Proposal for Sentinels II DRAFT. Herbert Bos, Sandro Etalle, Erik Poll. January 12, 2011

Transcription

1 1 Management Summary Proposal for Sentinels II Herbert Bos, Sandro Etalle, Erik Poll January 12, 2011 Security in our ICT-dependent world is crucial not just to protect Dutch society from cyberattacks, but also to create jobs and income in an important growth sector. In addition, investing in security expertise provides strategically essential knowledge needed by decision makers to act wisely in insanely complicated and sticky cases like new passports and online IDs, e-health, cybercrime, -espionage and -warfare, public transport, smart cars and roads, critical infrastructure, smart phones, etc. In this document, we propose an ambitious new research programme to raise ICT security expertise in the Netherlands to world class level and involve industry in the process. Context ICT technology permeates every aspect of our daily lives. It provides a foundation for social interactions, economic activities, and dealings with the government, transforming our society in fundamental ways. As the country with the highest broadband Internet penetration in the world, the Netherlands is on the forefront of global developments. As our reliance on the ICT infrastructure increases, so do concerns about its security. With the growing complexity of ICT systems, vulnerabilities are harder to avoid, especially in the face of ever more sophisticated and determined attackers: the increasing commercial interests already attract cyber-criminals, the increasing strategic interests may attract cyber-terrorists. The security issues are no longer limited to traditional computer systems (like PCs). Rather, they surface everywhere. From electricity and water supply systems, to the health service, from public transport to smart cars, from implants to supply chains, and from banking and logistics to the emergency services. The European Commission estimates that the cost of cybercrime in the EU already exceeds that of drug trafficking Eurotribune.eu (2010). As we cannot afford to let cyber criminals erode the trust we and others have and need to have in the ICT infrastructure, we need to take action and improve security. Trust is a conditio sine qua non for normal economic transactions and inter-human communication. It is at the core of social order and economic prosperity. In an increasingly ICT-dependent world, trust is provided by security. Aims and Objectives Sentinels II is a new programme that builds on the success of Sentinels I, which catalyzed ICT security research in the Netherlands. Sentinels was instrumental in creating the vigorous ICT security community the country enjoys today, a community in which universities, knowledge centres, companies and government collaborate. Valorisation of Sentinels research is already taking place in start-ups, patents, adoption of solutions in production, and various other ways. When Sentinels I started, the ICT security community in the Netherlands was fledgling and scattered. Small groups worked on small problems and the impact was small. The programme therefore devoted much effort to creating the conditions for a thriving ICT security community 1

2 that spans universities, industry, government, and other organisations. It was very successful: collaboration, researcher mobility, and impact increased tremendously. Now is the time to harvest, to start a new Sentinels II initiative to capitalize on the fertile ground provided by its predecessor: ˆ Stimulate the Dutch security economy. Example: the first round of Sentinels I projects already showed that one in three projects results in a patent and one in three in a spin-off or start-up company. ˆ Strengthen and broaden Dutch security research by fostering cooperation. Example: Sentinels I already led to new university chairs in security, mobility of researchers between industry and universities, and a huge impact of Dutch ICT security research. ˆ Improve the security and trustworthiness of the ICT infrastructure. Example: solutions developed in Sentinels I already protect live production system today. ˆ Prepare for the security challenges the Netherlands of 10 to 20 years from now. Example: Sentinels researchers already advised the government on a wide range of issues like new passports, RFID, public transport cards, etc. To achieve its goals, Sentinels II will improve the coherence and collaboration of research efforts. Doing so is essential to address the security challenges of the future and to keep and attract more R&D investment to the Netherlands. There is a potential for tremendous benefits by bringing together the different sectors and stakeholders: government, industry, interest groups and universities. The programme will therefore fund research programmes that involve universities and industry. In addition, it will establish a think-tank to advise about important security issues. Focus In line with recommendations of the EU advisory board on Research & Innovation on Security, Privacy, and Trustworthiness in the Information Society (RISEPTIS, 2008), Sentinels II will focus on two areas: Security and Trust of Citizens This includes privacy protection, security of mobile services, data and policy management, and accountability. Security and Trustworthiness of Infrastructure This includes malware detection and removal, intrusion detection and prevention, trustworthiness of networks and hardware, software security, security of SCADA systems, and secure operating systems. The set-up of the programme is based on the successful model established during Sentinels I. In particular, we want to ensure industry participation in joint projects will be no less than 35%. This is a realistic target (by fine-tuning the procedures for joint projects, Sentinels I managed to raise industry participation to 32% in the second half of the programme). In addition to the funding, Sentinels II will set up a think-tank of security experts that tracks trends in ICT security and offer advise on how to deal with them. The programme is managed by the Technology Foundation STW, where a Program Office supports a board with the daily management. A Steering Group contains representatives of the various funding agencies, and a larger Programme Committee gathers representatives from industry, government, universities, and other knowledge centres. 2 Introduction The Netherlands is at the forefront in using modern ICT. For instance, the Netherlands has the highest broadband penetration in the world 1, and has the best quality broadband, beating 1 With 37.1 broadband connections per 100 people. Source: OECD.org. 2

3 even Japan and South-Korea (Telecompaper, 2009). The Netherlands is an early adopter of ICT solutions with high social impact, like e-health, DigID, and ambient intelligence for elderly people. Today, the daily life of millions of Dutch citizens is dependent on a critical infrastructure consisting of interconnected industrial control systems (and SCADA systems); we are also witnessing the exploding use of wired and wireless embedded systems in modern cars. All these developments are enlarging dramatically the footprint that ICT has on our daily lives, making security of and trust in the ICT infrastructure a priority to guarantee the economic and political stability of our country (RISEPTIS, 2008; Forward, 2009). Before 2003, in the Netherlands there was little academic research in the field of security. (Essentially, apart from a cryptology group at the TU/e, there were just some individual researchers at a handful of universities.) Also, there was little cooperation between universities, and very little technology transfer from the universities to the industry. Now largely thanks to Sentinels I the situation has radically changed: many Dutch universities have research groups working on computer security and universities, other knowledge centres and industry intensively cooperate on collaborative projects. The Netherlands have acquired a prominent place in the international security community, presenting their work in the highest-impact journals and venues, and research results regularly attract the attention of the media national and sometimes international. Moreover, the Netherlands has a healthy high-tech security industry. Still, the number and importance of security challenges is growing, not diminishing. In the words of Viviane Reding, Vice-President of the European Commission (RISEPTIS, 2008): Uncontrolled technology development and innovation can lead the Internet and the Web to become a jungle; where trust is lost, crime and malfeasance rise and each individual is forced to defend themselves with limited tools. At the same time, policy development without awareness of technology development and trends will choke innovation and economic growth. According to a recent EU report on managing emerging threats, the functionality of the ICT infrastructure has outgrown its initial goal, that of transferring information between distant sites. We now expect it to transfer trust and to operate in new critical areas. (Forward, 2009). As a result, we see increasing dependence of economic and political stability on the infrastructure in general and its security and trustworthiness in particular. This in turn, makes the ICT infrastructure a more attractive target for criminals and terrorists. We must meet these security challenges to safeguard trust and stability. Among experts, there is broad consensus about the importance and urgency of this goal. One of the main challenges mentioned in ICT2030.nl, the research agenda for the coming decades produced by ICTRegie (IPN, 2009) is precisely increasing confidence in the ICT infrastructure. A new Sentinels programme will address these challenges. Also, it will reap the benefits from Sentinels I by fostering more collaboration between industry, government bodies, universities, and other knowledge centres, providing the foundation of continued growth of an increasingly important commercial sector, and maintain and even strengthen the leading role of Dutch research institutes in the area of ICT security. But most importantly, the proposed Sentinels II programme is needed to ensure the security and trust of citizens and the trustworthiness of the country s ICT infrastructure. An important role will be played by a new think-tank on security issues that will track and advise on important trends in security-related issues, Outline of this document/roadmap [If the organisation of the document is still diffuse, I suggest, we explicitly explain how the remainder of the document is organised (if not, we can drop this subsection). HJB] 3

