secfunetv3 - Grupo de Teleinformática e Automação
advertisement
FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Small or medium-scale focused research projects STREP proposal ICT – EU Brazil Coordinated Call FP7-ICT-2011-EU-Brazil Security for Future Networks SecFuNet Work programme topics addressed Objective ICT2011.10.1 EU-Brazil Future Internet - security Research and Development cooperation: Future Internet - security Name of the coordinating person: Michel Betirac e-mail: Michel.Betirac@ethertrust.com Participant no. * Participant organisation name Part. short name Country 1 (Coordinator) EtherTrust ET France 2 ST Microelectronics STM France 3 Université Pierre et Marie Curie -LIP6 LIP6 France 4 Telecom ParisTech TPT France 5 Ecole Normale Supérieure ENS France 6 Implementa IMP Germany 7 Technische Universität München TUM Germany 8 University of Lisboa UL Portugal 9 (Coordinator) Universidade Federal de Pernambuco UFPE Brazil 10 Universidade Federal do Rio de Janeiro UFRJ Brazil 11 Universidade Estadual do Ceará UECE Brazil 12 Universidade Federal do Amazonas UFAM Brazil 13 Universidade Federal de Santa Catarina UFSC Brazil 14 Universidade Federal do Rio Grande do Sul UFRGS Brazil 15 DWA Brazil DWA Proposal Part B: page 1 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Proposal abstract The future Internet will rely heavily on virtualization and cloud networking. Therefore, one of the main challenges for the future Internet is to provide such virtual networks and cloud accesses with a high degree of security. This project proposes the design of a framework providing secure identification and authentication, secure data transfer, secure virtualized infrastructure, and privacy in virtual network and clouds, exploring techniques such as microcontrollers, resource management, intrusion tolerant algorithms, and cryptographic protocols. The goal of the SecFuNet project is to design and develop a coherent security architecture for virtual networks and cloud accesses. The proposed architecture will provide solutions allowing the management of the security of communications for all machines connected to a public cloud using virtual networks. Hence, we need a coherent and robust identification scheme as well as a strong authentication system. Algorithms robust to intrusions are also needed for creating a secure environment. Besides, the proposed architecture must guarantee security in the virtualized infrastructure, through isolation of virtual networks and access control for users and managers. The identification of authorized users, however, must not compromise their privacy. Moreover, it is necessary to bring an ergonomic security scheme that is acceptable for all users, even those unknowledgeable in computer science. And finally, the proposed scheme must take into account the heterogeneity of equipment (wireless and wired) to preserve interoperability. The proposed architecture will address every one of these challenges by using among other tools, secure “island” of computation (secure microcontrollers like those used on TPM and smart cards) for identification, authentication and privacy. Another important tool that will be used to address the mentioned challenges is virtualization. The secure virtualized infrastructure and the algorithms robust to intrusions will guarantee the basis for creating a secure environment. A secure environment and a strong access control are the main pillars for building the proposed security architecture. The proposed security architecture is split into at least two virtual networks: the legacy Internet we know today and a new premium Internet based on strong identification, maintaining privacy of the clients. Eventually a new Post-IP network could be introduced. The proposed architecture will allow these virtual networks to share the same substrate using virtualization, as shown in Figure 1. The architecture will enforce the isolation between the two (or three) networks. Moreover, the secure microcontrollers may allow the introduction of new security schemes to the legacy Internet, avoiding some attacks against customers who are identified using a secure procedure. Figure 1 - The future virtualized network. Proposal Part B: page 2 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet The challenges addressed by this project can be organized in the following work packages: 1- WP1 - New general security architecture based on secure microcontrollers. Different security schemes can make use of the secure “islands” for their deployment, such as EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), and coexist with legacy scheme such as EAP-SIM (Extensible Authentication Protocol-Subscriber Identity Module). The increase on security is derived from the execution of the algorithms within the boundaries of the secure microcontroller instead of running on the unsafe PC. The microcontrollers could be used to access every one of the virtual networks (legacy, premium, and Post-IP), helping encryption and other algorithms, beyond what is proposed by the Trusted Platform Modules (TPM). 2- WP2 - Highly secure authentication server with an array of secure microcontrollers allowing user privacy for legacy, premium, and Post-IP networks. 3- WP3 - Highly secure identification scheme, using the secure microcontrollers, based on Open-ID and Shibboleth. 4- WP4 – Secure scheme for guaranteeing isolation among the virtual networks so that one network cannot reduce other virtual network performance through an attack. Also, provide a secure management and control of virtual network resources using the developed identification scheme, guaranteeing isolation and privacy of the virtual network allocated resources. 5- WP5 – Infrastructure resilience against attacks or accidents. 6- WP6 - Cryptographic schemes for the legacy and premium Internet. 7- WP7 – Testbed for the evaluation of the devised schemes, as well as the publication of website, documents and scientific papers. Proposal Part B: page 3 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Table of contents Section 1: Scientific and/or technical quality, relevant to the topics addressed by the call ............... 5 1.1 Concept and objectives ............................................................................................................ 5 1.1.1. Relevance to the FP7-ICT-2011 –EU-Brazil Objectives ............................................ 10 1.2 Progress beyond the state-of-the-art ...................................................................................... 11 1.2.1. Virtualization............................................................................................................... 12 1.2.2. EAP-TLS ..................................................................................................................... 14 1.2.3. Authentication server .................................................................................................. 17 1.2.4. Identification Scheme .................................................................................................. 21 1.2.5. Intrusion tolerant algorithms ....................................................................................... 21 1.2.6. Cryptographic schemes ............................................................................................... 23 1.3 S/T methodology and associated work plan .......................................................................... 27 1.3.1. Overall strategy of the work plan ................................................................................ 27 1.3.2. Work-packages and components timing ..................................................................... 29 1.3.3. Work-packages and components interdependencies ................................................... 30 1.3.4. Overall approach to risk management ......................................................................... 33 1.3.5. List of Work-packages ................................................................................................ 37 1.3.6. List of Deliverables ..................................................................................................... 38 1.3.7. Work-packages descriptions........................................................................................ 40 1.3.8. Summary of staff effort ............................................................................................... 59 1.3.9. Template - List of milestones ...................................................................................... 60 Section 2. Implementation ................................................................................................................ 61 2.1 Management structure and procedures .................................................................................. 61 2.2.1. Integrated Project Consortium Agreement Governance.............................................. 61 2.2 Individual participants ........................................................................................................... 64 2.3 Consortium as a whole .......................................................................................................... 82 2.4 Resources to be committed .................................................................................................... 83 Section 3. Impact .............................................................................................................................. 84 3.1 Expected impacts listed in the work programme................................................................... 84 3.2 Dissemination and/or exploitation of project results, and management of intellectual property ............................................................................................................................................. 84 3.2.2. Contribution to standards ............................................................................................ 86 3.2.3. Intellectual Property Rights (IPR) management.......................................................... 87 Section 4. Ethical Issues ................................................................................................................... 89 Proposal Part B: page 4 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Section 1: Scientific and/or technical quality, relevant to the topics addressed by the call 1.1 Concept and objectives The future Internet will rely on virtualization and cloud networking, and one of the main challenges is to achieve highly secure virtual networks and cloud accesses. The main problems addressed by this project are secure identification, secure authentication, secure data transfer, secure virtualized infrastructure, and privacy in virtual networks and clouds, exploring techniques such as the usage of microcontrollers, the resource management, intrusion tolerant algorithms, and cryptographic protocols. The goal of the SecFuNet project is to design and develop a coherent security architecture for virtual networks and cloud accesses. Such an architecture must propose solutions allowing to manage security of the communications for all machines connected to a public cloud using virtual networks. Hence, we need a coherent and robust identification scheme as well as a strong authentication system. Algorithms robust to intrusions are also needed for creating a secure environment. Besides, the proposed architecture must guarantee security in the virtualized infrastructure, through isolation of virtual networks and access control for users and managers. These aspects must not compromise user privacy. Moreover, it is necessary to bring an ergonomic security scheme that is acceptable for all users, even those unknowledgeable in computer science. Finally, the proposed scheme must take into account the heterogeneity of equipment (wireless and wired) to preserve interoperability. Virtualization will bring additional complexity to networks. The risk is that security becomes a limiting factor to the evolution of networks into the future, and to the roll-out of the enriched services they are expected to deliver. In future networks all resources will be virtualized. This is a new challenge for security. Instead of providing a specific algorithm for each security scheme, we would like to propose a unified secure architecture mainly based on a secure microcontroller for identifying and authenticating users and nodes and on a strong security on virtualized networks. The secure microcontroller can be a smartcard, for example, but could be a specific token built for future Internet networks. Security of virtual networks is based on isolation among the different virtual networks and we would like to study this security in the Xen platform. Secure microcontroller The smart card technology has been used recently for deploying and managing security applications inside tiny microprocessors. These tiny microprocessors are part of secure microcontrollers, which are small tamper-resistant devices that store some secret information and perform operations such authentication