Person in charge of the Unit : Oui
The QualSec research group performs research in real-time scheduling theory and in cryptography and computer security.
Person in charge of the Unit : Oui
Founded in 2017, the multidisciplinary research center in cybersecurity aims at federating the research labs active in the field of cybersecurity. It builds on top of a long-standing and well established research experience of its research groups. The Cybersecurity Research Center has strong ties with the Master of Science in Cybersecurity, the Center for Cyber Security Belgium (CCB), and the Cybersecurity Coalition.
The topics of the research group SOS include : scheduling, real-time systems, optimisation & security.
Over the last 50 years the CMOS scaling has allowed manufacturing of Integrated Circuits (ICs) with predictable increase in efficiency. The major barrier that CMOS technology is facing today are the physical limits of sub-10nm processes, which are preventing further cost-effective down-scaling of ICs. The only alternative to still continue to increase the IC performance (i.e. cost-effective enablement of advanced IC processes) is to dramatically increase the number ICs deployed, with identical layout. Conversely, the rise of new computing paradigms such as Internet-of-Things (IoT) and Internet-of- Everything (IoE) (billions of devices foreseen in 2020) requires extremely versatile IC solutions. To support this wide variety of applications, including the existing mobile and high-performance comput- ing, extremely configurable systems – both at design-time and run-time – will be required. The SOFIST project aims at designing highly scalable, low-cost, template System-on-Chip (SoC) archi- tectures for CLOUD-OF-CHIPS applications. CLOUD-OF-CHIPS refers to large amounts of interconnected ICs and IC cores (which may or may not be on the same board), which can have different communi- cation speeds and hierarchy levels. The proposed architecture is configurable: 1) at design-time (core template architecture, size of tightly coupled computing clusters, etc.), and 2) at run-time (depending on the application: IC communication scheme, security features, size of computing clusters, etc.).
Cloud computing is a delivery model of computing as a service rather than a product. Services (i.e., resources, software and data) are provided to computers and other devices as utilities over a network. The services themselves are referred as Cloud services. Applications that use these cloud services by means of APIs are referred to as Cloud-based applications. Cloud-based applications are designed in a distributed and multi-party environment: they consume a multitude of third-party Cloud services and rely on infrastructures and/or platforms hosted in external data centers. The multi-party and distributed nature of cloud-based applications requires particular care with respect to security; the authentication and authorisation of users, as well as the confidentiality and integrity of their data. Although several technologies and solutions are now emerging both in academia and in the industry, they only address parts of the security problems for Cloud-based applications. As a result, Cloud-based application providers are faced with difficulties when linking and bundling them into a workable security solution for their specific context. Security of Cloud-based applications requires a holistic and proactive approach. The approach lies in good knowledge of security risks specific to Cloud-based applications. This knowledge must be built upon different aspects of the security problems; not only technical aspects but also organizational and societal ones. The overall goal is to research whether it is feasible to address the above needs by: Performing scientific research with respect to the conception of a holistic & coherent set of tools, technologies and techniques that will allow the software industry to proactively think about security in their Cloud-based applications whether SaaS or Mobile. The four considered perspectives are architecture, infrastructure, programming and process. Conceiving a dedicated security risk management model targeted towards Cloud-based application builders (e.g., risk evaluation, mitigation responses to critical risks, vulnerabilities and threats). Involving the industry as validator of the two above goals through a dedicated industrial platform. The platform consists of different deliverables with objectives ranging from awareness creation up to adoption of the project results in 2 industrial target groups: software companies and technology providers and consultancies.
CRYPTASC II aims at the design of a high-speed cryptographic key distribution system based on a fast quantum random number generator, of a software toolbox for monitoring the quality of generated random series and of a set of cryptographic primitives and protocols that exploit the local high-rate supply of random bits.
One of the problems with the transparency, a property usually provided by current blockchain techniques, is privacy since everyone can look at the data inserted in the transactions compiled in the different block of a blockchain. In this way, the trust obtained on the basis of the content of the transactions comes at the price of lack of privacy. From a commercial perspective, if it may be needed to avoid sharing publicly the amounts and contents of transactions, however the payment history may be of interest for credits for example or to prove that deliveries were realized successfully. Two main techniques are used to improve the privacy of blockchains: zero-knowledge protocols and homomorphic Encryption. Another research topic related to the subject of this proposed project is the design of fair exchange protocols. These cryptographic protocols make it possible to implement, in a fair way, an exchange of goods via a network (a good against a payment, a payment against the commitment to send a physical good...) while guaranteeing that either the different participants in the protocols receive what they expect, or no participant receives anything that can be valuable (this property is called "fairness"). In the framework of this project we envisage to study how such protocols can be improved on the basis of a blockchain technology. Also, blockchain technologies currently suffer from a range of limitations. For instance, Bitcoin, the main blockchain used for payment today, is radically impractical for the type of use cases targeted by the SPE because each Bitcoin transaction can take upto several minutes to get accepted and validated. This delay is impractical in a shop where the merchant could have to wait a long time to be sure it is paid. Besides, the Bitcoin blockchain can accept only 3 transactions per second. Some blockchains try to address Bitcoin’s limitations and currently promise to handle 15 000 to 20 000 transactions per second at the price of a lighter transaction verification procedure. In the frame of this research project, we aim at working on an enhancement of blockchain technologies to reach performance levels that are close to the load and transaction rate that centralized payment platforms can handle: A SPE transaction should be validated in less than a second, and the blockchain sustaining the SPE should be able to process 30 000 transactions per second.
The classical approach to achieve multiple security properties such as authentication, integrity and confidentiality is to combine dedicated building blocks separately achieving each property. This apparently obvious process proves in fact to be very difficult, as testified by numerous attacks exploiting weaknesses in the “mortar” connecting the blocks, even in widely used, and presumably well-known, products such as OpenSSL. A promising approach to solve this issue is the use of combined primitives. This is for example the case for authenticated encryption, a fundamental cryptographic primitive that ensures at the same time confidentiality, integrity and authentication. Many new authenticated encryption schemes were recently proposed in the framework of the CAESAR competition. The goal of this research project is to investigate the efficiency and security of these new proposals. That is, assuming that authenticated encryption will be deployed on small embedded platforms, how to guarantee that these algorithms can be implemented within the time budget imposed by practical applications, while making sure that they cannot (or at least not easily) be broken, especially by attacks taking advantage of physical information leakages (so-called side-channel attacks). Besides, a more prospective research will investigate the possibilities to extend the recent trend of “leakage-resilient” cryptography towards authentication and authenticated encryption. That is, can we design algorithms or encryption modes that are inherently more secure against physical attacks?
Side-channel attacks on cryptographic hardware
Over the last 50 years, the CMOS technology allowed more and more efficient manufacturing of integrated circuits. This technology has now reached not only the physical limits, but also important economic barriers! Even if we are ready to produce integrated circuits with minimum features size below 10 nanometers, the production cost is high and will significantly increase with the following technology generations. To overcome this problem, a computer system paradigm shift is needed: let us imagine complex systems such as a computers, watches, biomedical implants, the controls of an aircraft, or any other system, made entirely from the same elementary integrated circuits, combined at design time, during integrated circuit packaging. All we have to do is to make them communicate securely and to schedule them properly in order to realize complex and as varied architectures as necessary. The Concerted Research Action “SOFIST" proposes to develop these future IT architectures called "CLOUD-OF-CHIPS". By combining researches on integrated circuit design, communication, security and scheduling, these new kind of circuits could replace any computer system! The valorization perspectives are important because the outcomes of this research will be applicable for embedded systems, real-time systems, communication systems, etc. as well as for mainstream systems such as Internet-of-Things and Internet-of-Everything.
The aim of the BruFence project is to design systems based on machine learning and big data mining techniques that allow sensible and secure systems to automatically detect attacks and fraudulent behaviors. Advanced persistent threat detection market as well as scalable fraud detection is expected to have a high progression rate in the next years, therefore the project is twofold and addresses researches on: Automatic detection of threats and attacks against communication systems, managed file transfer and collaboration platforms; Automatic detections of fraud in large amount of transactions.
CRYPTASC aims at the design of an integrated practical toolbox of cryptographic and security primitives based on the promising results obtained over the last decade in the area of quantum information, in particular in quantum cryptography. The project is anticipated to provide a strong impulse to the development and valorisation of a potentially revolutionary ICT solutions to secure networks, by joining the efforts of the academic teams of the Brussels region, expert in cryptography, computer science, and quantum technologies, which will closely collaborate with a founded spin-off company.
Security of wireless communications