existing know-how
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
  Current Foreseen Tick Details
  Tick NoP1) NoI2) Details Tick    
Patent applied for   0 0        
Patent granted   0 0        
Patent search carried out            
Registered design            
Trademark applications            
Copyrights            
Secret know-how            
Other - please specify:            

 
1) Number of Priority (national) applications/patents
2) Number of Internationally extended applications/patents

 
MARKET APPLICATION SECTORS

Market application sectors
64 Post and telecommunications
72 Computer and related activities
74 Other business activities


 
CURRENT STAGE OF DEVELOPMENT

Current stage of development Scientific and/or Technical knowledge (Basic research)
Other:

 

Quantified data about the result


Items (about the results) Actual current quantity Estimated (or future) quantity
Time to application / market (in months from the end of the research project) 24 36
Number of (public or private) entities potentially involved in the implementation of the result: 50 100
   of which: number of SMEs: 0 0
   of which: number of entities in third countries (outside EU): 25 50
Targeted user audience: of reachable people 200000000 2000000000
 S&T publications (referenced publications only) 17 17
 publications addressing general public (e.g. CD-ROMs, WEB sites) 1 1
 publications addressing decision takers / public authorities / etc. 0 0
Visibility for the general public YES


Further collaboration, dissemination and use of the result


COLLABORATIONS SOUGHT

R&D Further research or development √ FIN Financial support  
LIC Licence agreement   VC Venture capital/spin-off funding  
MAN Manufacturing agreement   PPP Private-public partnership  
MKT Marketing agreement   INFO Information exchange/training  
JV Establish a joint enterprise or partnership   CONS Available for consultancy  
Other (please specify) √  
Details: further collaboration and support in the process of developing standards.

 
POTENTIAL OFFERED FOR FURTHER DISSEMINATION AND USE

results will be contributed to appropriate standards bodies; collaboration and support is welcome.

 
PROFILE OF ADDITIONAL PARTNER(S) FOR FURTHER DISSEMINATION AND USE

academic researchers; network operators; service providers; application providers; major user community representatives.

 

No. Title
2 security architecture for post-3G mobile terminals

 
CONTACT PERSON FOR THIS RESULT

Name Christian Gehrmann
Position Senior Specialist, Security Architectures and Protocols
Organisation Ericsson AB
Address Nya Vattentornet
SE-221 83, Lund
SE
Telephone +46-46-232904
Fax  
E-mail Christian.Gehrmann@emp.ericsson.se
URL http://www.ericsson.com/
Specific Result
URL
http://www.isrc.rhul.ac.uk/shaman/docs/d13a2v1.pdf

 
SUMMARY

The distributed terminal concept is new and there are few ready to use solutions applicable to security for this concept. Our survey study [D03] provides a good state-of-the-art picture in the area and shows that several isolated initiatives and solutions exist, but that there is a lack of complete treatments and some problems are currently not addressed. Consequently, there are several needs that a comprehensive security framework would fill. Our main goal is to provide a comprehensive security framework for a distributed terminal. The security architecture should provide us both with a common language as well as with the basic models and real-world scenarios needed for future development. The main objectives are: a simple and practical trust model; Low complexity security configuration mechanisms (e.g. semi-automatic key management); high level of cryptographic strength (using state-of-the-art, generally accepted cryptosystems); high quality and flexible security protocols; usability; mechanisms and principles that can be easily analysed and evaluated, and open to public scrutiny; low complexity implementations for devices with limited resources; use of standard solutions whenever possible. # In order to build security architecture for a distributed terminal we have to define the security relations between different component and services on the components in the local network. This we call the trust model. The trust model defines component trust classes or groups. Secure communication between different classes or groups can be achieved by cryptographic techniques. A prerequisite for secure communication is security associations between trusted components. The security architecture describes how security associations are created and dissolved. Security associations must be created in a secure way with high confidence if the overall security level of the system should be satisfactory. This can be achieved with authentication of components and/or users combined with encryption of secret information. Furthermore, authentication is necessary in order to set up secure sessions between trusted components. User authentication will in many situations be a requirement. We will clearly describe when it is required. However, we will not specify any particular user authentication techniques. Unique identities will be avoided when possible in the architecture. The goal is to provide techniques that give both anonymity and strong authentication. We work with a terminal model where terminal components can be dynamically reconfigured. This includes installation of new software. Installation of malicious executables on components should be avoided. We have investigated a gateway-downloading model where the software verification is delegated to one component, the gateway, in the PAN. Hence, secure distributed software downloading is part of our architecture. The possibility for components to utilise services at other components in the local network is a fundamental characteristic for the distributed terminal model we are considering. Service offering to other components as well as connections to services at connected components must be handle with caution. Mechanisms for authentication and access control must be present. Furthermore, security policies need to be introduced that define the local authorisation rules. The policies rules are enforced by access control mechanisms. In order to have a user friendly and still secure PAN environment, it is necessary to have common security policies among certain sets of PAN component. This we achieve through the introduction of the PAN Security Domain (PSD) concept. A user of a distributed terminal might want to be able to use any of his or her devices when performing security critical tasks. Such tasks might be anything from access to bank account to contract signing. Hence, delegation of security rights, i.e., authorisation, to different PAN component is a desired feature. We have worked with a new PAN authorisation model that allows exactly this. An authorisation model, necessary protocols and mechanisms are specified. A PAN (personal area network) model is specified and used as a basis for the distributed mobile terminal. A trust model between components is developed and with it the concept of PAN Security Domain (PSD) and its relationships. Communication and authentication between terminal components requires that they have some kind of cryptographic relationship. We refer to procedures that establish this cryptographic information into PAN components as ‘imprinting’. Novel methods for this are introduced. Please see the public deliverable for complete details. The results will be contributed to the standards process for post-3G systems.