using cryptography. The dimension of a smartcard with a microcontroller is in the order of millimetres and it is ideal for security applications, because it has a secure crypto processor, a secure file system and protects inmemory information. In this project, the secure microcontroller is used for identifying and authentication users to grant access to the network, which could be the premium Internet, the legacy Internet, and any post-IP network. Because microcontrollers can be easily programmed, it can be used with any security scheme, such as the EAP-TLS or the EAP-SIM. Proposal Part B: page 5 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet EAP-TLS and EAP-SIM The Extensible Authentication Protocol (EAP) is a flexible framework standardized by the Internet Engineering Task Force (IETF). EAP-TLS is recognized by all manufacturers, software editors, and operators as the solution for strong and global authentication scheme for all terminals. So, this project aims at designing an open framework, free of proprietary technologies, that addresses the following items, - Specifications of smartcard services and associated binary encoding rules (ISO 7816 APDUs) in the IETF organization, which sets up the Internet protocols for twenty years. - Release of open software (OpenEapSmartcard) for java cards [11] and dotnet smart cards. The codes of EAP smart cards may be freely downloaded through the WEB. - Design of architectures based on EAP clients and EAP servers, in order to enhance the global network security. The goal of the SecFuNet project is to develop a highly secure authentication server In recent months, some major players have had serious problems with the theft of hundreds of thousands of passwords, putting in danger some of their corporate customers who are vulnerable to hackers. Highly secured access control is a mandatory prerequisite for organizations offering services distributed over the Internet. Radius SIM array provides cloud-computing providers with a unique strong authentication solution protecting them against these new attacks. A single SIM Array stores up to 416 EAPTLS SIMs and SIM Arrays can be clustered to provide storage for any number of SIMs as needed. This solution brings: - The end of Phishing: customers do not enter anymore logins and passwords, this critical information cannot thus be stolen. - Faster Connections: the end of headache to remember which login and which password are needed for each WEB site. - Easy user management: adding a new user would only require the insertion of a new SIM card. - Privacy: a couple of associated smartcards guarantees that nobody can detect who is connected to the network. Highly secure identification scheme (using the secure microcontroller) based on Open-ID and Shibboleth. Virtual networks isolation and testbed SecFuNet aims to develop a secure infrastructure for the virtualized networks and clouds. This infrastructure must provide both high availability and reliability for users. A secure infrastructure for virtual networks demands a strong isolation among virtual networks. This means that one virtual network cannot interfere with others. Moreover, a secure infrastructure must be able to assign different physical resources to each virtual Proposal Part B: page 6 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet network, guaranteeing QoS and assuring that QoS parameters will be respected regardless of the number of virtual networks hosted in a node and even attacks to virtual/physical networks. Hence, this project addresses the following: - Development of schemes for guaranteeing an isolated infrastructure for virtualized networks. - Development of a scheme for sharing physical resources among virtual networks, guaranteeing a robust management interface as well as the Quality of Service of each virtual network, according to the service level agreements of each network. - Development of management tools for controlling resource usage, to prevent networks or clouds under attack from damaging the performance of other virtual environments located at the same physical infrastructure. Infrastructure resilience The infrastructure can be made resilient by technical means that protect against challenges that may arise from technical faults or from malicious attackers. SecFuNet aims to implement mechanisms for robust provisioning of IP services that ensure the availability of IP services in the presence of link failures, or node failures. These mechanisms thereby provide resilience of the network, and of higher layer services that are built on top of network services. Among these mechanisms, proactive and reactive approaches can be distinguished. SecFuNet aims to address specific threats originating from malicious users or groups of users, and methods that either (proactively) may prevent specific attacks, or (reactively) allow to restore functioning of the network, and of higherlevel services, after detecting and diagnosing specific attacks. Cryptographic schemes for the future generation Even though cloud computing and virtual networks provide cheap access to a variety of services such as private remote storage or secure outsourcing of computation, the user no longer has control over the platform on which these services are run. For instance, in the case of private remote storage, users are at the mercy of their storage providers with respect to the continued availability of their data. In the case of secure outsourcing of computation, users may not have any guarantees that the computation has been performed correctly or that it has not leaked important private information about the data. Hence, a secure infrastructure should provide strong guarantees of the users’ privacy and the integrity of their data and computation. The goal of this project is to develop cryptographic schemes that are especially adapted to virtual network and cloud environments. In particular, we plan to develop cryptographic schemes to address issues identified in other work packages, such as secure user identification and the isolation of virtual networks and their protection from cross-virtualnetwork attacks. In addition to these, we also plan to design cryptographic protocols that can improve the security and verifiability of the outsourced computation, the integrity of Proposal Part B: page 7 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet remote storage, the resilience against side-channel attacks, and overall security of virtual networks and clouds. The specific objectives of SecFuNet are briefly summarized in the following: Objective 1: Design SecFuNet as an extensible context framework for the security of the future networks based on a secure microcontroller. The security is a central requirement for future networks. The goal of the project is to bring this framework for virtual networking and cloud access that will be the basis of future networking. The project will choose a secure microcontroller adapted for the future that will be able to support execution of several secure algorithms concerning authentication, identity, encryption, intrusion tolerant algorithms, and ability to provide solutions for isolation among virtual networks. The objective will be achieved within WP1 which specifies a detailed list of research challenges and approaches, and related deliverables. Objective 2: Authentication with EAP-TLS and legacy solutions The authentication is mandatory for future network environment and for accessing the clouds. EAP-TLS is recognized as a strong solution adapted for fixed or mobile open terminals. The project will push a solution using the secure microcontroller permitting to have a simple solution avoiding any attacks and very easy to use (no password, no phishing, etc.) The objective will be achieved within WP1 which specifies a detailed list of research challenges and approaches, and related deliverables. Objective 3: Develop a highly secure authentication server based on an array of secure microcontrollers Authentication servers are quite often a point of weakness inside the chain of security in a network. We propose in this project an original solution of an authentication server based on an array of secure microcontrollers. A user is introduced in the network by using a couple of associated microcontrollers, one for the user and the second one to be connected inside the authentication server. The EAP-TLS or legacy solution is performed end to end, from one microcontroller to the other microcontroller. So the authentication process is encrypted all along the communication process. Moreover, this solution provides a strong privacy since the authentication process can never deliver identity. The objective will be achieved within WP2 which defines a list of deliverables. Objective 4: Develop a highly secure identification scheme based on Open-ID and Shibboleth A particularly innovative aspect of the SecFuNet project is related to the secure identification process. This is central to the secure framework. The secure process will be Proposal Part B: page 8 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet based on the secure microcontroller and two schemes will be developed for the sake of comparison one using the open-ID scheme and the other one the Shibboleth scheme. SecFuNet has the ambitious goal to demonstrate and to experiment these two previous solutions and to reach a standard solution for identifying users and nodes which participate in the security architecture. The objective will be pursued within WP3. Objective 5: Design a secure network infrastructure for SecFuNet that provides a reliable and secure environment for the virtual networks and the clouds. A secure infrastructure is the basis for any application running over a virtual network or cloud. The goal is to develop schemes to create secure, isolated, and highly reliable virtual environments that can also provide QoS according to their requirements. Security solutions for the virtualization technology will be developed relying on the proposed microcontrollerbased identification and authentication schemes. This objective will be developed within WP4. Objective 6: Provide an intrusion tolerant algorithm within the virtual networks. This part of the project is focusing on intrusion tolerant algorithm. Indeed, even with the authentication and identification schemes, it is clear enough that some couple of microcontrollers could be in the hand of attackers. Even if these attackers will be identified latter on, they could try to attack the network. In this project, we would like to develop some intrusion tolerant algorithms that could work on a unique virtual network but also on several virtual networks, protecting the security of the architecture even if attackers can authenticate just as non-malicious users. This objective will be achieved within WP5. Objective 7: Provide cryptographic algorithms for future networks. Current cryptographic schemes are generally designed for use in trusted terminals. We propose in this project the development of new cryptographic protocols specially adapted to virtual network and cloud environments that can guarantee users’ privacy and/or the integrity and privacy of their data and computation. Some of these solutions will rely on the use of secure microcontrollers, especially for achieving the goal of secure identification and authentication. This objective will be achieved within WP6. Proposal Part B: page 9 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.1.1. Relevance to the FP7-ICT-2011 –EU-Brazil Objectives The SecFuNet project specifically covers Topic 3: Future Internet - security As a specific targeted project, SecFuNet particularly addresses the following target outcome Objective ICT-2007.1.6: New Paradigms and Experimental Facilities Targeted Outcomes of the Objective The development of trusted communications infrastructures providing consistent user access to services independent of cost, location, service type, access device. Addressing control and security of personal data, device independent access, user profile management, ensure same quality of experience irrespective of chosen access device, quality of service and accessibility are important elements of this challenge. SecFuNet Project S&T Objectives SecFuNet proposal is based on the realization and the experimentation of new highly secure solutions based on a secure microcontroller. The usage of secure microcontrollers is an easy way to manage security in the Internet without restricting the user access and simplifying the password and identity management. Besides, the use of a secure infrastructure that guarantees isolation and quality of service increases the quality of experience of the users. The virtualization allows the creation of different networks, simplifying the accessibility to the network with different devices and technologies. The first challenge is definitely under the scope of the project. The development of application service environment(s) providing secure and consistent access to functionality irrespective of access device, access network and service provider network. Issues associated with citizen data management and handling such as access, storage, protection and accountability are key elements of this challenge SecFuNet provides a secure access to the cloud and indeed any kind of service using secure networks and strong secure identification of the clients using any kind of terminal (the secure microcontroller can use USB connection but also NFC interface). The proposed security architecture guarantees a secure authentication as well as the privacy of the user data, even in the presence of attacks to the network or if some malicious users have an identity to access the network. Personalization, usability, and accessibility regardless of educational and technical background is key to citizen empowerment. Addressing the issues of trust and security up front are necessary for the successful acceptance and uptake of the digital inclusion environments. Citizens will benefit from these environments; however, in order to use This challenge is one of the strong responses of the SecFuNet project: indeed, the secure microcontroller and the different schemes developed by the project permit a user to access the network just plugging the microcontroller or even with the microcontroller in his pocket. Phishing and any known attacks is today possible with the SecFuNet solutions. Simplicity and security Proposal Part B: page 10 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet them, they will need to trust them without undue technical burdens and they must satisfy citizens needs and circumstances. 