4 Cyber warfare: or how a digital bomb targetted Iran s nuclear programme Up until the summer of 2010, the threat of cyber warfare was not considered too serious a threat that would perhaps emerge in the future, but not just yet. Sure, some used the term to refer to the Russian cyber assaults on Estonia in 2007 and on Georgia in 2009, but experts agreed that it was a misnomer in both cases. While the incidents were serious, they were hardly the result of a serious, advanced, state-sponsored attack. More like a large number of disgruntled citizens participating in low-tech assaults. All this changed in June 2010, when a security firm in Belarus discovered a highly sophisticated worm that infects and reprograms industrial systems. The worm, popularly known as Stuxnet, is dubbed the most sophisticated virus ever written. It is not just any old virus: it targets very specific sites like that of critical infrastructures mainly in Iran. According to news reports the infestation by this worm might have damaged Iran s nuclear facilities in Natanz and eventually delayed the start up of Iran s Bushehr Nuclear Power Plant. Most experts agree that Stuxnet is a cyber weapon probably created by a technologically advanced nation state. For instance, Kaspersky Labs concluded that it could only have been created with nation-state support, making Iran the first target of real cyber warfare. The attack is incredibly sophisticated. Initial infection occurs via USB sticks. This may not sound terribly sophisticated, but it is actually a very clever idea, since it allows attackers to infect machines that are protected by firewalls, and even those that are not connected to the Internet at all. Next, it spreads to other Windows machines on the same network as the initial victim. Why is Stuxnet so frightening? Well, the first thing that is unusual about this attack is the number of completely new, unknown attack vectors (so-called zero-day Windows exploits ) employed by Stuxnet. Such exploits are highly valued by attackers and it is rare to see them waste more than one zero-day exploit in a single attack. Stuxnet has four. Second, it loads (driver) software into the very heart of the victim systems. The Windows operating systems is actually fairly careful about loading software in its most privileged levels the only way to do so without raising suspicion is by making sure the code is signed by a trusted vendor. The digital certificates used for this purposes are typically well-guarded secrets, but Stuxnet uses two compromised digital certificates to do so. Finally, the attack spreads and looks for specific machines that control industrial systems. Industrial control systems consist of Programmable Logic Controllers (PLCs), which can be thought of as minicomputers that can be programmed from a Windows system. These PLCs contain special code that controls critical processes like the machinery in a plant or a factory. Again, even if these systems are not on the network, Stuxnet may well reach them using the USB flash drives. Incredibly, Stuxnet reprograms the programmable logic controllers (PLCs). Not just that, but it uses rootkit tricks to hide the changes. In the words of Jarrad Shearer of Symantec: Stuxnet isn t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC. At the time of writing, it is still unclear exactly what the effects are of the modifications in the PLC code. It is likely that we need the exact details of the industrial system to find out. This brings us to a final interesting issue. To pull this attack off, the developers must have had very detailed knowledge of the targetted systems a complex and costly affair. More than anything, Stuxnet has taught us that cyber warfare is real now. 4

5 3 The Sentinels II vision Our vision is two-fold. Firstly, that we can make the damage caused by security incidents decrease as the use of computers and networks increases. To realize this vision, we need game-changing research. Continuing business-as-usual (patching our software, or adding yet another anti-virus solution) does not suffice. Especially in a highly advanced industrial, trading and services nation like the Netherlands, technological innovation in security and privacy is vital to support activities such as industrial production, banking and commerce. Secondly, we believe that the Netherlands should develop a strong security sector which will contribute not just to responding adequately to security incidents, but also to the Dutch economy: creating a profitable industry and employment for highly skilled workers. For this, we need to involve industry and valorize the solutions developed in research. In the remainder of this section, we outline the scope, focus and specific objectives of the Sentinels II programme. 3.1 Scope: ICT Security ICT security is a broad area spanning many domains from cryptology to forensics, from secure design to attack detection, from information flow control to identity management, from malware analysis to the underground economy. It is not only concerned with the run-of-the-mill PCs and laptops that we use at home or in the office. It increasingly concerns embedded computer technology in devices used in everyday life, such as identity and credit cards, mobile phones, cars, or buildings. It also concerns computers that behind the scenes control the infrastructure that our society relies on, such as gas and water, the internet, the GSM network, or the electricity grid. Indeed, security is a multidisciplinary field that has to take into consideration also legal and societal aspects. Overlapping areas are those of dependable systems and of engineering of safety-critical systems, which employ similar methods and technologies. Technically, the scope of Sentinels is security of computer systems and network infrastructure. Security, in turn, is a property of ICT, networks and information systems to keep functioning correctly in the face of malice, error or mischance (Anderson, 2008). For Sentinels, malice is the operative word. Error and mischance refer to attacks arising out of ignorance or bad luck. In a nutshell, the focus of Sentinels II is on security against deliberate attacks, rather than failures due to errors and mishaps. These last two concepts are covered by the related (and even wider) domain of dependability. In the main, security encompasses three important aspects: 1. confidentiality: we should ensure privacy-sensitive information does not leak, 2. integrity: likewise, we should prevent sensitive information from being modified by unauthorized parties, 3. availability: systems should stay up, even when under attack. 3.2 Focus Sentinels II focuses on two application areas that are directly linked to the main economic drivers and where most of the increase in the use of computers and networks will arise: Security and Trust of Citizens The society of the future will move ever further towards a world where citizens access, store, and provide personal information in electronic format. For instance, e-health is likely to play a growing role in the aging population, both to offer better service, and to reduce costs. However, medical information is extremely sensitive and citizens are, quite understandably, worried about unauthorized access to and misuse of such information. For this reason, Sentinels II focuses on privacy protection, security of mobile services, data and policy management, and accountability for the citizen. 5