SUBJECT DESCRIPTORS CODES
399 MOBILE COMMUNICATIONS
609 TELECOMMUNICATION ENGINEERING/TECHNOLOGY
679 WIRELESS SYSTEMS, RADIO TECHNOLOGY
424 NETWORK TECHNOLOGY, NETWORK SECURITY

 
DOCUMENTATION AND INFORMATION ON THE RESULT

Documentation type Details (Title, ref. number, general description, language) Status: PU=Public CO=Confidential
Deliverable D13, Annex B - Final technical report - Specification of a security architecture for distributed terminals. see http://www.isrc.rhul.ac.uk/shaman/docs/d13a2v1.pdf Public
Deliverable D03 - Interim Report - Security Architecture for Future Mobile Terminals and Applications see www.isrc.rhul.ac.uk/shaman/docs/d03v2.pdf Public
Deliverable D10 - Detailed specification of distributed mobile terminal system security see www.isrc.rhul.ac.uk/shaman/docs/d10v1.pdf Public


 
INTELLECTUAL PROPERTY RIGHTS

Type of IPR KNOWLEDGE:
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
Pre-existing know-how
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
  Current Foreseen Tick Details
  Tick NoP1) NoI2) Details Tick    
Patent applied for   0 0        
Patent granted   0 0        
Patent search carried out            
Registered design            
Trademark applications            
Copyrights            
Secret know-how            
Other - please specify:            

 
1) Number of Priority (national) applications/patents
2) Number of Internationally extended applications/patents

 
MARKET APPLICATION SECTORS

Market application sectors
64 Post and telecommunications
72 Computer and related activities
74 Other business activities


 
CURRENT STAGE OF DEVELOPMENT

Current stage of development
Other:

 

Quantified data about the result


Items (about the results) Actual current quantity Estimated (or future) quantity
Time to application / market (in months from the end of the research project) 24 36
Number of (public or private) entities potentially involved in the implementation of the result: 20 200
   of which: number of SMEs: 2 20
   of which: number of entities in third countries (outside EU): 10 100
Targeted user audience: of reachable people 200000000 2000000000
 S&T publications (referenced publications only) 6 6
 publications addressing general public (e.g. CD-ROMs, WEB sites) 1 1
 publications addressing decision takers / public authorities / etc. 0 0
Visibility for the general public YES


Further collaboration, dissemination and use of the result


COLLABORATIONS SOUGHT

R&D Further research or development √ FIN Financial support √
LIC Licence agreement √ VC Venture capital/spin-off funding √
MAN Manufacturing agreement √ PPP Private-public partnership √
MKT Marketing agreement √ INFO Information exchange/training √
JV Establish a joint enterprise or partnership √ CONS Available for consultancy √
Other (please specify) √  
Details:  

 
POTENTIAL OFFERED FOR FURTHER DISSEMINATION AND USE

results will be contributed to appropriate standards bodies; collaboration and support is welcome.