1.2 are at the basis of the project. Progress beyond the state-of-the-art The vision for network security was the basis for several research activities in the past years in both industry and academia. These activities spawn across the definition, design, and deployment of different features in emerging communication systems and devices, enhancing the standard functions of existing systems, thus posing new requirements regarding their functionality. Access to corporate network resources (email, VPN, Intranet, etc.) using the traditional login/password method is a major threat to company security policy. Indeed, passwords can be stolen or broken into or can give rise to difficulty in memorization by users or generate the need for constant renewal. Due to their low cost, passwords are used in situations where there is no need for a high level of security, but they fall short in an environment where a high level of security is required. The SecFuNet project will develop technologies that provide strong authentication based on the use of a secure microcontroller working with different operating systems, but mainly Microsoft operating systems associated with EAP-TLS technology. The user possesses a microcontroller securely storing digital certificates and running with the SecFuNet software and. The key independently handles the entire authentication operation. Mobility is enhanced whilst identity theft by malicious programs is impossible. During the last quarter of the twentieth century, the world of information technologies elected the IP protocol as a de facto standard for electronic data exchange. In a similar way, the Extensible Authentication Protocol (EAP) appears as a new common framework for users’ identification and access control in IP networks. It is a flexible framework normalized by the Internet Engineering Task Force (IETF) [1] [2], which implies users’ authentication before any IP address allocation. It applies to the following areas, - Authentication for PPP (Point to Point Protocol [2]) accesses. - Authentication (according to the IEEE 802.1x model [3]) in wired or wireless LANs such as Ethernet or Wi-Fi networks. - Authentication in WiMAX infrastructures (thanks to the PKM-EAP protocol defined in IEEE 802.16e [4]). - Authentication in Virtual Private Network (VPN) technologies, such as PPTP [5] L2TP [6], and IKEv2 [7]. - Authentication in emerging Voice Over Wi-Fi services, such as the UMA [8] architecture that supports the IKEv2 [7] protocol. - Authentication in AAA servers, designed according to protocols such as RADIUS [9] or DIAMETER [10]. State of the Art and Limitations SecFuNet Innovation Proposal Part B: page 11 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet EAP-TLS and legacy SIM are executed in the EAP-TLS and legacy SIM are executed within terminal. the secure microcontroller. Secure Authentication is obliged to use a SecFuNet brings very simple Authentication large number of secure devices and servers with high privacy. softwares. Identity processes are unsecure and ask for SecFuNet solution is simple and high secure. numerous software and hardware. The system is scalable and security of payment on a wide site is provided. Intrusion tolerant algorithms are weak in SecFuNet proposes new solution that virtual environment. permits virtualization to be more secure than before. Most cryptographic schemes rely heavily on SecFuNet provides new cryptographic the availability of trusted terminals for their solutions which are better adapted for execution and on reliable data storages. future networking based on virtual networks and clouds. The following sections are devoted to a review of the state of the art of some of SecFuNet related technologies. 1.2.1. Virtualization Virtual networks The development of a proper future Internet requires security demands to be satisfied [33, 34]. Regardless of the environment, location, and cost conditions, users must be offered a friendly and trustable environment that takes the trad-off between convenience and security into account. Besides, all the user data, information and behaviour must remain secure and private. The SecFuNet project defines and develops a scheme for securely managing and controlling the network infrastructure, supporting all security demands of virtualized networks. This scheme takes into account the identification scheme and the authentication control, both devised in this project, for controlling the access to the management interface of each virtual network as well as for controlling the access to the virtual networks by each user. Hence, access to each virtual network is always secure independently of user location or type of device used. The scheme developed in this work package efficiently manages virtual network data, guaranteeing secure access to the network, accountability in the management actions, a high quality of service to each virtual network, and also a high quality of experience to each user. The SecFuNet project focuses on the management and control of virtual networks. In this context, virtualization mechanisms will be used to virtualize entire networks. A single physical network is virtualized to a number of concurrent virtual networks, sharing the same physical resources. Each virtual network consists of virtual routers and virtual links and has its own protocol stack. Xen[35] is an example of virtualization platform enabling such features and will be used as base in this project. The virtualization software (hypervisor) of Proposal Part B: page 12 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet XEN runs as OS directly on the hardware. Error! Reference source not found. shows how a physical machine can be shared by multiple virtual machines, also called Domain, with Xen. The Xen hypervisor schedulers the physical resource accesses and handles the I/O operations performed by the domains. Dom0 is a privileged domain that directly accesses the hardware. Since Dom0 is a driver domain, it stores all physical device drivers and creates an interface between the virtual drivers placed in the unprivileged domains and the physical devices. In addition, Dom0 is also the management interface between the administrator and the hypervisor to create virtual machines, modify Xen parameters, and manage Xen operation. The virtualization enables a physical network to support several different network architectures simultaneously. Each virtual machine works as a virtual router running over the same physical router, which is computer running Xen. Virtual routers may be created, destroyed, moved, cloned, started, and stopped on the underlying hardware. Figure 1 - Example of two virtual networks running over the same physical substrate, assuming the use of the Xen virtualization platform. Different virtual networks must be separated from each other and must be unaware of their virtualization, of the underlying physical network, and of their concurrency to other virtual networks. Isolation in the Input/Output operations, which are required in packet forwarding, however, is a known issue in the Xen platform [36 - 39]. Different communities can benefit from virtualization: network managers would reduce their operational costs; researchers should be able to conduct experiments that are flexible, realistic and controlled, and to easily deploy new protocols and architectures; users (maybe running virtual machines) would choose and connect to different virtual networks, possibly run by different service providers, over a physical connection to one infrastructure provider [40, 41]. SecFuNet Project creates mechanisms to manage the usage of resources by each virtual network, guaranteeing isolation through a secure physical resource usage control and management. Hence, relying on a secure identification and authentication, the project will develop a management interface for configuring the virtual network resources according to the available physical ones in each network node and link. This interface protects the privacy of each virtual network, guaranteeing that neither the control nor the data of a virtual network are available to the other networks. A controller is also designed to control the usage of the physical resources by each virtual network, assuring that one virtual network will not be able to interfere with other networks. This situation can occur in three situations: if a virtual network is under attack that increases the demand on the virtual network; if the network is malicious and attempts to prejudice other networks; or if the network demand increases and the service level agreements of that network were not properly defined to Proposal Part B: page 13 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet deal with demand variations. Hence, the controller isolates virtual networks, securing the physical infrastructure. Other mechanisms are also developed to control the usage of the physical resources, avoiding an overload that could break the isolation among virtual networks. A mechanism to obtain the virtual network profile is developed to establish Service Level Agreements (SLAs) in a trustful way. Further, an intelligent manager monitors the profile and the usage of each network, managing the mapping of the virtual networks over the physical network, ensuring a reliable environment for all networks. This manager is able to detect anomalous situations and migrate virtual networks that could disturb the other virtual networks. The scheme for a secure infrastructure developed in this project isolates virtual networks and secures the physical infrastructure, which is essential for virtualization and cloud computing usage. State of the Art and Limitations SecFuNet Innovation Xen-based networks have isolation problems SecFuNet provides mechanisms for that compromise the security of the virtual guaranteeing a high isolation and QoS among network environments. virtual networks. Instantiation and management of virtual networks require an entity that can directly access physical nodes and has the capability to verify if the physical node is able to host more virtual networks. SecFuNet provides an interface for configuring physical nodes according to requirements of each virtual network and for evaluating whether a virtual node can be hosted by a physical node according to the virtual network profile. 1.2.2. EAP-TLS The Extensible Authentication Protocol (EAP) is a flexible framework standardized by the Internet Engineering Task Force (IETF). According to RFC 3748, EAP implementations conceptually consist (see Figure 3) of the four following components: EAP method EAP method 4 EAP-Peer Layer 4 EAP method EAP-Layer 3 1 2 3 1 2 Lower-Layer 1 1 EAP method EAP-Auth. Layer EAP-Layer RADIUS Server Peer Ordinateur central Authentication Server Figure 2 - EAP implementation. 1- The lower layer is responsible for transmitting and receiving EAP frames between the peer and authenticator. Proposal Part B: page 14 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 2- The EAP layer receives and transmits EAP packets via the lower layer; it implements duplicate detection and retransmission, and delivers and receives EAP messages to and from EAP methods. 3- EAP peer and authenticator layers. Based on the Code field, the EAP layer de-multiplexes incoming EAP packets to the EAP peer and authenticator layers. 