Research Projects
"Without the Devil, God would be jobless"


GridTrust (STREP Project - EU Funded)
The overall objective of the GridTrust project is to develop the technology to manage trust and security for the Next Generation Grids (NGG). We propose to have a vertical approach tackling issues of trust, security and privacy (TSP) from the requirement level down to the application, middleware and foundation levels. Our emphasis is on models and tools to assist in reasoning about trust and security properties along the NGG architecture.
The main output of GridTrust is a framework consisting of: (1) a methodology and an interactive execution environment that will help Grid service requestors and providers to express and reason about trust, security and privacy properties for different kinds of virtual organisation (VO) topologies, taking into account aspects such as self-organisation, self-management, self-adaptation and evolvability; (2) a reference Grid Security Architecture, including an autonomic policy management for fine grained usage control of Grid resources; and (3) an open source reference implementation of trust and security management systems, validated by scenarios in the business domain.
The resulting tools will be of a generic nature and will be validated on innovative applications from different application sectors. The tools will not be specific to the applications considered in the GridTrust project. The tools will be compliant with the Open Grid Services Architecture (OGSA).
S3MS: Security of Software and Services for Mobile Systes (STREP Project - EU Funded)
The objective of S3MS is to create a framework and a technological solution for trusted deployment and execution of communicating mobile applications in heterogeneous environments. S3MS would enable the opening of the software market of nomadic devices (from smart phones to PDA) to trusted third party applications beyond the sandbox model, without the burden of roaming trust infrastructure but without compromising security and privacy requirements.
The new paradigm will not replace, but enhance today's security mechanism, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed.
SKI: Symmetric Key Infrastructure
SKI is a symmetric key infrastructure based purely on symmetric key algorithms. This makes SKI especially appropriate for resource constrained devices such as those used in mobile ad-hoc networks (MANET). SKI's Authentication Server does not have to be online, unlike other symmetric key authentication protocols such as Kerberos. This makes SKI intrinsically resistant to Denial of Service attacks. Other features of SKI include support for a key update mechanism and key revocation. SKI seems especially well suited for applications such as MANET and peer-to-peer networks.
One-Time Sensor Network Security
The low-cost large scale sensor networks are proposed as an effective and economical solution to problems such as monitoring of national borders for illegal immigrants, monitoring large forest areas for wildfires, secret observation of a large battlefield for enemy movements, unobtrusive monitoring of a sensitive ecological system spread over a wide area, etc.
Some of the proposed applications require security against attackers that may attempt to subvert or destroy the network.The VU computer and network security research group has developed the concept of one-time sensors to counter some of the toughest security threats against low-cost sensor networks.
Turtle (NLnet Funded)
What is Turtle? A peer-to-peer architecture for safe sharing of sensitive data. The truly revolutionary aspect of Turtle rests in its novel way of dealing with trust issuses: while existing peer-to-peer architectures with similar aims attempt to build trust relationships on top of the basic, trust-agnostic, peer-to-peer overlay, Turtle takes the opposite approach, and builds its overlay on top of pre-existent trust relationships among its users. This allows both data sender and receiver anonymity, while also protecting each and every intermediate relay in the data query path. Furthermore, its unique trust model allows Turtle to withstand most of the denial of service attacks that plague other peer-to-peer data sharing networks.
This project aim to address the security issues of Globe. Globe is a very large, highly distributed and replicated system based on the basic concept of distributed shared objects.
RFID Guardian within the UbiSec Project (NWO Funded Project)
The RFID Guardian Project is a collaborative project focused upon providing security and privacy in Radio Frequency Identification (RFID) systems. The goals of the project are to: 1) investigate the security and privacy threats faced by RFID systems, 2) design and implement real solutions against these threats, 3) investigate the associated technological and legal issues. The namesake of the project is the RFID Guardian: a mobile battery-powered device that offers personal RFID security and privacy management. One the focuses of the project is to build an RFID Guardian prototype.
RFID Viruses and Worms within the UbiSec Project (NWO Funded Project)
RFID systems as a whole are often treated with suspicion, but the input data received from individual RFID tags is implicitly trusted. RFID attacks are currently conceived as properly formatted but fake RFID data; however no one expects an RFID tag to send a SQL injection attack or a buffer overflow. In this project, we demonstrate that these assumptions are dangerous and can lead to unsecure RFID systems subject to viruses and worms as any other computer system.
(NWO funded project, in collaboration with CWI and Twente Univ.)
More complex negotiation and payment scenarios for e-commerce are needed for new applications in emerging new scenarios (i.e. mobile ad-hoc networks, sensors networks, ambient intelligence, etc.) . Accountability as a foundation for building trust is a crucial factor for determining the success of these services. This research proposal aim to design new protocols for electronic negotiation and payment in the emerging and challenging scenarios of ubiquitous computing, and to develop and implement a tool for the specification, prototyping and verification of those protocols. The project will focus on accountability of trusted third parties, non-repudiation, fairness, delegation protocols and multicast protocols.


SecurE-Justice (STREP Project - EU Funded)
This project concerns the design and development of innovative secure technologies to be embedded in a distributed environment communication and collaboration framework to be implemented within the judicial multi-sited organisations domain. SecurE-Justice system will therefore enable the judicial co-operation process management in compliance with security requirements and trust and confidence needs. The project idea originates from a fact: public administrations being multi-site and having to deal with distributed process management, expressed their needs in terms of security compliant systems and ask for a global security management framework enabling secure collaboration and cooperation environment.
EXaMINE aims to develop information technology to improve the security of the European Power System (EPS), so as to establish the basis for a real time control strategy to be adopted European wide. EXaMINE will design, prototype and test a novel monitoring system supporting the EPS control centres; this system will allow to develop and test automatic control schemes in the context of highly disturbed conditions, so as to avoid large scale interruptions of service. The final objective is to maintain current security standards of national electric systems (related to continuity and quality of power supply) in the future scenario of a fully interconnected European electric grid with heavy loaded transmission lines. The field test will be done with the cooperation of the System Operators that support the project. The payback of the project will be obtained by allowing more freedom to the electricity market maintaining the security of the EPS.
E-Court (STREP - EU Funded)
The e-Court project primarily aims at:
1) Acquiring, storing and exchanging standard electronic-based information (audi o/video/text documents) among the European Justice community.
2) Providing a flexible multilingual information retrieval system, which will support judges, prosecutors, and lawyers in their daily activities.
By defining this common framework, the project partners hope to be able to contribute to normalisation, standardisation, interoperability, and global convergence in the public administration. Public access to judicial information will be ensured by providing a user-friendly and effective Web tool.
Multimedia Multicast Security Project
The scope of this research is to study and apply security algorithms and techniques to the transmission of multimedia streams in a multicast environment. We are experimenting novel security techniques with multicast software applications. These tools comprise a session directory (for the announcement and reception of these announcements relative to multicast transmissions), a video conferencing tool, an audio tool, a shared whiteboard and a shared text editor. To test the functionalities and the efficiency of the software tools, the Computer Science Department has been connected to the MBone (the Multicast Backbone), a network overlayed to the Internet with multicast capable islands connected by tunnels.
TrustWeb (Infosec - EU Funded)
As member of the Security Group at the University of Cambridge he has participated to the Infosec project: TrustWWW, sponsored by the European Union. The aim of the project was to review the current security of WWW, provide an overview of new WWW relevant technologies and assessment of their impact on security and investigate the mutual impact of the envisioned European Trusted Services and WWW.
Certification Authority of the University of Turin, Italy
As member of the Security Group at the University of Turin he has contributed to set up the digital certification infrastructure used to support students and teaching activities as well as administration procedures for the whole University (4000 employers, 70000 students and 100 organisational units). The infrastructure is currently in use.
ProCheck 1.0
is a public domain implementation of a proactive password checker for several Unix platform and Window NT.
is a cryptographic tool that provides confidentiality and authentication using PGP 2.6.3i. ACT can support Triple DES and SHA-1 instead of IDEA and MD5.
Secure World Wide Web Transaction is a "proof of principle" software showing that it is possible to have secure WWW transactions without changing the browser, without changing the HTTP protocol, without changing the socket layer, all is done with Java applets and application processes to be installed on the client and on the server.

Last update 25th September 2006
Please e-mail any comments to Bruno Crispo