 
PROFILE OF ADDITIONAL PARTNER(S) FOR FURTHER DISSEMINATION AND USE

network operators; service providers; application providers; major user community representatives.

 

No. Title
3 Specification of a Security Module

 
CONTACT PERSON FOR THIS RESULT

Name Hubert Ertl
Position Product Management Telecommunications, 3TP2
Organisation Giesecke & Devrient GmbH
Address Prinzregentenstraße 159
81677 , München
DE
Telephone +49 89 4119-2796
Fax  
E-mail hubert.ertl@de.gi-de.com
URL http://www.gi-de.com/
Specific Result
URL
http://www.isrc.rhul.ac.uk/shaman/docs/d13a4v1.pdf

 
SUMMARY

The purpose of workpackage 4 is the development of a concept for a security module which provides high security for future mobile communications in heterogeneous networks. A security module is a tamper-resistant device that is both physically and logically secure and has the ability to contain data and/or perform functions for certain security systems. The use of security modules for holding sensitive data is already widespread; the most obvious example for an application making use of security modules is GSM SIM-card. The downside of smart cards, as well as of all tamper-resistant devices, is the shortage of storage and processing power. However, over the next 5 years, a strong improvement of performance can be expected; the chip’s clock rate will probably rise from typically 1-5 MHz today to 20-33 MHz, the storage capacity of the EEPROM from 16 kB to 32-96 kB and the transmission rate currently 9,6 kB/s across a serial interface will reach 115 kB/s. A security module must meet several requirements in the SHAMAN context. For WP1, the security module must support secure network access. The functionality split for one secret key (AAA for IPv6) and two public key protocols (IKE and JFK) was studied and demonstrated to be potentially very useful in overcoming some of the current constraints. In addition, the involvement of the security module in security mechanisms for protecting the confidentiality and integrity of the access link was investigated, although not currently involved in the protection of the access link communications. For WP2, work focussed on secure private area network (PAN) internal communication and distributed security modules. It was studied how the security module is involved in the imprinting process [see SHAMAN Distributed Terminal work]. Additionally, it needs an authentication algorithm for connection establishment, whereas confidentiality and integrity protection on it are not practical. The workload of security functions on a security module can be distributed either on a group of modules or between a single module and an untrusted host environment. The distribution of a single private key operation between the security module and an untrusted device was investigated. Delegated authorisation of the RSA private key was also studied. For WP3, it was investigated how a security module can implement or support a personal CA (certification authority). With today’s technology, not all of these can be implemented on a single device. It is necessary to find a trade-off between high security on the one hand and feasibility as well as performance on the other hand. Therefore, 3 different levels of security have been defined which form the basis of a security module reference model. The levels are called “intermediate”, “high security” and “personal-CA level”. For the intermediate level, functions like random number generation, storage of long-term secrets and calculation of a one-way function are required. In addition, basic protocol support for a secret and a public key protocol must be present. For high security, it is also demanded that the SM be able to store short-term secrets, compute Diffie-Hellman secrets, create public-private key pairs on card and store security contexts (for plastic roaming). Further advanced (and more secure) protocol options must be supported. For personal CAs, the smart card should also be able to manage certificates, i.e. store, create and validate them, including revocation checks. Today’s smart cards already offer an appropriate basis for the realisation of a SHAMAN-compliant security module. All of the intermediate level and some of the high level functions can be provided. The rapid increase of storage capacity and processing power will allow more advanced solutions in the near future, offering the user a personalised token with high flexibility and very high security.


SUBJECT DESCRIPTORS CODES
399 MOBILE COMMUNICATIONS
424 NETWORK TECHNOLOGY, NETWORK SECURITY
568 SMART CARDS
609 TELECOMMUNICATION ENGINEERING/TECHNOLOGY
679 WIRELESS SYSTEMS, RADIO TECHNOLOGY

 
DOCUMENTATION AND INFORMATION ON THE RESULT

Documentation type Details (Title, ref. number, general description, language) Status: PU=Public CO=Confidential
Deliverable D13, Annex D - Final Technical Report – Secure Module see Public