4- EAP methods implement the authentication algorithms, and receive and transmit EAP messages. EAP methods can be implemented in smart cards. EAP packets (see figure 4) are made with a four byte mandatory prefix, and an optional payload. The prefix includes the three following attributes: EAP Module Client 4 EAP Module Server 4 EAP Methods EAP-Peer Layer EAP-Layer 3 1 2 3 1 2 Lower-Layer 1 1 EAP-Auth. Layer EAP-Layer RADIUS Server Peer Ordinateur central Authentication Server Figure 3 - EAP packet. - Code (one byte), the type of the EAP message, a choice between request, response, success and failure. - Identifier (one byte), a label associated to every EAP packet. A response includes an identifier identical to a previous request. - Length (two bytes) gives the total size of an EAP message. An optional fifth byte indicates the type of an EAP packet e.g. the class of authentication method able to deal with remaining data (labeled Type-Data in figure 4). The identity type (01) is a special case that is not associated to any authentication method, but which is used to collect an EAP-ID, whose meaning is either the user’s identity or the domain of the authentication server. Success or failure packets comprise only four bytes, with an identifier set to the value found in the last response. An EAP session (see figure 4) begins with a couple of EAP-Request.Identity and EAPIdentity. Response that transport either the user’s identity or the authentication server address. Afterwards a set of EAP-Request and EAP-Response are exchanged between client and server entities. At the end of a successful dialog, the server produces an EAP-Success packet. A master session key (MSK) is then computed by client and server, which is used as a root shared secret, for the computation of all remaining keys dealing with information privacy and integrity. The main achievement of EAP smart cards [20][21] is to confine EAP methods in a tamper resistant devices (see figure 5). The device has not direct access to a communication resource, which is provided by the Lower-Layer. Packets recovery and identity issues are managed by the EAP-Peer or EAP-Auth entities. Proposal Part B: page 15 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet EapEngine.class 1 4 Method.class Identity Management Methods Credentials Credential.class Init Object Personalization E2PROM Auth.class Network Interface Security Management 2 Authentication Interface PIN codes EAP-AKA 3 EAP-TLS Init(Object Credential) ProcessEap() Cryptographic API RNG - MD5 – SHA1 - RSA Javacard Framework JC.2x JC 2.x Java Virtual Machine draft-eap-smartcard ISO 7816 Interface Figure 4 - Tamper resistant device. The EAP smart card was born in 2003, and is described by an internet draft, whose thirteenth version was issued in august 2007 [22]. Schematically it processes EAP messages; EAP clients process requests or notifications and returns responses; EAP servers analyses responses and delivers requests. Its logical interface is a set of APDUs that call embedded services, classified in four categories (see figure 6): Authentication Methods Identity List EAP AKA Identity My-Office Get-Next-Identity() Get-Current-Identity() Get-Preferred-Identity() Set-Identity() Set-Multiple-Identity() Get-Session-Key() Get-Profile-Data() Select-AID() Add-Identity() Delete-Identity() Airport EAP TLS EAP-ID dot.com EAP ??? EAP TYPE Credentials EAP TLS Certificates RSA Keys EAP imsi@airport.com AKA IMSI Symmetric Key Identity Service Network Service Personalization Service Security Service Process-EAP() Get-Session-Key Reset() Verify-PIN() Change-PIN() Enable-PIN() Disable-PIN() Unblock-PIN() Figure 5 - Embedded services. - The Identity Service. A smart card manages several network accounts; the terminal operating systems performs an identity discovery process in order to browse its contents. - The Network Service. EAP messages are processed by the smart card. At the end of a successful authentication method, a session key is computed. Proposal Part B: page 16 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet - The Security Service. This service essentially manages PIN codes (Personal Identification Number) needed for security purposes. There are two kinds of PIN code, first is used by the smart card issuer and protects data dealing with identities, second establishes the link with the card bearer and unlocks the EAP device. - The Personalization Service. This service updates information stored in the smart card, such as RSA private keys, certificates, symmetric secrets. State of the Art and Limitations SecFuNet Innovation Authentication service is quite often limited The authentication is realized by a by the implementation in the terminal. microcontroller and does not depend on the terminal. SIM technology is not well adapted to future SecFuNet solution is perfectly adapted to 4G (LTE-A): terminal will be pure IP terminal. future 4G technologies. 1.2.3. Authentication server Trust in authentication servers is a very critical topic that will be tackled the SecFuNet project. The main challenge is to deploy authentication infrastructures, whose credentials (private keys...) are still controlled by their legitimate owners are not exposed to hijacking attacks. From a technical point of view this target will be achieved by grids of secure microcontrollers (such as smart cards), each of them embedding a server software, and the global infrastructure being monitored and managed by a dedicated operating system. The first grid was designed in [42] and was working with a cluster of java cards. A Mandelbrot set was generated thanks to the combined calculation of smart cards. Figure 6 - Scheme of the first experiments (2005) in smart cards grid. Proposal Part B: page 17 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Figure 7 - First experiments (2005) in smart cards grid. A second contribution ("smartcard enabled RADIUS server") dealing with grids of smart cards [43,44] was published in 2006. This server is made of two parts: - A RADIUS authentication server, running in a docking host. It offers the Ethernet connectivity and IP services. It receives and sends RADIUS packets over UDP sockets. It builds or parses RADIUS messages, handles the RADIUS secret, checks or generates authentication attributes. EAP messages, transported by RADIUS payloads are forwarded to smartcards, running EAP-Servers. - EAP servers. Each smartcard runs an EAP-server, and fully handles an EAP-TLS authentication procedure. Each component stores a unique X509 certificate and its associated RSA private key. It computes EAP responses and produces EAP requests. At the end of a successful authentication session, a MSK is calculated and delivered to the RADIUS entity USB smartcard readers NAS 4 Java Card RADIUS packets RADIUS Server 2 3 1 AS.exe Docking HOST EAP Messages Figure 8 - first generation (2006) of "smartcard enabled RADIUS server". An EAP session is a set of messages associated to an unique Session-Id value, which is obtained by the concatenation of two values, the NAS-Identifier (RADIUS attribute n°32) and the Calling-Station-Id (the client’s MAC address, corresponding to RADIUS attribute n°31) as follows: Session-Id = NAS-Identifier | Calling-Station-Id A session begins with an EAP-Identity response and ends with an EAP notification (either Success or Failure). It is associated to a unique smartcard. When no devices are available, the incoming RADIUS packet (starting a session) is silently discarded. Due to smartcard slowness, each EAP message is handled by a thread that forwards EAP response to the appropriate smartcard, waits for its response, builds a RADIUS packet and finally transmits it towards the NAS. Proposal Part B: page 18 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet An EAP server processes only once a particular message. The associated RADIUS packet is recorded, and sent again when an incoming duplicated RADIUS packet is detected. AS is also in charge of session retries. If no activity is detected during a given timeout, a retransmission occurs. After a few retries the session is released, and its associated smartcard is ready for new allocations. Figure 8 shows a plug and play realization of a smartcard enabled RADIUS server. Several USB smartcard readers, equipped with EAP servers, are plugged to an USB hub. A mass storage device stores the AS code. The system works in a standalone way, and is used by the docking host without any previous set-up. A third generation of smart card grids was discussed in [45]. This new architecture splits the RADIUS server into two main components: a RADIUS authentication server and distributed EAP servers. Figure 9xx:- third third generation generation (2010) (2010) of ofsmart smart card card grids. grids Figure The RADIUS authentication server is located on a distant host and is in charge of the following tasks: - It sends and receives RADIUS datagrams from and to the NAS, thanks to UDP sockets. - It builds or analyses RADIUS messages and more specifically encapsulates EAP messages from the smartcard into RADIUS datagrams forwarded to the NAS, and reciprocally extracts RADIUS datagrams from the NAS into EAP messages forwarded to the appropriate server smartcard. - It parses and builds APDUs which are communication units used to interact with the smartcards as explained below. - It handles the RADIUS secret and computes or checks the associated authentication digest and attributes. - It opens stream sockets with the smartcards grid and associates an incoming session with a single smartcard and its related connection. If t1 is the computing time for a process an authentication with a single computer, and tp for a grid of p smart cards, the acceleration factor (Sp) is defined as Sp = t1/tp, with 1 ≤ Sp ≤ p The acceleration factor ideal grid of p smart cards should be around p. However in [44] it was observed that the acceleration factor was limited to 5, due to hardware, software and networking issues. Proposal Part B: page 19 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet The SecFuNet project will define a new and innovative architecture, based on software, hardware, and enhanced networking protocols, which could deliver high speed trusted authentication services. State of the Art and Limitations SecFuNet Innovation Authentication server need to be installed in SecFuNet provide a new generation of secure environment. Authentication servers that can be deployed easily. Privacy is difficult to provide with current The SecFuNet solution provides a strong authentication servers. privacy: closed privacy. Proposal Part B: page 20 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.2.4. Identification Scheme State of the Art and Limitations SecFuNet Innovation Identification schemes are not well secured. SecFuNet provides a simple and highly secure identification process. Current schemes are mainly based on The SecFuNet scheme is based on the secure passwords and so on. If not the solutions are microcontroller and is simple. Login and expensive and can be attacked. password are avoided that remove phishing and other attacks. 1.2.5. Intrusion tolerant algorithms Communication mechanisms can only work in a secure and dependable way if supported by a resilient management infrastructure. Security and dependability of the network management itself remains a problem to address, because it must remain resilient enough to perform its operations, often in situations of instability, overload or attack. This is especially true when specialized, secure, management services are at stake, leading to the known paradox of "who guards the guardian." Although the availability and integrity of such services are often taken for granted, they remain single points of failure, either concerning availability or attacks. This problem claims for a resilient infrastructure that protects both the operation and its management. By incremental design, in a few necessary architectural components and middleware, we may enable communication among the rest of the system’s components, thus yielding secure and fault-tolerant network operation and management. Going further than recent research achievements on fault and intrusion tolerant architecting, we will study in this project the entanglement of the network-level and management-level realms. The objective is to build fault tolerance and security for an infrastructure that will support network-level resilience-related operations (fault diagnosis, root-cause analysis, recovery, etc). This interaction and entanglement breaks the assumptions in which previous architectures were built, i.e., that the network is operational and that network-level faults can only cause limited packet corruptions and losses. SecFuNet will define the architecture of the management infrastructure, including the definition of what will be its core components and how they will be interconnected and organized, taking as input the set of on-line management-related functionalities that need to be secured. By using replication techniques based on diversity, we will build a management infrastructure on previous efforts on designing intrusion-tolerant architectures and middleware for Internet applications and for critical information infrastructures like, for example, the power grid. The changes