6 Security and Trustworthiness of Infrastructure In addition, it is important to protect the vital ICT infrastructure so that it can be relied upon not just by citizens, but also by industry and government bodies. Sentinels II will stimulate research in attack detection, prevention and analysis, malware removal, security of critical infrastructures and Industrial Control Systems (e.g., SCADA), design of hardened and secure systems, and secure network services. 3.3 Objectives Sentinels II has the following objectives: To boost the Dutch security industry The IT security market is growing more rapidly than most other markets and has kept growing even during the crisis years (MarketSearch.com, 2010). Sentinels I has made a successful start in strengthening and bringing together different players. For instance, several new companies and spin-offs (e.g. Priv-ID, Security Matters) sprang up. The Netherlands is now ready to take advantage of the knowledge built in the last years to realize a technology transfer that will help new and small enterprises to grow beyond the national boundaries and large enterprises to consolidate their position. Success criteria: at least one third of all funded projects should result in a patent, spin-off or valorisation. To improve and consolidate research strengths There is a potential for tremendous benefits by bringing together different sectors and stakeholders. Currently, a lot of our research efforts are still fragmented. For instance, many universities have security research programmes, but security initiatives are also taking place in many of the Ministries, in industry (in many different sectors), as well as in many Dutch interest groups. Of course, there is also a large international community with which sentinels liaises, for example though collaborations in the European 7th framework program. Success criteria: at least 35% involvement of industry and an average of at least 3 publications per project in leading scientific venues. To improve the security of the Dutch citizens and companies Trust and security are not just nice artifacts: they are essential for many economic activities in the digital age. At the moment, our ICT infrastructure is far from secure. The European Commission recently estimated that the cost of cybercrime in the EU, at 750 billion euro annually, vastly exceeds drug trafficking and is equivalent to 1% of global GDP (Eurotribune.eu, 2010). Unfortunately, the Netherlands is currently ranked ninth on the list of top countries of origin for web-based attacks (Symantec, 2010). As we cannot afford to let cyber criminals erode the trust we and others have in our ICT infrastructure, we need to take action and improve security. Ultimately, the main beneficiaries of the Sentinels program are the Dutch citizens and companies who will enjoy a better organized handling of their legitimate security and privacy concerns in communication and transactions. This in turn will also contribute to an improved economic performance of the Netherlands. Success criteria: at least one in three projects should lead to a mature prototype product that is adopted to protect live systems that handle real user data. Prepare the Netherlands for the security challenges of 2030 As documented in Obama s 60 Day Cybersecurity Review (White House, 2009) and in Kroes Digital Agenda for Europe (European Commission, 2010), fighting cybercrime and cyberwarfare are considered key challenges for the Western world for the years ahead (see also (Deloitte, 2009)). The security field is changing rapidly, and the security issues that so far arose mainly in traditional PCs, servers and laptops, have started to surface in high-impact systems like energy production and supply systems, water and food production and supply, the health service, transport and logistics, the emergency services, communication, etc. Moreover, as government agencies are only now starting to realize, our critical infrastructure is extremely vulnerable to 6

7 cyberattacks, our agencies are plagued with malware and we know too little to be able to counter effectively sophisticated targeted attacks. Facing these challenges requires greater and wider security awareness and expertise, which cannot simply be bought abroad. It must be developed locally, at various levels. Success criteria: the Sentinels II organisation will establish a think-tank of experts from universities, industry and government to advise the government about hot security-related issues; the think-tank will produce a report advising its stakeholders about areas of future threats that require more research. At least one report will be produced for each of the Sentinels II programme. Like its predecessor, Sentinels II aims to make computer and information systems and networks more secure. This includes traditional computing systems such as PCs and corporate networks, but also hand-held devices and embedded systems, and wireless and on-chip networks. This is done by developing knowledge, developing competence core areas, creating and expanding networks, and by disseminating and anchoring the knowledge resulting from the program. 4 Context This chapter describes the context for the Sentinels II research programme. It presents some of the existing and future challenges and opportunities within the scope of Sentinels. We also make an inventory of key players involved in ICT security research in the Netherlands, at knowledge centres and universities, private companies, and in government. 4.1 Economic and Societal Importance The exploding use of ICT technology, especially thanks to internet, brings important benefits and opportunities to companies, government, and citizens. Our society relies on ICT, as does our continued economic prosperity. Economic activities either use ICT, or directly concern ICT, or both. Our reliance on ICT technology and internet will only increase for the foreseeable future. This also brings new risks, as the very connectivity and flexibility that makes the technology so powerful and useful can also be abused. The economic cost of ICT (in)security problems is growing rapidly. In the past, hackers used to be hobbyists exploiting security weaknesses for fun or glory or in acts of digital vandalism. Nowadays, hacking is are part of well-organized international crime. This has given rise to a large underground economy, where people trade security exploits and malware, sell control over vast numbers of hacked machines (the so-called bot-nets), and sell stolen data, such as credit card numbers. The Netherlands plays an important role in this underground economy, and is currently ranked ninth on the list of top countries of origin for web-based attacks (Symantec, 2010). As an example, in 2008 a Dutch hacker was arrested when trying to sell a botnet of 100,000 computers for 25,000 to a Brazilian intermediary 2, which also illustrates the international scale of this underground economy. The cost of skimming cloning of bankcards by criminals for Dutch banks was 36 million euro in 2009 and involved some 61,000 bankcards 3. In response, banks have taken steps to quickly phase out magnetic stripe bankcards in favour EMV-compliant smartcards by 2011, 2 years ahead of the original schedule. In response to phishing attacks targeting internet banking, the Dutch banks have also funded campaigns to raise public awareness (e.g. New applications of ICT technologies create new problems. The huge rise of social networking sites introduces new risks to security and privacy. For example, in december of 2009 the Dutch Telecom watchdog OPTA issued its first fine for spam sent out via Hyves 4. According to the OPTA, 96.4% of all Dutch traffic was spam in September 2009, breaking the earlier record of 96.2% dating from March 2009 (OPTA, 2009) Source: Nederlandse Vereniging van Banken,