 
INTELLECTUAL PROPERTY RIGHTS

Type of IPR KNOWLEDGE:
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
Pre-existing know-how
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
  Current Foreseen Tick Details
  Tick NoP1) NoI2) Details Tick    
Patent applied for   0 0        
Patent granted   0 0        
Patent search carried out            
Registered design            
Trademark applications            
Copyrights            
Secret know-how            
Other - please specify:            

 
1) Number of Priority (national) applications/patents
2) Number of Internationally extended applications/patents

 
MARKET APPLICATION SECTORS

Market application sectors
64 Post and telecommunications
72 Computer and related activities
74 Other business activities


 
CURRENT STAGE OF DEVELOPMENT

Current stage of development
Other:

 

Quantified data about the result


Items (about the results) Actual current quantity Estimated (or future) quantity
Time to application / market (in months from the end of the research project) 24 36
Number of (public or private) entities potentially involved in the implementation of the result: 20 50
   of which: number of SMEs: 0 0
   of which: number of entities in third countries (outside EU): 10 25
Targeted user audience: of reachable people 200000000 2000000000
 S&T publications (referenced publications only) 2 0
 publications addressing general public (e.g. CD-ROMs, WEB sites) 1 1
 publications addressing decision takers / public authorities / etc. 0 0
Visibility for the general public YES


Further collaboration, dissemination and use of the result


COLLABORATIONS SOUGHT

R&D Further research or development √ FIN Financial support  
LIC Licence agreement √ VC Venture capital/spin-off funding  
MAN Manufacturing agreement √ PPP Private-public partnership  
MKT Marketing agreement √ INFO Information exchange/training  
JV Establish a joint enterprise or partnership   CONS Available for consultancy √
Other (please specify) √  
Details: further collaboration and support in the process of developing standards

 
POTENTIAL OFFERED FOR FURTHER DISSEMINATION AND USE

results will be contributed to appropriate standards bodies; collaboration and support is welcome.

 
PROFILE OF ADDITIONAL PARTNER(S) FOR FURTHER DISSEMINATION AND USE

network operators; service providers; application providers; major user community representatives.

 

No. Title
4 Public key infrastructure for next generation telecommunications

 
CONTACT PERSON FOR THIS RESULT

Name Chris Mitchell
Position Professor
Organisation Information Security Group,
Address Royal Holloway, University of London
TW20 0EX, Egham
UK
Telephone 44-1784-443423
Fax  
E-mail c.mitchell@rhul.ac.uk
URL http://www.isg.rhul.ac.uk/
Specific Result
URL
http://www.isrc.rhul.ac.uk/shaman/docs/d13a3v1.pdf

 
SUMMARY

The work on PKI for SHAMAN was conducted as Workpackage 4. Two strands of work were carried out: (1) to take up the PKI issues generated by the other three technical research workpackages and (2) to analyse more general PKI issues likely to be of importance to future mobile systems. With regard to the PKI issues for WP1 (secure access from mobile terminals to heterogeneous access networks) the major issue of mobile node (MN) to access network (AN) authentication and key agreement arises. If this authentication process uses asymmetric cryptographic methods, then the resulting requirements for PKI are simplest if the MN’s certificate is issued by its home network. This is the case in the traditional subscription scenario. Moreover, issuance by the home network potentially provides the MN with greater identity privacy towards the AN provider. Apart from the traditional subscription case, the alternative access case provides network access to users that pay by ad hoc methods (using e-payment mechanisms) for services received by the access network. In this case, there is no home network involved in the authentication and key agreement process and PK mechanisms are used to secure the (partly) wireless link between MN and access router (AR) during initial access. Public key based authentication and key agreement protocols are considered for both cases. WP2 have requested WP3 to examine the provision of CA functions within a PAN, and without reference to a ‘global’ PKI over a long range interface. The intra-PAN CA function has been termed the ‘personal CA’. Two methods of providing personal CA functionality are considered: (1) ‘Traditional PKI’, where identities are associated with randomly generated public keys in X.509 or similar certificates; (2) Identity-based PKI, where the public key of a device is the e-mail address or another identity by which the device can be publicly addressed. The two methods are compared and our conclusion is that, on the criteria used for comparison, the two schemes are approximately equal. WP2 requirements for PKI for secure execution environments are also examined. It is seen that there are outstanding problems here that require further analysis, but also that solutions, some of which are contractual and legal, are available. The problems mainly relate to the fact that it is felt that the party that will suffer most from unreliable authorisation of providers of executable code, that is, the network operator, has no control over which parties are so authorised, as this is done by manufacturers and third party Certification Authorities (CAs). Generic PKI issues, not related to a particular WP, are also examined. We conclude that the Online Certificate Status Protocol (OCSP) is the best choice if client certificate revocation checking is required. We examine generic issues related to the use of asymmetric cryptographic techniques for authentication and authorisation. We further examine the pros and cons of linking authentication and authorisation, and conclude that although new standards work may be required, we should seek to promote methods where authentication and authorisation are provided using separate mechanisms, and not jointly using X.509 certificates with extensions, as is done presently. Finally, we consider issues associated with the implementation of PKI on devices with limited computational and communications capabilities, such as are likely to exist within the PAN.