in the payload architecture (be it legacy or professional) must remain minimal. Applying more profound changes in the control-plane components may have dramatic consequences when considering the risks incurred in maintaining the current status quo. Because of that, although we intend to apply these Proposal Part B: page 21 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet results primarily to network management, it may be the case that some of them may be applicable to the payload network, depending on the use-cases to be considered. The components of the architecture have to communicate and, most especially, have to cooperate in order to achieve tolerance to the remaining faults and intrusions (e.g., at architectural components). The protocols needed for this purpose are part of the infrastructure middleware, as a set of software services yielded between the low-level communication protocols (e.g., IP, TCP, SSL) and the applications (e.g., the failure diagnosis mechanisms). We will leverage on recent promising techniques for building protocols that address the different levels of criticality in the foreseen architectures. The architecture and middleware defined in this project aim to be generic enough to be useable in a wide range of environments. However, the use-case scenarios to be defined will be a first target to consider the applicability of these results and will be used to assess them, through proof-ofconcept prototypes. Systems that deploy critical functions that must work correctly even if the remaining system is facing instability, overload or is under attack normally provide properties which are weaker than required, even if they maintain correct operation on average situations. To tackle this problem, we propose to use a hybrid system model underlying the architectural solutions and mechanisms proposed in the previous tasks. In such a hybrid system model, a system is composed of components that have different properties and can rely on different sets of assumptions (e.g., security- wise, timeliness-wise) [46]. In this project, we will consider that existing network operation and management systems reside in a hostile environment where overload, instability and attacks can happen. As required by our protocols, we will enhance some parts of the system with components nicknamed wormholes which, by construction, are small and either more secure or more timely than the remaining components. The Trusted Computing Group Trusted Platform Module [47] philosophy can be seen as a special case of a wormhole [48]. The great virtue of this approach is that wormholes can most of the times be plug-in modules, preserving legacy existing infrastructure equipment, reducing its vulnerabilities and increasing its robustness. The existence of wormholes enables execution of many new and more powerful distributed services, such as critical functions required to the network management and operation. To do this, we intend to evaluate and prototype general-purpose wormhole components, which can be programmed with our protocols and software, and plugged into any existing system (independently of its architecture). A practical example concerns the authentication and authorization infrastructure proposed in this project. Although decentralization seems to be a good approach to overcome the vulnerability of centralized operation, the problem lies in the difficulty of handling distribution in practice [49], even more in the presence of malicious faults. Here the idea is to create a wormhole-based channel for critical communication, which, unlike the rest of the network, is synchronous. This ensures bounds on communication delays and gives unambiguous indications on node failures. Another practical problem faced inside critical facilities is the lack of cryptographic services to avoid certain kinds of attacks [50] or to avoid simple network sniffing. Unfortunately, the large computational cost has been deterring widespread adoption of cryptography. This problem is especially important in this project, because cryptography lies at the heart of several of the techniques we intend to develop. To mitigate this inconvenience, we propose Proposal Part B: page 22 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet to use a wormhole serving key purposes in the protection of the management architecture, ensure that it produces correct signatures even under the presence of intruders. As we assume that network management systems will be under attack continuously (independently of the time scale), the architectural components investigated can become insufficient after some time. This is because (fault and intrusion) tolerance mechanisms are necessarily based on pre-defined resource assumptions (e.g., maximum number of intrusions) and such assumptions can be violated during system execution. Therefore, highly critical systems of the core management infrastructure can be further enhanced through self-healing monitors, based on reactive-proactive recovery techniques enhanced by diversity, similar to those proposed in [51]. State of the Art and Limitations SecFuNet Innovation 1.2.6. Cryptographic schemes Most of the existing cryptographic algorithms were designed to be run on machines which are usually trusted and physically protected from adversaries. For instance, the security of the majority of the existing encryption and signature schemes rely on the fact that the secret keys used to sign messages or decrypt encrypted messages are safely stored and not accessible to the adversary. Unfortunately, this assumption may no longer be true in future networks based on virtual networks and clouds where the adversary may have partial control over these networks or over the devices on which some of the cryptographic operations are performed. In fact, as shown in [52], the use of virtualization by third-party cloud providers can introduce new vulnerabilities in the system by allowing cross-virtualmachine side-channel attacks to extract information from a target virtual machine on the same machine. As a result, one of the goals of the SecFuNet Project is to design new cryptographic schemes which are better suited to virtual network and cloud environments and that are more resilient to side-channel attacks. In order to achieve this goal, we intend to use existing leakage-resilient cryptosystems, such as the one in [53] as the basis. Another important issue to be considered in future networks based on virtual networks and clouds is that of secure outsourcing of computation, where computationally weak devices delegate their computations to more powerful computation systems. In such systems, there are several aspects that need to be taken into consideration such as the correctness of the computation since there may be financial incentive for the computation server to return incorrect answers, if such answers require less work and are unlikely to be detected by the client. As a result, it is important to ... Proposal Part B: page 23 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet State of the Art and Limitations SecFuNet Innovation The majority of the existing cryptographic SecFuNet will provide new cryptographic protocols are susceptible to side-channel solutions which are provably resilient to attacks. side channel attacks. Most cryptographic identification and authentication schemes either rely on weak passwords or were designed for trusted environments. SecFuNet will provide new cryptographic solutions for the identification and authentication problems based on secure microcontrollers which are more adapted to the virtual networks and clouds. References [1] Blunk, L., and Vollbrecht, J., Internet Engineering Task Force, IETF, RFC 2284, "PPP Extensible Authentication Protocol (EAP)", 1998. [2] Aboba, B., Blunk, L., Vollbrecht, J., and Carlson, J., Internet Engineering Task Force, IETF, RFC 3748, "Extensible Authentication Protocol, (EAP)", 2004. [3] Institute of Electrical and Electronics Engineers, IEEE Standard 802.1X, "Local and Metropolitan Area Networks: Port-Based Network Access Control", 2001. [4] Institute of Electrical and Electronics Engineers, "IEEE Standard for Local and metropolitan area networks part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems Amendment 2: Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands and Corrigendum 1", 2006. [5] Hamzeh, K., Pall, G.S., Verthein, W., Taarud, J., and Little, W.A., Internet Engineering Task Force, IETF, RFC 2637, "Point-to-Point Tunnelling Protocol (PPTP)", 1999. [6] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G., and Palter, B., Internet Engineering Task Force, IETF, RFC 2661, "Layer Two Tunnelling Protocol (L2TP)", 1999. [7] Kaufman, C., Internet Engineering Task Force, IETF, RFC 4306, "Internet Key Exchange (IKEv2) Protocol", 2005. [8] Uma Technology, “Unlicensed Mobile Access, UMA”, http://www.umatechnology.org, accessed in 01/2011. [9] Aboba, B., Calhoun, P., Microsoft, and Airespace, Internet Engineering Task Force, IETF, RFC 3579, "RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)", 2003. [10] Eronen, P., Hiller, T., and Zorn, G., Internet Engineering Task Force, IETF, RFC 4072, "Diameter Extensible Authentication Protocol Application (DIAMETER)", 2005. [11] Chen, Z., Addison-Wesley Pub Co, "Java CardTM Technology for Smart Cards: Architecture and Programmer's (The Java Series)", ISBN 020170329, 2002. [12] ISO 7816, "Cards Identification - Integrated Circuit Cards with Contacts", http://www.smartcardsupply.com/Content/Cards/7816standard.htm, accessed in 01/2011 [13] Hive Minded Inc, "NectarTM Smartcard.NET 1.1",http://www.hiveminded.com, accessed in 01/2011. [14] Dierks, T., Allen, C., Internet Engineering Task Force, IETF, RFC 2246, "The TLS Protocol Version 1.0", 1999. Proposal Part B: page 24 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet [15] Aboba, B., Simon, D., Internet Engineering Task Force, IETF, RFC 2716, "PPP EAP TLS Authentication Protocol", 1999. [16] Arkko, J., Haverinen, H., Internet Engineering Task Force, IETF, "RFC 4187, "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) ", 2006. [17] Jurgensen, T.M., Guthery, S.B., "Smart Cards: The Developer's Toolkit", Prentice Hall PTR ISBN 0130937304, 2002. [18] ETSI, GSM 11.11, "Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface", 2000. [19] INFINEON, "Security & Chip Card ICs SLE 88CFX4000P”, www.DatasheetCatalog.com, 2003. [20] Urien P., Loutrel M., "The EAP Smartcard, a tamper resistant device dedicated to 802.11 wireless networks", in proceedings of the IEEE workshop on Applications and Services in Wireless Networks, ASWN 2003, Berne, SWITZERLAND, 2003. [21] Urien P., "The EAP smartcard", in proceedings of the International Network Conference 2004, INC’2004, Plymouth, UK, 2004. [22] Internet Engineering Task Force, IETF, "EAP support in smartcard", Internet Draft, 2007. [23] Urien P., Badra M., and Dandjinou M., "EAP-TLS smartcards, from dream to reality”, in proceedings of the Fourth Workshop on Applications and Services in Wireless Networks, ASWN 2004, Boston, USA, 2004. |24] Urien, P., "Open Eap Smartcard", http://www.enst.fr/~urien/openeapsmartcard, accessed in 01/2005. [25], Urien, P., "EAP Support in Smart Cards", in proceeding of the IETF 62th, Minneapolis, MN, USA, 2005. [26] Urien P., Dandjinou M., "The OpenEap Smartcard project", short paper, in proceeding of the Applied Cryptography and Network Security, ACNS 2005, Columbia University, New York, USA, 2005. [27] Urien, P., Dandjinou, M., "Smart cards for emerging wireless network", in proceedings of the Seventh Smart Card Research and Advanced Application IFIP Conference, CARDIS 2006, Tarragona, Catalonia, SPAIN, 2006. [28] Urien P., Dandjinou M., "Introducing Smartcard Enabled RADIUS Server", in proceedings of the 2006 International Symposium on Collaborative Technologies and Systems, CTS 2006, pages 74-80, Las Vegas, USA, 2006. [29] Palekar, A. , Simon, D. , Zorn, G., Salowey, J. and Zhou, H., Internet Engineering Task Force, IETF, "Protected EAP Protocol (PEAP) Version 2", Internet draft, 2004. [30] Funk, P., Blake-Wilson, S., Internet Engineering Task Force, IETF, "EAP Tunnelled TLS Authentication Protocol Version 0 (EAP-TTLSv0)", Internet draft, 2007. [31] Badra, M., Urien, P., "Adding Identity Protection to EAP-TLS Smart cards", in proceedings of Wireless Communications and Networking Conference 2007, WCNC 2007, pp 2951-2956, Hong Kong, China, 2007. [32] Urien, P., "Designing Smartcards for Collaboration with the WiMAX Security Sublayer", in IEEE proceedings of the 2007 International Symposium on Collaborative Technologies and Systems, CTS 2007, pages 37-45 Orlando, Florida, USA, 2007. Proposal Part B: page 25 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet [33] Bellovin, S., Clark, D., Perrig, A., and Song, D., "A Clean-Slate Design for the NextGeneration Secure Internet.", Report for NSF Global Environment for Network Innovations (GENI) workshop, 2005 [34] Mirkovic, J., Reiher, P., "Building accountability into the future Internet", in Proceedings of the 4th Workshop on Secure Network Protocols (NPSec 2008), pages 45-51, 2003. [35] Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., and Ho, A., Neugebauer, R., Pratt, I., Warfield, A., “Xen and the art of virtualization”, in Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, ACM, pages 164-177, 2003. [36]Egi, N., Greenhalgh, A., Handley, M., Hoerdt, M., Mathy, L., and Schooley, T., “Evaluating Xen for router virtualization,” in ICCCN’07: International Conference on Computer Communications and Networks, pages 1256–1261, 2007 [37] Jin, X., Chen, H., Wang, X., Wang, Z., Wen, X., Luo, Y., and Li, X., “A simple cache partitioning approach in a virtualized environment”, in 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, pages 519–524, 2009. [38] Egi, N., Greenhalgh, A., Handley, M., Hoerdt, M., Huici, F., and Mathy, L., “Fairness issues in software virtual routers”, in PRESTO ’08, Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow, pages 33–38, 2008. [39] Fernandes. N. C. and Duarte, O. C. M. B., “XNetMon: A Network Monitor for Securing Virtual Networks”, to appear in IEEE ICC 2011 Next Generation Networking and Internet Symposium (ICC'11 NGNI), 2011. [40] Fernandes, N. C., Moreira, M. D. D., Moraes, I. M., Ferraz, L. H. G., Couto, R. S., Carvalho, H. E. T., Campista, M. E. M., Costa, L. H. M. K., and Duarte, O. C. M. B,.”Virtual networks: Isolation, performance, and trends”, to appear in the Annals of Telecommunication, 2010 [41] Pisa, P. S., Fernandes, N. C., Carvalho, H. E. T., Moreira, M. D. D., Campista, M. E. M., Costa, L. H. M. K., and Duarte, O. C. M. B., "OpenFlow and Xen-Based Virtual Network Migration", in The World Computer Congress 2010 - Network of the Future Conference, pages 170-181, Brisbane, Australia, 2010. [42] Chaumette S. et. al., "Secure distributed computing on a Java Card grid". 