8 The annual trend report by Govcert.nl (Govcert, 2010) shows that overall internet security seems to be deteriorating: home users are still easy victims and the loss of personal information is a structural problem. The percentage of trojans devised specifically to steal personal information has more than doubled in 2009 (Govcert, 2010). According to Verizon s annual Data Breach Investigation Report (Baker et al., 2009), the number of personal records stolen in 2008 from companies was an astonishing 285 million. This exceeds the combined total of the same report from 2004 to 2007, indicating that the trend is exponential. Malware is increasingly used for targeted attacks, aimed at a specific company or even a specific employee there, usually companies dealing with sensitive information, such as banks. This trend has been signalled in the Netherlands in the OPTA s annual report over 2009 (OPTA, 2009), and is confirmed in international reports. For instance, in a 2010 survey by McAfee (Baker et al., 2010) more than 50% of the executives reported being the target of infiltrations by high-level adversaries. Worries about ICT security go beyond the standard use of internet. ICT technology is also used in industrial systems for process control, so-called SCADA systems, for instance to control critical infrastructures such as the electricity network or water supply. At the request of the National Cyber Crime Infrastructure (NICC), TNO has already developed SCADA security good practices for the drinking water sector (Luiijf, 2008), and in the summer of 2009 GOVERT.NL issued its first security factsheet 5 warning about malware that specifically targets SCADA systems. Security successes and failures in the (semi)-public sector. Some of the big security initiatives in the public sector show how things can go right or wrong. The introduction of the electronic passport has seen a lot of close colaboration between the Ministry of Interior, the academic community, and the Dutch security industry, resulting in a strong security of the Dutch passport. Dutch industry NXP supplies hardware for many identity cards around the world and, and passports of several other countries are produced in the Netherlands by Morpho (formerly SDU identification). The ov-chipkaart was introduced without any cooperation with the academic community, resulting in some terrible choices. The sector has learned from this and now keeps in close contact with the wider community via the e-ticketing forum. The electricy sector has learned from this and has been cooperating with academics from an early stage in the introduction of smart electricity meters. As a consequence, the Netherlands is now regarded as a thought leader in Europe on issues of security and privacy for smart electricity meters. Challenges Ahead Cybersecurity is high on the agenda in both the US and the EU: as stated in the EU s Digital Agenda for Europe (European Commission, 2010), Europeans will not embrace technology they do not trust, and two of the key actions have to do with security and fighting cyberattacks. In his 60-days Cybersecurity Review (White House, 2009), U.S. president Obama stated that without major advances in the security of these systems [the Nation s digital infrastructure] or significant change in how they are constructed or operated it is doubtful that the U.S. can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations. Moreover, the U.S. President designates cybersecurity as one of the presidency s key management priorities. In its annual trend report (Govcert, 2010), GOVCERT.NL has signals that hacktivism has become a standard component of ideological conflicts. It is clear that future conflicts will involve cyber-warfare and cyber-attacks

9 In 2010, the European FORWARD initiative 6 released its White Book of Emerging ICT threats (Forward, 2009). One of the main goals of FORWARD was to identify future threats to the security of the European ICT infrastructure. The Top-5 threats identified by FORWARD are: 1. Threats related to parallelism, with the rise of multicore processors and distributed systems. 2. Threats related to scale, both in number of devices and the size and complexity of their software. 3. Underground economy support structures: Many attacks on the Internet are driven and fueled by a thriving underground economy. Unfortunately, the mechanics of the underground economy and its support structures are poorly understood. 4. Mobile device malware: Mobile device malware will become mainstream. Unfortunately, mobile devices are constrained, both computationally and because of power limitations, making it hard to deploy costly, traditional anti-malware techniques. As a result, better malware defences are needed for mobile devices. 5. Threats related to social networks: Social networks are regularly used by hundreds of millions of users who provide a wealth of private information online that could be abused. Priority areas for research pointed out by FORWARD to address these threats were: Protection of systems that are difficult to build, manage, and understand due to their scale and complexity (which includes large-scale mobile systems), protection against malicious code (malware), and protection against threats that compromise users privacy, particularly those on online social networks. 4.2 Opportunities in ICT Security The ICT sector plays an important role in the Dutch economy. A 2010 survey (Dialogic, 2010) indicates that just the software sector contributes 24.3 billion euro, or 3.8% of GDP, to the Dutch economy and provides 192,000 jobs, of which 14,000 in research and development. Note that the ICT sector is much broader than just the software sector. According to (Dialogic, 2010) off-shoring and out-sourcing plays a marginal role, and the Netherlands exports 1.9 billion euro of software, primarily to Western Europe. R&D expenditure in the ICT sector is high compared to other sectors in the Netherlands (CBS, 2009). R&D-investments in the ICT sector are among the fastest growing of all sectors in the EU and world-world 7. As noted in (European Commission, 2008), a strong research base and effective knowledge transfer are essential for keeping or attracting more R&D activities, especially in a global economy where R&D activities seem to move to Asian and South American countries with good innovation systems and close relations between companies and knowledge institutes. First and foremost, a well-developed security sector contributes to economic growth and employment. In addition to security-related activities in multinationals like Philips and Shell, Netherlands already hosts several large security companies such as Chess, Collis, Fox-it and Irdeto. Section will highlights how the previous Sentinels program directly contributed to new economic activities, for instance in the form of start-ups and spin-offs. Second, a deep knowledge of security in combination with an accurate appraisal of the situation in the Netherlands is crucial for decision makers, the legal sector, and policy makers. These entities benefit from resident experts who offer advise and set agenda s for funding, law making, legal rulings, etc. A lack of domestic expertise in these matters makes a country vulnerable and dependent on foreign parties following, rather than leading in the field. Moreover, security concerns are often partially culturally defined. For instance, the way Dutch citizens regard privacy may differ from citizens of other countries. These differences have huge Source: 9

10 implications for policy measures and regulations, and often determine the success or failure of strategic decisions. It is easy to find case studies to illustrate this point: the EPD ( Electronisch Patienten Dossier ), the electronic passport, and the public transport chip cards, are just three out of many highly visible examples. Indeed, the Dutch government itself is increasingly often relying on expertise of university researchers, consulting them on such issues as voting machines, GSM security, electronic access cards for civil servants and military personnel, electronic passports and driving licences, DigiD, the Elektronisch Patienten Dossier (EPD), the ov-chipkaart, smart electricity meters, roadpricing, storage of biometric data, and even for updates of the Constitution 8 that is underway (e.g., to define freedom of the printing press in an up-to-date or technology-neutral manner). 4.3 The ICT security research community in the Netherlands Below we present an inventory of the main actors in security research in the Netherlands, in industry, knowledge centres, and government agencies. Universities Security research at universities in the Netherlands mainly takes place at the 7 universities listed below, and scientific research centre CWI. ˆ Eindhoven University of Technology, TU/e (Tilborg, Etalle, Lange, Schoenmakers) Security research in Eindhoven is carried out by EIPSI (Eindhoven Institute for the Protection of Systems and Information), which was formed in 2007 from the Coding and Cryptology group in Mathematics and the recently established Security group in Computer Science. Prof. van Tilborg s has a long-standing international reputation in coding and cryptology. The Security group in Computer Science headed by Prof. Etalle looks at a broad range of issues, including trust and identity management and security of embedded systems. ˆ Twente University, UT (Hartel, Kargl, Wieringa) In the Computer Science Department, the Distributed and Embedded Security research group (DIES) headed by prof. P. Hartel carries out research into the analysis and design of secure distributed and embedded systems. The research considers at a variety of applications, ranging from smart guns, via smart surroundings to smart homes and vehicles. The Electrical Engineering department has a successful research group that focusses on biometrics (Veldhuis, Slump). ˆ Radboud University, RU (Jacobs, Hoepman, Poll) The Digital Security founded by prof. B. Jacobs in 2003 has quickly grown to one of the largest in the Netherlands. The group carries out research into security protocols and applied crypto, smartcards and RFID, and software security. Research in the group ranges from very applied and practical work (e.g. into RFID systems and GSM) to more societal aspects of security, especially in the area of privacy. Under the flag of LaQuSo, a collaboration with the TU/e, the group carries out a lot of security consultancy, especially for branches of the Dutch government, on topics such as electronic passports, broader identity management, and electronic roadpricing. ˆ VU University Amsterdam (Tanenbaum, Bos, Crispo) The VU has two closely collaborating security groups: one led by prof. Tanenbaum and one led by dr. Bos. The Systems and Security group headed by prof. Tanenbaum, KNAW professor and winner of an ERC Advanced Grant, carries out work on secure operating 8 by 10