SUBJECT DESCRIPTORS CODES
399 MOBILE COMMUNICATIONS
424 NETWORK TECHNOLOGY, NETWORK SECURITY
568 SMART CARDS
609 TELECOMMUNICATION ENGINEERING/TECHNOLOGY
679 WIRELESS SYSTEMS, RADIO TECHNOLOGY

 
DOCUMENTATION AND INFORMATION ON THE RESULT

Documentation type Details (Title, ref. number, general description, language) Status: PU=Public CO=Confidential
Deliverable D13, Annex C - Public key infrastructure for next generation telecommunications see www.isrc.rhul.ac.uk/shaman/docs/d13a3v1.pdf Public
Deliverable D04 - Initial report on PKI requirements for heterogeneous roaming and distributed terminals see www.isrc.rhul.ac.uk/shaman/docs/d04v1.pdf Public
Deliverable D07 - Intermediate specification of PKI for heterogeneous roaming and distributed terminals see www.isrc.rhul.ac.uk/shaman/docs/d07v1.pdf Public


 
INTELLECTUAL PROPERTY RIGHTS

Type of IPR KNOWLEDGE:
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
Pre-existing know-how
Tick a box and give the corresponding details(reference numbers, etc) if appropriate
  Current Foreseen Tick Details
  Tick NoP1) NoI2) Details Tick    
Patent applied for   1 1        
Patent granted   0 0        
Patent search carried out            
Registered design            
Trademark applications            
Copyrights            
Secret know-how            
Other - please specify:            

 
1) Number of Priority (national) applications/patents
2) Number of Internationally extended applications/patents

 
MARKET APPLICATION SECTORS

Market application sectors
64 Post and telecommunications
72 Computer and related activities
74 Other business activities


 
CURRENT STAGE OF DEVELOPMENT

Current stage of development
Other:

 

Quantified data about the result


Items (about the results) Actual current quantity Estimated (or future) quantity
Time to application / market (in months from the end of the research project) 24 36
Number of (public or private) entities potentially involved in the implementation of the result: 20 40
   of which: number of SMEs: 2 4
   of which: number of entities in third countries (outside EU): 10 20
Targeted user audience: of reachable people 200000000 2000000000
 S&T publications (referenced publications only) 13 13
 publications addressing general public (e.g. CD-ROMs, WEB sites) 1 1
 publications addressing decision takers / public authorities / etc. 0 0
Visibility for the general public YES


Further collaboration, dissemination and use of the result


COLLABORATIONS SOUGHT

R&D Further research or development   FIN Financial support  
LIC Licence agreement √ VC Venture capital/spin-off funding  
MAN Manufacturing agreement √ PPP Private-public partnership  
MKT Marketing agreement √ INFO Information exchange/training  
JV Establish a joint enterprise or partnership √ CONS Available for consultancy  
Other (please specify) √  
Details: further collaboration and support in the process of developing solutions and standards

 
POTENTIAL OFFERED FOR FURTHER DISSEMINATION AND USE

results will be contributed to appropriate standards bodies; collaboration and support is welcome.

 
PROFILE OF ADDITIONAL PARTNER(S) FOR FURTHER DISSEMINATION AND USE

academic research intsitutions; network operators; service providers; application providers; major user community representatives.

 

Exploitation plans


CONFIDENTIAL
I am the Co-ordinator of the above project, and confirm on behalf of the contracted Partners the information contained in this Technological Implementation Plan, and I authorise its public dissemination.
 
Signature: Name:
Date: Organisation: