The main goals of the INTER-TRUST framework are to allow managing, enforcing and negotiating changing security policies and to support the verification that the required security level is maintained, activating enforcement actions when needed. This will allow integrating existing state-of-the-art techniques used by systems, devices or services that need to interoperate and make sure that privacy, data security, reliability and resiliency to attacks and operational failures is guaranteed by all parties involved.

THE PROJECT

The main objective of the INTER-TRUST project is to develop a framework to support trustworthy applications in heterogeneous networks and devices based on the enforcement of interoperable and changing security policies.

The project intends to validate the architecture, techniques and tools developed using two completely different case studies with complex, high-demanding critical services. The two case studies, e-voting and Vehicle to Vehecle/Vehecle to Infrastructure (V2x) communications for Intelligent Transport Systems (ITS), will be used by INTER-TRUST to gather detailed and generic requirements, define the research priorities, and validate the approach and the developed techniques and tools. These case studies perfectly illustrate the importance of the objectives of INTER-TRUST.

The first case study concerns remote multi-channel e-voting and requires the support of heterogeneous and highly distributed devices with strict security and privacy concerns. It is a natural evolution of Internet voting that adds support to mobile phones, land-line phones, e-mails, etc. for casting votes.

The second use case scenario deals with a V2x/ITS context. with a focus on V2V (peer-to-peer communications) and on V2I (centralised communications). The security needs of V2x/ITS use case scenarios are of paramount importance to their successful implementation, particularly when dealing with safety-related services. In the V2I and V2V context there is a set of services, accessed by remote nomad devices or OBU (On-Board Unit) terminals using, sometimes patchy, wireless communications (UMTS, Wi-Fi, etc.). These services are often deployed on a common architecture and must be completely interoperable to make multi-provider deployment possible on the same infrastructure. As such, the V2x/ITS use case scenarios require highly adaptable, distributed security that can operate intermittently.

The main goals of the INTER-TRUST framework are to allow managing, enforcing and negotiating changing security policies and to support the verification that the required security level is maintained, activating enforcement actions when needed. This will allow integrating existing state-of-the-art techniques used by systems, devices or services that need to interoperate and make sure that privacy, data security, reliability and resiliency to attacks and operational failures is guaranteed by all parties involved.

Systems need to interoperate with their environments. In general, an environment has two main characteristics: it may contain hostile elements and it evolves dynamically. Since the environment possibly includes opponents that may behave maliciously, it is necessary to design security mechanisms so that the different parties involved in some interoperation may interact securely. However, since the environment may possibly change dynamically, these security mechanisms cannot be deployed statically, particularly if the model of the environment is incomplete or contains errors. Instead, they must be able to adapt to the changes of the environment, especially when these changes reveal potentially hostile behaviours. Furthermore, the adaptability will make it harder to “crack” the system as compared to fixed never-changing security mechanisms. To address these new constraints, security has to be d Save esigned in an autonomous and spontaneous way. This requirement for autonomy and spontaneity must be addressed in all the steps of modelling and deployment of security requirements.

CONSORTIUM

A consolidated research group with a renowned academic and industrial profile.

• algoWatt (IT)
• Montimage eurl (FR)
• Institut Mines-Telecom (FR)
• Universitat Rovira i Virgili (ES)
• Search Lab (HU)
• Universidad de Malaga (ES)
• The University of Reading (UK)
• Universidad de Murcia (ES)
• Scytl Secure Electronic Voting s.a.(ES)
• Indra Sistemas s.a. (ES)