11 systems. His group also carries out research on Security Protocols (dr. Crispo) and RFID (dr. Rieback). The group led by Bos works primarily on systems security, detecting and fingerprinting attacks at the lowest layers: the kernel, or even the (emulated) hardware. Their Argos honeypot system used by many organisations around the world. The current research focus lies in the protection of mobile devices, retrofitting security on legacy binaries. In 2010, dr. Bos won a European ERC Starting grant to start a new team on the topic of reverse engineering. Also at the VU, in the Theoretical Computer Science prof. Fokkink carries out security research into protocols and distributed algorithms. ˆ Delft University of Technology, TUD (Lagendijk, van der Lubbe, Brazier) In the Information Security & Privacy Lab of the TUD, the group of prof. Lagendijk carries out research into multimedia content security (fingerprinting, watermarking, secure signal processing). Research in this group led dr. van der Lubbe focuses on cryptographic techniques for security and privacy. Research on mobile agent systems in the Autonomic Systems group led by prof. F. Brazier includes research on security, privacy and anonymity. ˆ Centre Mathematics and Computer Science, CWI (Cramer) The Cryptology and Information Security group at CWI headed by prof. Cramer carries out research in cryptography, cryptanalysis, and applications to information security. This includes research on public key infrastructures, secure computation, post-quantum security, leakage-resilience, quantum cryptography, and number theory. ˆ University of Leiden, UL (Lenstra, Zwenne) At the Mathematical Institute the Number Theory and Algebra headed by prof. Lenstra carries out more fundamental research on cryptography. In the Faculty of Law, the e-law institute carries out research into the role of the law in the information society. ˆ University of Amsterdam, UVA (de Laat) The System and Network Engineering Science group of prof. C. de Laat carries out research on optical networks and generic AAA (Authentication, Authorization, Accounting) architectures for the Grid. The group is also active on research on data privacy and security, and has for instance investigated the proposed Dutch scheme for electronic health records (EPD). ˆ University of Tilburg (Prins, Koops, Leenes) The Tilburg Institute for Law, Technology, and Society (TILT), part of the Faculty of Law, carries out research at the crossroads of technology, society and law, especially technology regulation. Much of the research of TILT touches on ICT, on issues such as e-goverment, privacy, cybercrime, and intellectual property rights. Attention to computer security at universities is still growing. For instance, in August 2010 the Open University appointed prof. W. Stol, head of the research programme Police and ICT at the Dutch Police Academy, to a new chair on cybersafety. Other Knowledge Centres Apart from the universities, TNO and Novay (formerly the Telematics Institute) are important knowledge centres for ICT security research. The Netherlands also boasts two independent, PNP (private non-profit) organisations involved in ICT security research, both focussed on Internet, namely SURFNet and NLNet Labs. 11

12 ˆ TNO Starting in 2011, the research at TNO is clustered in the following 7 themes Healthy Living Industrial Innovation Integral Security & Safety Energy Mobility Built Environment Information Society The two themes most relevant within the context of the Sentinels programme are Integral Security & Safety (led by drs. H.G. Geveke), and Information Society (led by Gerlof Bosveld). The first covers the innovation area Secure & Safe Society, comprising e.g., Cyber Operations (warfare) R&D and the Dutch Centre for Protection of National Infrastructure (CPNI.NL) formerly known as the NICC. The second covers the innovation areas Future Internet Use Societal impact of ICT and Vital ICT Infrastructures. These four innovation areas have strong relations with the research agenda of the Sentinels II programme. They cover diverse areas such as critical infrastructure protection, risk perception and risk analysis, security & safety management, privacy enhancing technologies and identity management, intelligence provisioning, RFID and the Internet of Things, applied cryptography, smart cards and trusted computing, labelling and release mechanisms, to name but a few. TNO is a major player in FP7 IST & security areas as well as in NATO Research & Technology Organisation/Agency working groups. Power companies, KEMA, and TNO are working on Smart Grids and their security. The total number of TNO researchers involved in these topics are 50+ people. Senior scientists in these areas are, among others, prof. dr. ir. Wessel Kraaij, ir. Eric Luiijf, dr. Jaap-Henk Hoepman, dr. ir. Thijs Veugen. ˆ Novay Novay s research program focuses on the role that ICT plays in networked innovation. Security and trust are important aspects that make or break innovative solutions as soon as they are deployed in the real world. Novay is organized in two departments, one focusing on Human Centric Services and one on Networked Enterprises. Most of the security related work is carried out in the Identity & Trust theme within the Human Centric Services department, although multi-disciplinary experts from both departments work within high profile security and trust related projects such as GigaPort3 (on escience collaboration) and cidsafe (on high trust consumer identity). ˆ SURFNet is a subsidiary of the SURF organisation, in which Dutch universities, universities for applied sciences and research centres collaborate nationally and internationally on innovative ICT facilities. Security is an important area of attention for SURFNet. SURFNet has its own Computer Emergency Response Team, SURFCert, and carries out research into network security and identity management, with the aim of providing innovative new services for its users, including payment services (SURF internetpinnen) and new ways for identity management. In the past SURFnet pioneered an intrusion detection system for its clients based on the Argos honeypot technology, developed by the VU in the Sentinels I project Deworm. ˆ NLNet labs, funded by Foundation NLNet, is a research centre that focuses on new developments in internet technology, especially the next generation internet with IPv6 and the secure domain name service DNSSEC. Government Many different ministries and government agencies are involved with ITC security research and security projects. The government is not only an important user of ICT security, but also has an 12

13 important role as provider of ICT security, in gathering and disseminating technical know-how and raising public awareness, and as regulator. Within the Ministry of the Interior and Kingdom Relations, Logius (formerly GBO.Overheid) is now the central service dealing with ICT and the overall infrastructure for e-government. As such, it is responsible for DigID and PKIoverheid. GOVCERT.NL, the Computer Emergency Response Team for the Dutch Government, is now also part of Logius. The AIVD, and in particular its unit NBV (Nationaal Bureau voor Verbindingsbeveiliging) support the Dutch government in protecting its (digital) information. The NVB is actively involved in security research project. In 2004 the ministries of Security & Justice, the Interior, Economic Affairs, Agriculture, and Innovation (EL&I) and the National Police Services Agency KLPD have joined forces in the fight against cybercrime, by setting up a joint high-tech crime unit. The KLPD/THTC (Korps landelijke politiediensten - Team High Tech Crime), together with GOVCERT.NL and NCTb (Nationaal Coordinator Terrorismebestrijding), are responsible for the the fight against cybercrime, and also internet-based terrorism. The Ministry of EL&I also supported the NICC (Nationale Infrastructuur Cyber Crime), now incorporated by TNO. The Ministry of Security & Justice incorporates the NFI (Netherlands Forensic Institute), which has a lab that performs and carries out research into digital forensics. In the Ministry of Infrastructure and the Environment, the National Road Traffic Agency (RDW) is active in security research, e.g. surrounding initiatives for electronic driving licences. The NBV (Nationaal Bureau Verbindingsbeveiliging), part of the AIVD, is the government agency responsible for evaluating information security products and solutions. The NBV has been expanding considerably over the past years, as the need for their expertise is growing continuously. The Ministry of Defence sponsors defence-related security research, largely carried out by TNO. The Netherlands Defence Academy (NLDA) has been investing in more security expertise, for instance with the appointment of prof. T. Grant to head the group Operational ICT and Communications. Commercial The Dutch industry and service sectors include many companies that are active in ICT security research. This includes large industrial companies, but also a growing number of SMEs and young start-ups. It is beyond this section to try to list them all. Instead, we provide a more useful overview by categorizing them in broad classes. For readers interested in specific companies, we compiled a (non-exhaustive) list of companies in Appendix. Large industrial companies involved in ICT security research include Philips, NXP, and Thales. Smaller industrial companies focussed on security include CHESS and NEDAP. The major Dutch software houses Logica CMG, CapGemini, Atos Origin, and Getronics develop ICT security solutions. In the software sector there are also more specialised firms that focus on ICT security, such as AET, a Dutch SME specialising in developing middleware and card management systems for smart cards, or Consul (since acquired by IBM). Fox-IT is one of the larger and most prominent companies specialising in ICT security, which has its roots in digital forensics. The Netherlands boast two internationally leading companies that carry out security evaluations, namely TNO spin-off Brightsight and Riscure, and one company specialising in security testing, Collis. In the area of Identity Management, Morpho (formerly SAGEM and SDU Identification) is a major supplier of (electronic) identity cards and passports, producing not only all Dutch passports and identity cards, but also for several other EU countries. Several young companies are active in biometrics, including Dartagnan-Biometrics, UniqKey, Priv-Id, Biometrics, and IDcontrol. Research into Digital Right Management is not also carried out at Philips, but also at Irdeto (active in research for pay TV systems, also for mobile) and Civolution. In the telecom sector, apart from KPN/Getronics, Vodaphone and Ericsson have research divisions in the Netherlands, in Maastricht and Gilze-Rijen, respectively. In the financial sector, the major Dutch banks, such as ABN-AMRO, Rabobank, and ING, all have groups doing research on the ICT security of their financial infrastructure. In Europe, 13

14 Dutch banks are seen as leading the way in internet banking (for instance with IDEAL, and Chess and Rabobank coming in second place for the Excellence in Payments Innovation Award 2009 for Rabo SMS Betalen). The Dutch payment infrastructure is very efficient and has been a successful export product, giving rise to the companies Equens (formerly Interpay) and Currence. In the professional services sector, the so-called Big Four PricewaterhouseCooper, KPMG, Ernst & Young and Deloitte all have Dutch divisions that specialise in ICT security and provide information security services such as audits, penetration testing, and consultancy. More specialised companies that focus exclusively on penetration testing include Madison-Gurkha and Pine Digital Security. SecurityMatters is a start-up that originates for Sentinels I working on innovative solutions for the detection of attacks. National Interest Groups/collaborations There are several Dutch interest groups in the security field, in the academic sector, in industry, or spanning both: ˆ IIP Veilig Verbonden ( The IIP Veilig Verbonden produced a research agenda which provides an important basis for the current Sentinels-2 programme. This research agenda has been written by representatives from industry (Philips, TNT-Post, Dartagnan Biometrics, KPN), government (IC- TRegie, NVB, Ministry of Economic Affairs, Nictiz) and research and is actively supported by representatives from numerous other companies (UniqKey, ABM, Chess, Irdeto, Thalesgroup, CapGemini, Riscure, TI-WMC, Rabobank), as well as organisations and government agencies (ECP, Consumentenbond, Port of Rotterdam, Ministry of Transport, STW). ˆ ECP-IPN ( ECP.NL, the Platform for enetherlands, provides a forum for users from government and industry to strengthen the competitive position of the Netherlands in the digital age. ECP.NL includes several groups active in security-related areas, such as Platform Internetveiligheid, Intellectueel Eigendomsrecht, OpenID.nl+, and Gezondheidszorg & ICT. There is a growing number of professional organisations dedicated to various aspects of ICT security, including ˆ Platform voor Informatiebeveiliging PvIB ( ˆ OWASP-NL, the Dutch Chapter of OWASP which focuses on web-application security ( ˆ Platform Identity Management Nederland ( in which over 20 companies participate, ˆ Nederlands Biometrie Forum ( ˆ the Dutch chapter of ISSA, the Information Systems Security Association ( issa-nl.org/), ˆ Platform NEN 7510 (informatiebeveiliging in de zorg). Several events and symposiums are held on ICT security by and for different communities, such as the the annual Security Symposium by GOVCERT.NL, the annual EPD Dag organised by NVMA (Vereniging voor Zorgadministratie en Informatie), and many meetings organised by the professional organisations listed above. The Sentinels I programme sponsored SAFE-NL ( the platform for computer security research in the Netherlands, to organise bi-annual one-day workshops on different topics in ICT security, with the specific aim to foster links and the opportunity to 14

