Project: Online Security with Offline Personal Authentication Devices
This project will develop OffPAD hardware devices and design OffPAD-based solutions that will ensure secure online interactions even in environments of vulnerable client platforms. The concept of the OffPAD (Offline Personal Authentication Device) is a physical device for managing credentials and enabling trusted online transactions. The OffPAD project will contribute to three important challenges in online transactions: security, usability and privacy._x000D__x000D_A paradox in today’s Internet computing is that we continue to build vulnerable client platforms while still expecting to have secure online interactions. There seems to be no solution in sight for building client platforms (PCs, tablets and Smartphones) that are highly robust against attacks and malware infection. This is because rapid innovation with increasing connectivity and functionality not only creates new business opportunities, but also a steady stream of new security vulnerabilities._x000D__x000D_The OffPAD project assumes that client platforms are and will continue to be vulnerable. Solutions for secure online interaction must instead be based on an independent secure OffPAD hardware device._x000D__x000D_The OffPAD enables users to manage all their online user credentials, as well as server certificate credentials of online services in a single device. The OffPAD can radically improve the security of online transactions in several aspects. It provides the basis for user friendly security and ensures trusted transactions that are immune to malware on open client devices. The OffPAD supports strong mutual authentication between user and service provider, supports data authentication and prevents phishing attacks, even in the presence of malware infected laptops or smartphones. The project builds on the results of the Lucidman project, EUREKA project 7161, which successfully demonstrated the novel security-usability concepts for online user authentication and service provider authentication developed at the University of Oslo and Ensicaen. _x000D__x000D_The OffPAD will be developed on the Taztag Hardware platforms, which offer contactless communication capabilities and the HW security environment suitable for an OffPAD device. The OffPAD will be prototyped as a standalone device and embedded in a smartphone. The embedded device will be a qualified candidate to meet the marked needs of ‘the secure smartphone’._x000D__x000D_The R&D will focus on the usability and security of user authentication, service provider authentication, data authentication and device integrity. Use cases will be taken from the markets of the project Ps, reflecting markets trends of increased mobility of online services (banking), interaction with eServices at physical locations (loyalty applications, POS) and changing working habits (nomadic workers, BYOD). The project will also develop solutions for enabling a user to manage multiple service providers' identities on the device. _x000D__x000D_Project background:_x000D_Through the Lucidman project, the consortium has successfully demonstrated a proof of the basic OffPAD concept. The Lucidman project lasted two years and had a total budget of €530.000 with six Ps. As a result of the Lucidman project, the Ps already have a well established working relationship. The research project has generated more than ten publications, two international workshops and two patent applications. The research has contributed to training of students at Ensicaen and the University of Oslo and has produced multiple Master theses and internships._x000D_ _x000D_Project consortium:_x000D_The business Ps are:_x000D_TazTag SAS, France (mobile secure hardware device manufacturer)._x000D_TellU AS , Norway (system provider and software development)._x000D_VallvI AS, Norway (business development in the security sector). _x000D_All business Ps are R&D-performing SMEs. _x000D_The academic Ps are :_x000D_Ensicaen , France (Greyc lab, e-payment and biometrics research unit). _x000D_The University of Oslo, Norway (The security and usability research units at the Institute of informatics). _x000D_The academic P’s field of expertise represent core competencies for the development of the OffPAD concepts. _x000D_
Acronym
|
OffPAD
(Reference Number: 8324)
|
Duration
|
01/09/2013 - 30/08/2016
|
Project Topic
|
The OffPAD project assumes that client platforms will continue to be vulnerable to malware infections, so that the security of online interactions must instead be based on independent secure devices such as the OffPAD. This project aims at building online security solutions around the OffPAD device.
|
Network
|
Eurostars
|
Call
|
Eurostars Cut-Off 10
|
Project partner