19 th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05), 2005. [43] Urien, P., Dandjinou, M., "Introducing Smartcard Enabled RADIUS Server", The 2006 International Symposium on Collaborative Technologies and Systems (CTS 2006), 2006. [44] Urien, P., "Open two-factor authentication tokens, for emerging wireless LANs.", Fifth Annual IEEE Consumer Communications & Networking Conference (CCNC’08), 2008. [45] Urien, P, Marie, E., Kiennert, C.; "An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards" 2010 Fifth International Conference on Digital Telecommunications (ICDT), 2010. [46] Verissimo, P., ”Travelling through Wormholes: a new look at Distributed Systems Models”, in SIGACT News, vol. 37, no. 1, pages 66-81, 2006. [47] Trusted Computing Group, “TPM Main Part 1 Design Principles. Specification Version 1.2”, Revision 103, July 2007. [48] Giuliana S. Veronese, Miguel Correia, Alysson N. Bessani, Lau C. Lung, Paulo Verissimo, “Minimal Byzantine Fault Tolerance: Algorithm and Evaluation,” Technical Report DI/FCUL TR 2009-15, June 2009. Proposal Part B: page 26 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet [49] Michael J. Fischer , Nancy A. Lynch , Michael S. Paterson. “Impossibility of distributed consensus with one faulty process”. Journal of the ACM (JACM). Volume 32, Issue 2, April 1985. [50] Bernhard Ager Holger Dreger Anja Feldmann. Exploring the Overhead of DNSSEC. (http://www.net.informatik.tu-muenchen.de/~anja/feldmann/papers/dnssec05.pdf). 2005. [51] Paulo Sousa, Alysson Bessani, Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo. Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery. IEEE Transactions on Parallel and Distributed Systems, to appear, 2009. [52] Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. Computer and Communications Security - CCS 2009. [53] Elette Boyle and Gil Segev and Daniel Wichs. Fully Leakage-Resilient Signatures. Advances in Cryptology - EUROCRYPT 2011, ©Springer, to appear. [54] Thomas Ristenpart and Scott Yilek. When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography. Network and Distributed Systems Security - NDSS 2010. [55] Rosario Gennaro, Craig Gentry, and Bryan Parno. Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers. Advances in Cryptology - CRYPTO 2010, LNCS 6223, ©Springer, Tal Rabin (Ed.), August 2010. [56] Kai-Min Chung, Yael Kalai, and Salil Vadhan. Improved Delegation of Computation using Fully Homomorphic Encryption. Advances in Cryptology -- CRYPTO 2010, LNCS 6223, ©Springer, Tal Rabin (Ed.), August 2010. [57] Hovav Shacham and Brent Waters. Compact Proofs of Retrievability. Advances in Cryptology -- ASIACRYPT 2008. LNCS 5350, ©Springer, Josef Pieprzyk (Ed.), December 2008 1.3 S/T methodology and associated work plan 1.3.1. Overall strategy of the work plan The goal of the SecFuNet project is to provide solutions enabling to build a scalable and robust secure environment with low complexity for large-scale, dynamic network environments. The objective will be met relying on the use of microcontroller units, EAP-TLS protocol, a simple and efficient Identification scheme, new encryption process, and a strongly improved security of virtual networks. The project will investigate and identify functions which partial or full decentralization that would contribute to the reduction of network operation complexity. In order to devise and implement the SecFuNet capabilities, a smart and well-structured approach is required. This approach should be able to: Build on the relevant pre-existing know-how so that the objectives are achieved through continuity of the research. Devise the network secure eco-system architecture, technology roadmaps, and selfsecurity capacities evolution. Install a pre-SecFuNet testbed using a virtual network platform to experiment and test the different algorithms that will be proposed by the project. Proposal Part B: page 27 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Identify and build a thorough understanding of the technological hurdles to be overcome by research and development. Bring the results of the research and development to the market by natural phased proof of concepts, validation and benchmarking. The approach adopted by the SecFuNet consortium is addressing six main objectives: The analysis of system requirements and introduction of a generic system architecture. The implementation of a pre-SecFuNet platform for experimental purposes. A well adapted microcontroller to support the different processes proposed in the project. The validation and experiment of the developed SecFuNet results. The migration path from current technologies to future technologies provided by the SecFuNet project. In order to support the optimal organisation of the work, the project structure of SecFuNet has been devised to fully satisfy the project objectives. The intention is to develop a very tight integration of the various research tracks (WPs). Therefore, SecFuNet WPs are built around first the experimental platform and second the main research tracks of the project. There are 6 technical WPs (WP1, WP2, WP3, WP4, WP5, WP6), one WP (WP0) dealing with management aspects, and one WP (WP7) dealing with the orchestration of dissemination and exploitation of results. The WP structures are depicted in figure below. Proposal Part B: page 28 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.2. Work-packages and components timing (Deliverables are shown in blue, milestones in green.) WP0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Project Management and reporting Interactions with other project and community WP1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Virtual network architecture and use cases Microcontroller and security EAP-TLS and legacy solution Secure framework WP2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Infrastructure The array The software Deployment on the network WP3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Define and specify the secure identification process OpenID Shibboleth WP4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Virtual network platform definition Isolation between virtual networks Profiling and virtual network migration WP5 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Architecture components Thrustworthy authentication WP6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Encryption framework Virtual networks Cloud WP7 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Test Dissemination Standardization Proposal Part B: page 29 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.3. Work-packages and components interdependencies The following figure shows the dependencies between the different work-packages of the project. Work-package 0: Project technical management and coordination Work-package 1: Requirement and functional architecture Work-package 2: Authentication server Work-package 3: Identity process Work-package 4: Virtual networks isolation and testbed Work-package 5: Infrastructure resilience Work-package 6: Cryptographic schemes Work-package 7: Test, Dissemination and Standardisation Work-package 0 is responsible for the overall technical project management and coordination. Work-package 7 is responsible for the testbed, and driving and coordinating the dissemination, standardisation and exploitation of results as well as proposing unified communication initiatives promoting both the SecFuNet project and the technologies it covers and defines. These two work-packages thus have a transversal action scope. WP1 WP3 WP4 WP7 WP0 WP2 WP5 WP6 Figure 7- Overall project structure and components dependency. Proposal Part B: page 30 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 1 is organized around four different tasks. The following picture shows the dependency of these tasks amongst themselves and with the other work-packages. T1.1 Scenario & Use Cases T1.2 Reference Platform WP2, WP3, WP4, WP5, WP6 T1.3 Limitations & Requirements T1.4 Architecture Framework WP3, WP4 WP4 Figure 8- Work-package 1 detailed view. The prime objective of Task 1.1 is to propose network scenarios standing as concrete use-cases enabling the specification of the SecFuNet platform. The outputs of these tasks will also serve as inputs to WP3 and WP4 to specialise the generic components these workpackages will define. The objective of Task 1.2 is to specify the reference platform serving as an experimental basis for the whole SecFuNet project. The main goal of Task 1.3, based on the previously described network study cases, management/control architecture and management/control related operations, is to identify and list the shortcomings based on which a set of requirements will be then derived. Finally, the objective of Task 1.4 is the derivation of the high level SecFuNet system behavioural specification and main functional building blocks. This high level architecture will be refined by two work-packages: WP3 defining the Identity process and WP4 defining the Virtual networks and isolation in between. Work-package 2 is devoted to the highly secure authentication server. We want to define and develop an authentication server based on the microcontroller defined in the previous task. The server will be built around an array of microcontrollers. Microcontrollers will be the token associated to the user token so that the pair of token can communication in a totally save environment. Tasks T2.1 and T2.2 will define the structure and the components of the authentication server. Task 2.1 consists in the definition of the architecture of the server. Task 2.2 will define the bus and communications within the server to guaranty a response time to an EAP-TLS authentication of few seconds. Task 2.3 will define and develop the software of the server to permit scalability of the environment. Proposal Part B: page 31 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet To finalize this work package, Task 2.4 will test the server on the SecFuNet virtual network environment that will be available through WP7. T.2.3 Software WP1 T.2.1 Architecture of the Server T.2.2 The Array T.2.4 Test on the Platform WP7 Figure 9- Work-package 2 detailed view. Work-package 3 is responsible for specifying a secure identification process for Open-ID and Shibboleth environment. This work-package is divided into three tasks: T3.1 will define and specify the secure identification process. T3.2 will establish the previous process in the Open-ID environment. T3.3 will establish the previous process in the Shibboleth environment. Work-package 4 develops a secure scheme for guaranteeing the isolation between virtual networks so that one network cannot negatively affect the performance of other virtual networks through an attack. Also, it provides the secure management and control of virtual network resources using the proposed identification scheme, guaranteeing isolation and privacy about the allocated virtual network resources. This package is divided into three tasks: Task 4.1: State-of-the-art in isolation and profiling of virtual networks Task 4.2: A mechanism to secure physical resource usage by virtual networks and to ensure privacy, isolation, and reliability in the virtual network environment. Task 4.3: A mechanism to create virtual network profiles, evaluate resource usage and remap virtual networks under attack. The