15 exchange ideas between researchers, practitioners, and implementors from research institutions, industry and government agencies. The academic security community organises an annual WISSEC conference on security (Benelux Workshop on Information and System Security). The three Dutch universities of technology have set up a joint EIDMA that has Information Theory and Cryptology as one of its themes. EIDMA organizes a bi-monthly workshop on cryptology, holds mini-courses by top researchers from around the world, and organizes a graduate course program. 5 Taking Stock As detailed in Section, the Netherlands has strong research groups in ICT security at many universities and the knowledge centres. In the private sector, ICT security is a rapidly growing and diverse business, with large industries such as Philips and NXP, a generation of already established but still growing companies focusing exclusively on ICT security (e.g. Fox-IT, Brightsight, Collis, Riscure, Madison-Gurkha) or doing security research as part of their core business (Irdeto, Chess), large consultancy firms with security divisions (e.g. PwC, KPMG, Ernst & Young, Deloitte), and a host of new start-ups (e.g. Safeberg, IntrinsicId, Pine Digital Security, Certified Secure) including several university spin-off s (e.g. Quarantainenet, Uniqkey, SecurityMatters, Software Improvement Group). Philips alone had three successful spin-out companies that are focussed exclusively on ICT security, namely ˆ Civolution ( that works on watermarking, ˆ Priv-id ( that works on biometrics, and ˆ Intrinsic-ID ( that works on anti-counterfeiting. Of these, Priv-id is a spin-off resulting from the Sentinels I ProBite project. Intrinsic-ID won the ICTRegie Award 2010 for the best achievement in technology transfer from academia to society. TNO also had a security spin-out, Brightsight (formerly TNO-ITSEF). The TU/e and RU founded the joint LaQuSo lab for contract research, which has been very successfully in the area of applied security research, establishing many new collaborations with industrial parties and government agencies. Following the previous Sentinels research program, the Dutch research community in ICT is very healthy, not only when it comes to the size, but also the level of cooperation, the level of academic excellence, and the economic and industrial impact. The research on RFID security in Nijmegen has sparked off to a collaboration between NXP and several academic partners in a Sentinels project (PEARL). The company behind the ovchipkaart, TransLinkSystems, now sponsors PhD positions at the RU and UvT for research into future variants of public transport cards. Dutch expertise is also recognized on a EU level. For example, a team consisting of Collis, PwC, and Radboud University won a EU contract to investigate the impact of the electronic passport on European border security, and UniqKey takes part in the consortium that won the tender for European Biometric Matching System. The Netherlands is also regarded as a thought leader on issues of security and privacy for smart electricity meters. The academic excellence of Dutch security research is demonstrated by the international recognition. Prof. Tanenbaum of the VU received an ERC Advanced Grant by European Research Council (ERC) for research into secure operating systems. As a follow-up to the Sentinels De- Worm project, dr. Bos of the VU was awarded the prestigious ERC Starting Grant in the field of computer security. Scientific American did an article on the RFID Guardian project at the VU (Grossman, 2007), and the security group at the RU was the subject of a special article in the top scientific journal Science (Cho, 2008), all the more extraordinary as top science journals rarely pay attention to computer science research. For his PhD thesis on intrusion detection in high-speed networks, Willem de Bruijn of the VU won the Eurosys Roger Needham Award for best PhD thesis in systems in Europe Eurosys is the European Chapter of ACM SIGOPS. The 15

16 VU was invited to join a high-profile EU FP7 project FORWARD 9 on identifying future security threats and needs, and setting directions for security research at a European level. Apart from academic and economic impact, Dutch ICT security research can also lay claim to real societal impact. On several occasions Dutch security research made grabbed the international headlines, for instance with research on ˆ RFID viruses (e.g. Scientists: RFID chips can carry a virus, CNN, 15/3/2006), ˆ Mifare cards (e.g. Details of Oyster card hack to be made public, The Times, 21/7/2008), ˆ and electronic identity cards (e.g. E-passport security flaw allows remote ID of nationality (The register, 8/4/2008). On a national level, security experts from universities have been involved in or even sparked off - debates on topic such as the ov-chipkaart, electronic voting, electronic patient records (EPD), and the biometric passport, for instance serving as experts in Parliamentary hearing, serving on committees (e.g. the Adviescommissie inrichting verkiezingsproces), or performing security research for government agencies and ministries (e.g. on the new Rijkspas, the EPD and Digid, the RIES internet voting system, the biometric passport, smart electricity meters, electronic roadpricing, and the electronic driving license). This only underlines the fact that given the growing role of ICT in the information age and the associated growing threats it is crucial that the Netherlands has expertise in ICT security. In the light of the above, it is not surprising that on three occasions the annual ICT I/O Award, awarded by IPN (ICT-onderzoek Platform Nederland) for the best achievement in bringing ICT research to the attention of the general public, went to security-related research: in 2005 to prof. Jacobs of the RU for research on electronic voting, in 2006 to dr. Rieback of the VU for the RFID Guardian project, and in 2008 to the Mifare team of the RU for their research on Mifare Classic and the OV-chipkaart

17 Results of Sentinels I All projects awarded in the first round of Sentinels I have now all ended, allowing the impact of this first round to be assessed. The six projects resulted in two patents and two spin-offs, namely the companies SecurityMatters and Priv-ID, that grew out of the projects IPID and ProBite, respectively. ProBite had a follow-up with UT participating in the EU FP7 project Turbine. ProBite also received the EBF (European Biometrics Forum) Industrial Award DeWorm had a follow-up with VU participating in the EU FP7 project Wombat and provided the basis for ERC (European Research Council) Starting Grant of 1.3 MEuro awared to Herbert Bos for the Rosetta project on reverse-engineering. IPID saw three follow-up projects (HERMES, CASTOR, MIDAS) looking at security of industrial SCADA projects in collaboration with Fox-IT, ABB, Brabant Water, Waternet, Alliander and the GasUnie. At the TU/e, PINPAS JC had a follow-up in a project on Advanced Side-Channel Attacks funded by end user panel member Riscure. At the RU, PINPAS JC had follow-ups in collaboration with Collis BV and PricewaterhouseCoopers (a pilot implementation of electronic driving licenses for the Road Transport Agency RDW and a study of electronic passport security commissioned by the EU) and a project where TransLink Systems BV funds one PhD student on smartcard-based e-ticketing solutions. Practical Approaches to Secure Cooperation saw a follow-up in the NWO Vici awarded to Roland Cramer to work on secure computation. 6 Sentinels I The Sentinels I programme provided an important boost to security research in the Netherlands. In addition to the research directly sponsored by programme, it has also acted as a catalyst by attracting attention and investments of universities to the field and invigorating contacts with industrial partners. At the end of the programme there is now a well-connected community of Dutch security professionals in academia, industry, and government, though there are still good opportunities to further improve interaction and cooperation. Contacts have also led to skilled knowledge workers finding their way to jobs in industry. Here the researchers (PhD and post-docs) trained in Sentinels projects represent only the tip of the iceberg of a much larger number of regular Master students finding their way in the ICT security field. Contacts with industry have also drawn the universities attention to training the right people to meet the needs of the ICT security sector: the UVA has started a System and Network Engineering Master programme with a strong security focus, and the TUE, UT, and RU have a joint Master programme in computer security, called the Kerckhoffs Institute. Universities have also recognized the growing importance of computer security and invested in the area. For example, a new security group was started in the Computer Science department at TU/e, with the appointment of Etalle on a new chair for computer security and two assistant professors (den Hartog, Skoric). The Digital Security group at RU saw appointments of assistant and associate professors (Hoepman, Batina). The first call for proposals for Sentinels I was launched in 2004, with subsequent calls in 2006 and The first generation of projects, which started in 2005, have all ended now. Projects awarded in the last round, which started in 2009, will end in