objective of work-package 5 is to provide a new generation for infrastructure resilience. This work-package will develop mechanisms to achieve resilience against attacks or accidents which may affect the communications and authentication/authorization infrastructure. The two main vectors of work are: achieving resilient communications and management; providing trustworthy operation of the authentication service. The work-package 5 is divided into 2 tasks: Task 5.1 Architecture components for resilient network communications and management. The idea is taking the secure comm's substrate to be developed in other WPs, and solve several remaining problems: - Maintaining interconnection resilience of each layer, under attack, e.g., through intrusion tolerant reconfiguration mechanisms. Possibly providing different levels of resilience to different layers (e.g., legacy vs. premium). Proposal Part B: page 32 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet - Ensuring trustworthy inter-layer communication, such that no layer contaminates another, through intrusion tolerant gateways. Task 5.2 Trustworthy authentication service architecture. The idea is taking the secure authentication server architecture developed in another WP and provide it with additional resilience mechanisms based on intrusion tolerance and self-healing mechanisms, making it able to survive very severe attacks. Hybrid distributed systems models based on trusted-trustworthy components will be followed, leveraging for example the existence of the secure microcontroller specified in another WP. Work-package 6 will bring new extensions to cryptographic techniques adapted to future network architectures and mainly virtualized systems. How to use the secure microcontrollers in virtualized networks? In Task 6.1 is devoted to new encryption schemes taking into account the secure microcontroller. In Task 6.2 the idea is to define a specific encryption scheme depending on the virtual network: the same token is used for the access to the different Cloud through the different virtual networks. Task 6.3 will define a solution to access a cloud in an encrypted solution. Finally, work-package 7 describes the tests using the developed mechanism over the developed secure testbed. This work package also deals with the dissemination of the proposals and the standardization. In Task 7.1, we prepare the testbed, integrating and evaluating all the proposed solutions. Task 7.2 is focused in disseminating the obtained results in the main conferences of this area. Task 7.2 is devoted to the standardization of the main obtained results. 1.3.4. Overall approach to risk management The Project Management Team proactively manages the risks. Following the agenda items will be put in board meetings agendas: Identification of any risk on the project success. Evaluation the probability, cause, effect of the risks. Management of the risks: revision of relevance. Recovery plan: maximizing positive outcomes and minimising negative outcomes of each risk. Report to upper management if needed. The main sources of risks currently identified are the following: Objectives and project deliverables are “research tasks” that may not progress as forecasted. Missing technical data. Multiple alternatives. Non-realistic performance standard. Errors in design phases. Lack of contingency plans. Proposal Part B: page 33 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Lack of skills in consortium. The Project Manager will manage the risks and maintain the risk management process and policies. A risk management table is capturing the overall risks and their associated status Proposal Part B: page 34 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet The following table will be systematically reviewed and eventually augmented during each PMT and Board meetings. Risk description Level Related WP Monitoring & Decision Contingency plan Inability to find proper network scenarios to serve as concrete usecases Low WP1 Monitor the progress of the team and verify milestones inside tasks. Deeper research on the area and use scenarios from previous works, which are proven to be adequate to project. Face secure hardware limitations and/or restrictions Low WP2 Monitor the existing hardware and keep contact with hardware developers. Use standardized EAP_TLS compatible hardware with known working drivers. Instability issues on virtualization platform Medium WP4 Monitor the use of the virtualization platform and annotate all bugs and misbehaviours. Use previous and stable versions of the virtualization platform, that has fewer features but higher reliability. Incapacity of employing the encryption scheme in the existent hardware due to hardware limitations Low WP6 Keep track of Develop simpler compatibility issues of cryptographic algorithms the used hardware, Buy hardware with higher monitor and test the compatibility/capacity. development stages of the scheme into the hardware. Difficulty to integrate all proposed solutions Medium All WPs Monitor the software development and make integration tests. Also, monitor and refine the module diagram of all solutions of the project. Review integration modules. Delays in the chronogram Medium All WPs Keep monitoring the progress of tasks and compare the progress of the team with previous works. Also, use functional metrics to monitor tasks. Add more members to the team and reduce some of the software capabilities. Leave minor functionalities for further development. Lower productivity of Low All WPs Monitor progress of tasks and milestones Meeting with managers and WP leaders to resolve Proposal Part B: page 35 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet teams and promote weekly meetings to check progress. issues, allocate members in other tasks, and hire new members. Development of unreliable software functionalities Medium All WPs Employ software engineering techniques to avoid misunderstanding of requisites. Establish solid bug tracking mechanisms. Refactor software to fix errors and improve reliability. Team member leaves the project Low All WPs Monitor if all members are working and how their tasks are performing. Readjust chronogram, transfer tasks to other groups, and hire new members. Changes in the chronogram of tasks Medium All WPs Monitor the execution of the chronogram. Readjust the chronogram and maintain its coherence. Underestimate the time needed to perform a given task Low All WPs Monitor the execution of the chronogram. Increase the working hours of the team, hire more people and postpone tasks that are out of the critical path. Proposal Part B: page 36 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.5. List of Work-packages Workpackage No1 Work-package title Type of activity2 0 Project Management Coordination and MGT 1 Requirements and Functional RTD Architecture 2 Authentication server 3 Lead partic no.3 1 Lead partic. short name Personmonths4 ET 25 Start month5 End month 1 30 UPMC 1 7 RTD IMP 4 14 Identity process RTD TPT 8 26 4 Virtual network isolation RTD UFRJ 8 26 5 Infrastructure resilience RTD UL 6 30 6 Cryptographic schemes RTD ENS 9 30 7 Evaluation testbed, results dissemination and standardisation DEM ? 1 30 TOTAL 1 Work-package number: WP 1 – WP n. 2 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. 3 Number of the participant leading the work in this work-package. 4 The total number of person-months allocated to each work-package. 5 Measured in months from the project start date (month 1). Proposal Part B: page 37 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.6. List of Deliverables Del. no. 6 Deliverable name WP no. Nature7 Dissemination level Delivery date9 8 (proj.month) D0.1 Project Handbook 0 R PU 3 D0.2 SecFuNet Annual Report Year 1 0 R PU 10 D0.3 SecFuNet Annual Report Year 2 0 R PU 20 D0.4 SecFuNet Annual Report Year 3 0 R PU 30 D0.5 Interactions with Other Projects and Technology Evolution Monitoring 0 R PU 30 D1.1 Virtual network architecture & Use Cases 1 R PU 2 D1.2 Microcontroller and security 1 R PU 3 D1.3 Limitations and requirements 1 R PU 5 D1.4 Secure framework 1 R PU 7 D2.1 Infrastructure 2 R PU 8 D2.2 Array 2 R PU 10 D2.3 Software 2 P PU 11 D2.4 Deployment on the network 2 R PU 12 D3.1 Secure Identification process 3 R PU 10 D3.2 Open-ID 3 R PU 12 6 Deliverable numbers in order of delivery dates. Please use the numbering convention <WP number>.<number of deliverable within that WP>. For example, deliverable 4.2 would be the second deliverable from work-package 4. 7 Please indicate the nature of the deliverable using one of the following codes: R = Report, P = Prototype, D = Demonstrator, O = Other 8 Please indicate the dissemination level using one of the following codes: PU = Public PP = Restricted to other programme participants (including the Commission Services). RE = Restricted to a group specified by the consortium (including the Commission Services). CO = Confidential, only for members of the consortium (including the Commission Services). 9 Measured in months from the project start date (month 1). Proposal Part B: page 38 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet D3.3 Shibboleth 3 R PU 18 D4.1 Virtual Network definition platform 4 R PU 9 D4.2 Isolation networks virtual 4 R PU 12 D4.3 Profiling and virtual network migration 4 R PU 15 D5.1 Architecture components 5 R PU 12 D5.2 Thrustworthy authentication 5 R PU 18 D6.1 Encryption framework 6 R PU 15 D6.2 Encryption for Virtual networks 6 P PU 26 D6.3 Encryption for Cloud access 6 D PU 30 D7.1 Testbed conception and deployment 7 O PU 18 D7.2 Test and Evaluation Report 7 O PU 30 D7.3 Results Dissemination and Standardization Proposals 7 O PU 30 between Proposal Part B: page 39 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.7. Work-packages descriptions Work-package 0 description Work-package number WP0 Start date or starting event: T0 Work-package title Project Management and Coordination Activity type10 RTD Participant number 2 3 STM Person-months per 6 participant Participant number Participant name Participant name 1 short ET 9 short UFPE Person-months per participant 5 6 7 8 UPMC TPT ENS IMP TUM UL 1 1 1 1 1 0 1 10 11 12 13 14 15 UFRJ UECE UFAM UFSC UFRGS DWA 6 1 1 1 1 1 4 Objectives In accordance with the project management structure identified in section 2.1, work-package 0 is chartered to ensure a global technical coordination of the actions undertaken throughout the SecFuNet project ensuring timeliness delivery of outputs, to deal with risk management and possibly supporting WP leaders in their tasks. WP0 will also address the management of legal and administrative issues (the overall legal, contractual, financial and administrative management of the consortium, preparation, update and management of the consortium agreement) The main objectives of WP0 are: Management of the Project and coordination of WPs activities. Coordination with other Projects (within and possibly outside FP7). Organization of Project reporting and administrative issues (Periodic Reports, audits, etc.). 10 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 40 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Description of work The role of this work-package will be focused on the delivery of global project reports (annual reports, meeting minutes, etc.) and to interface with other European Project dealing with topics of interest for SecFuNet. The work is therefore organized in two Tasks: Task 0.1 – Project management and reporting Project activities follow-up per work-packages through regular bottom reporting (Partners → WP leaders → Project Coordinator). Project reporting must be done at least every quarter, and if required every month (to be discussed for the project consortium agreement Meeting minutes to report meeting discussions and action points Annual Reports compilation for the EC Task 0.2 – Interactions with other projects and the research community Follow-up of other related European projects based on information received from WP and/or direct communication channels. Identification and Triggering of dedicated Cross-Project workshop when required Technology monitoring and surveillance ensuring continued synchronization of the SecFuNet project objectives with evolving technologies. Deliverables D01: Project Handbook defining quality plan (M3) D02: SecFuNet Annual Report Year 1 (M10) D03: SecFuNet Annual Report Year 2 (M20) D04: SecFuNet Annual Report Year 3 (M30) D05: Interactions with Other Projects and Technology Evolution Monitoring (M18, M36) Proposal Part B: page 41 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 1 description Work-package number WP1 Start date or starting event: T0 Work-package title Requirements and Functional Architecture Activity type11 RTD Participant number 1 2 3 4 5 6 7 8 Participant name STM UPMC TPT ENS IMP TUM UL Person-months per 6 participant 10 12 6 2 1 6 2 Participant number 9 10 11 12 13 14 15 UECE UFAM UFSC UFRGS DWA ? ? ? ? ? Participant name short ET short UFPE UFRJ Person-months per participant ? Objectives Develop a common understanding of the principles governing