18 In the first round, six projects were awarded, out of 15 proposals: DeWorm, IPID, JASON, PINPAS JC, Practical Approaches to Secure Cooperation, and ProBite. The total budget of these projects was 3M, of which 2.3M financed by Sentinels I and 0.7M by the industrial partners. In the second round, another five projects were awarded, out of 17 proposals: PEARL, SEDAN, S-Mobile, VISPER, and VRIEND. The total budget of these projects was again 2.7M, of which 2.2M was financed by Sentinels I and 0.45M (17%) by the industrial partners. In the third and final round, another five projects were awarded, out of 19 pre-proposals: Identity management on mobile devices, Secure metering, CREST, Revocable privacy, and Kindred Spirits. The total budget of these projects was 3.7M, of which 3.5M was financed by Sentinels I and 1.2M (32%) by the industrial partners. In preparation to the third call, more emphasis was put on user participation. To increase industrial participation, for the first time a small part of the budget was allocated to directly funding industrial participation. This approach was made possible by ICTRegie, who contributed 845k, and clearly paid off, as the user contributions increased to 32 %. In total, Sentinels I funded projects involving 6 universities, twenty companies, and a handful of government agencies and foundations. Many more companies are active on user panels of Sentinels I projects. Two of the Sentinels I projects have led to new start-ups: the company SecurityMatters was founded as a direct result of the IPID project, and Priv-Id was founded to exploit research carried out in ProBite. Expertise in biometrics at UT, to which the project ProBite contributed, already to the establishment of the company Uniqkey. Sentinels I also funded a part-time position of a Sentinels ambassador, to promote the programme and its results to wider Dutch audience, especially in industry and government. Drs. A. (Fred) Eisner, a renowned security expert on both technical and societal issues, fulfilled this role from 2005 until Sentinels I also supported networking and knowledge exchange, by organizing its own Security Day, sponsoring the bi-annual SAFE-NL workshops, taking part in events such as the ICT-Kenniscongres and ICT-Delta, and organizing the upcoming Sentinels workshop as part of STW.ICT, the first STW conference on Research in Information and communication Technology. List of projects Below a list of all the Sentinels I projects, with the project leaders and all the partners, in chronological order: projects 1-6 are from the first call, 7-11 from the second, and from the third round. 1. JASON, Generic and Secure Remote Management Infrastructure Project leader: Poll (RU) In collaboration with Chess. 2. IPID, Integrated Policy-based Intrusion Detection Project leader: prof.dr. Roel J. Wieringa (UT) In collaboration with Rabobank Nederland and TNO ICT. 3. Practical Approaches to Secure Cooperation Project leader: prof.dr. Ronald J.F. Cramer (CWI) In collaboration with Philips Research. 4. ProBiTe, Protection of Biometric Templates Project leader: dr.ir. Raymond Veldhuis (UT). In collaboration with Philips Research. 5. DeWorm, Worm monitoring on Internet backbones Project leader: dr.ir. Herbert J. Bos (VU) In collaboration with TNO ICT. 6. PINPAS JC, Program INferred Power-Analysis in Software for Java Card Project leader: dr. Erik P. de Vink (TUE) In collaboration with UT, RU, Brightsight (formerly TNO-ITSEF) and STMicroelectronics. 18

19 7. S-Mobile: Security of software and services for mobile systems Project leader:.dr. B. Crispo (VU) In collaboration with Philips Research, TUE, TNO ICT. 8. VISPER: The virtual security perimeter for digital, physical, and organisational security Project leader: Prof.dr.ir. P.H. Hartel (UT) In collaboration with Atos Origin, B/CICT (Belastingdienst/Centrum voor ICT), BiZZdesign, Fox-IT, and Getronics-PinkRoccade. 9. SEDAN: Searchable data encryption Project leader: prof.dr. H. van Tilborg (TUE) In collaboration with Philips Research. 10. VRIEND: Value-based security risk mitigation in enterprise networks that are decentralized Project leader: prof.dr. Roel J. Wieringa (UT) In collaboration with Akzo Nobel, Corus, DSM, Hoffmann Bedrijfsrecherche, and Philips International. 11. PEARL: Privacy enhanced security architecture for RFID labels Project leader: dr. S. Mauw (TUE). In collaboration with Philips Research and TNO ICT. 12. Secure metering Project leader: Prof.dr. M.C.J.D. van Eekelen (RU), in collaboration with RDW and Alliander (formerly Nuon). 13. CREST: Collusion resistant tracking Project leader: Dr. B. Skoric (TUE) In collaboration with Irdeto and Civolution. 14. Mobile IDM: Identity management on mobile devices Project leader: Prof.dr. S. Etalle (TUE). In collaboration with RU, TNO ICT, Ericson, and Novay. 15. Kindred Spirits: Privacy enhanced social networking Prof.dr.ir. R.L. Lagendijk (TUD) In collaboration with UT, TNO-CIT, Philips, Irdeto, De Waag, PAIQ, BPP, BL. 16. Revocable privacy Project leader: Dr. J.H. Hoepman (RU) In collaboration with CWI, TNO, and ICTU. 7 Research Agenda: Research Topics and Application Domains To outline the scope of Sentinels II, we identify a number of strategic application domains and research topics. At all times, we approach these domains and topics from the direction of the two focus areas identified earlier: security and trust of citizens, and security and trustworthiness of infrastructure. Application Domains The application domains for Sentinels II are chosen for their relevance for the Dutch industry and society, and correspond to the applications domains identified by the the ICT Innovation Platform Security & Privacy (IIP-VV, 2007): ˆ Healthcare ˆ Internet and telecom ˆ Semi-public spaces 19

20 ˆ Finance and insurance ˆ Transport and logistics ˆ Government ˆ Creative industry Research Topics research topics: Given the above application domains, Sentinels II focus on the following 1. Identity, Privacy and Trust Management Managing the (digital) identities, protecting user s privacy and managing the trust in the online world are essential functionalities of the future internet 10, which are required in each of the above application areas. For instance, each application area governs an important aspect of the digital life of the citizen, so the digital identity of people is a key element of study. 2. Data and Policy Management In the application areas a variety of data plays a key role. However, the confidentiality, availability, authenticity and integrity requirements for different kinds of data can vary greatly, both in the technical as well as in the legal sense. For example, health records must be kept for 70 years, and therefore require strong security, whereas other data is almost ephemeral, such as the data kept by RFID tags. 3. Infrastructure One of the goals of Sentinels II is to improve the resilience of our (critical) infrastructure. This topic covers areas like software security, secure kernels, smartcards, as well as security of embedded systems (e.g., in the automotive sector, ambient intelligence, etc.), security design of cloud computing and SCADA systems (e.g., in power plants). 4. Prevention and Detection of Attacks This includes intrusion detection and prevention systems, malware detection, incident recovery, protection against Cyberwarfare. 5. Economics, Regulation, and Risk Management Security is a multidisciplinary area which cannot be studied without taking into consideration non-technical aspects. Each application area is a multi-actor system, where large and complex value chains are in operation, involving public and private partners that have to work together to provide attractive services. However, the various application areas fit in different regulatory frameworks, and privacy expectations may differ. 6. Methods and Tools Security engineering is a relatively new field and therefore lacks the maturity required to design, build and test cost-effective secure systems. As a result, security is often implemented as an add-on, instead of being designed into the system right from the start. While considerable progress has been made in specific areas, such as security protocol analysis, a sound engineering method for security is still a long way off. Even if if initially aimed at one specific domain, research on the topics above can provide generic solutions that will apply to many application domains. For this to happen it is important that Sentinels II also helps to disseminate of knowledge and project results across the different application domains. Table lists examples of concrete and important areas for Sentinels II. We see that the research areas span a large range of topics, from hardware to software, and from working systems to theory and legislation. 10 See Future Internet Assembly: 20