the operation of virtual networks. Draw up an inventory of all the actions undertaken from the security operations of a virtual network to the cloud deployment one. Identify the limits and the barriers these operational principles constitute towards the security of virtual networks. Propose a framework overcoming these limitations and enabling the specification of a set of algorithms to provide security schemes for the future networks based on virtualization and access to the cloud. Description of work WP1 is organized according a stepwise approach from an in depth review of the state of the art to the specification of the framework within which subsequent WPs will define the building blocks and mechanisms of the solution targeted by SecFuNet project. The key steps of the work-package are the following: Define the virtual network architecture of the future networks and some case 11 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 42 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet studies. Determine the microcontroller to be used in the project and the security items associated. Define the EAP-TLS and legacy solution to be developed. Define the global security framework. As the starting point of the project, WP1 will be responsible for the detailed specification of the virtual network to be used for the testbed as well as of precise study and use cases to which the novel secure architecture will be applied. Task 1.1 – Virtual network architecture and use cases The prime objective of this task is to propose virtual network scenarios based on XEN and Open Flow and security concrete use-cases enabling the specification of the SecFuNet solution. These scenarios are based on virtual network environments such as the one depicted on the following picture. Figure 14- A virtualized network. Each case study refers to different kind of security and virtual networks. Case study 1 (Authentication) The first study case will address authentication in different kind of virtual networks. Case study 2 (Identification) The second study case will target the identification process with different types of virtual networks. Different solutions will be studied: a common authentication server for the substrate network, virtual authentication servers for different types of virtual networks, and physical authentication servers associated to each virtual network. Case study 3 (Resilient networks) This third study case will be based on different virtual networks. Case study 4 (Encryption schemes) As in the previous case study, we will define some study case associated with different kind of virtual networks. It will be the role of the Task 1.1 to refine the virtual network topologies under study and Proposal Part B: page 43 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet the corresponding use-case. Task 1.2 – Microcontroller and security This task has to define the secure microcontroller to be used for the project, and to define how secure algorithms will work inside the microcontroller. Task 1.3 –EAP-TLS and legacy solution The first goal of this task is to define a very general solution based on EAP-TLS and eventually on legacy solutions where secure algorithms (authentication, encryption, identification, etc.) could be deployed inside the microcontroller. The idea is to avoid the use of the processor and the memory of the terminal. Task 1.4 – Secure framework This task is dedicated to the microcontroller and the algorithms to be implemented inside to form the secure framework: what algorithms, how to implement them, what power for the CPU and the memory, etc. Task of the different participants of this work-package. Deliverables (brief description) and month of delivery D11: Virtual network architecture & Use Cases (M2) D12: Microcontroller and security (M3) D13: Limitations and Requirements (M5) D14: Secure framework (M7) Proposal Part B: page 44 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 2 description Work-package number WP2 Start date or starting event: Work-package title Authentication server Activity type12 RTD Participant number 2 3 4 5 6 7 8 STM UPMC TPT ENS IMP TUM UL Person-months per 2 participant 2 4 10 0 10 ? ? Participant number 10 11 12 13 14 15 UFRJ UECE UFAM UFSC UFRGS DWA ? ? ? ? ? Participant name Participant name 1 T0+4 short ET 9 short UFPE Person-months per ? participant ? Objectives Define and develop a highly secure authentication server. We want to define and develop an authentication server based on the microcontroller defined in the previous task. The server will be built around an array of microcontrollers. Microcontrollers will be the token associated to the user token so that the pair of token can communication in a totally save environment. Description of work The work will be to define the architecture of the array server built with several hundreds of microcontrollers. The server will have to satisfy some security constraints and reach a performance acceptable in classical authentication (few second for each authentication). Task 2.1- Infrastructure The objective of this task is to define the infrastructure of the server to get the performance necessary in a classical usage. Task 2.2 – Array 12 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 45 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet This task will define the array architecture necessary to have a scalable server and permitting the authentication server to act quickly when necessary. Task 2.3 - Software This task is the next step in the definition of the secure authentication server: the software has to be distributed on the different microcontroller and to define the associated server (RADIUS but some more) Task 2.4 – Deployment on the network This last task in this work-package will be devoted to the deployment of the server on the virtual environment to test performance, privacy, etc. As the leader of this WP, TPT associated with IMP will conceive and test the server on the Internet as soon as possible. Deliverables D21: Infrastructure (M8) D22: Array (M10) D23: Software (M11) D24: Deployment on the network (M12) Proposal Part B: page 46 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 3 description Work-package number WP3 Start date or starting event: T0+8 Work-package title Identity process Activity type13 RTD Participant number 1 2 3 4 5 6 7 8 Participant name STM UPMC TPT ENS IMP TUM UL Person-months per 10 participant 2 4 4 ? 0 ? ? Participant number 9 10 11 12 13 14 15 Participant name UFRJ UECE UFAM UFSC UFRGS DWA ? ? ? ? ? ? short ET short UFPE Person-months per ? participant Objectives This work-package is responsible for specifying a secure identification process for Open-ID and Shibboleth environment. This work-package is divided into three tasks: T3.1 will define and specify the secure identification process. T3.2 will establish the previous process in the Open-ID environment. T3.3 will establish the previous process in the Shibboleth environment. Description of work The overall work of the work-package can be divided into three related activities, hereby referenced to as Tasks. The elaboration of the SecFuNet architecture, applying identification process will be developed in this work-package to provide a very secure ID definition. Task 3.1- Limitations and requirements This task will define and specify the secure identification process using the microcontroller and allowing a customer to access a web site in total security. In the same way as before the solution will use the EAP-TLS developed in WP1 to avoid the use of login/password. 13 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 47 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Task 3.2 – Open-ID This task will provide an implementation of the previous solution in an Open-ID environment. Task 3.3 – Shibboleth This task will provide an implementation of the previous solution in a Shibboleth environment. Who is doing what?? Deliverables D31: Secure identification process(M6) D32: Open-ID (M12) D33: Shibboleth (M18) Proposal Part B: page 48 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 4 description Work-package number WP4 Start date or starting event: Work-package title Virtual network isolation Activity type14 RTD Participant number 2 3 4 5 6 7 8 STM UPMC TPT ENS IMP TUM UL Person-months per 1 participant 0 10 0 0 0 ? ? Participant number 10 11 12 13 14 15 UFRJ UECE UFAM UFSC UFRGS 20 ? ? ? ? Participant name Participant name 1 T0+8 short ET 9 short UFPE Person-months per ? participant ? Objectives This work package is responsible for defining schemes for securing the virtual network platform, improving existent weak isolation schemes among different virtual networks. This work package is divided into three tasks. Description of work Task 4.1: State-of-the-art in isolation and profiling of virtual networks This task is responsible for evaluating the main isolation techniques used for the Xen platform and for profiling virtual routers. Task 4.2: A mechanism to secure physical resource usage by virtual networks and to ensure privacy, isolation, and reliability in the virtual network environment. In this task, an interface is developed for specifying the virtual network resources required by each virtual network. In addition, we design a monitor and a controller for verifying the resource usage by each virtual network and for checking whether the usage respects the service level 14 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 49 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet agreements specified for each virtual network. If some virtual network exceeds its resource reservation, it is punished to avoid the performance degradation of other virtual networks. Hence, we enforce network isolation and prevent malicious virtual networks from damaging other virtual networks by exhausting shared resources. This controller also verifies the access control to the management interface, guaranteeing that only users with the correct identification who are able to authenticate themselves using the microcontrollers can access the management interface to change parameters of the specified virtual network. Task 4.3: A mechanism to create virtual network profiles, evaluate resource usage and remap virtual networks under attack. This task is responsible for generating virtual router profiles for identifying a pattern that describes the normal router usage. When a difference between the profile and the resource usage occurs, the proposed mechanism evaluates whether this change indicates an attack or some other undesired behaviour. If so, the virtual network is migrated to a non-critical area to avoid that the attack/undesired behaviour exhausts the shared resources such as the input link damaging the virtual network. Deliverables D41: Virtual Network platform definition (M9) D42: Isolation among virtual networks (M12) D43: Profiling and virtual network migration (M15) Proposal Part B: page 50 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 5 description Work-package number WP5 Start date or starting event: Work-package title Infrastructure resilience Activity type15 RTD T0+6 Participant number 1 2 3 4 5 6 7 8 Participant short name ET STM UPMC TPT ENS IMP TUM UL Person-months per 1 participant 0 0 2 ? 0 ? 16 Participant number 9 10 11 12 13 14 15 Participant short name UFPE UFRJ UECE UFAM UFSC UFRGS DWA ? ? ? ? ? Person-months per ? participant ? Objectives This work-package will develop mechanisms to achieve resilience against attacks or accidents which may affect the communications and authentication/authorization infrastructure. The two main vectors of work are: achieving resilient communications and management; providing trustworthy operation of the authentication service. 15 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 51 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Description of work The work-package 5 aims to investigate architectures and communication protocols that endow the infrastructure with the capacity to automatically resist attacks on the control plane. This work package includes the investigation of components and architectures able to resist hacker attacks aiming at neutralizing or corrupting the information gathered from metrology and sent to the decision centers (network and systems management) and the development of resilient communication protocols and middleware that allow the infrastructure management components to continue to interact reliably under attack. Task 5.1 – Architecture components for resilient network communications and management This task will investigate architectures to support monitoring, diagnostic and prediction of faults at both network-level and application-level. The architectures proposed will be able to resist hacker attacks that neutralize or corrupt the information sent to the decision centers. Based on the secure communication substrate developed in WP4, we will maintain the interconnection resilience of each layer under attack, through intrusion tolerant reconfiguration mechanisms, possibly providing different levels of resilience to different layers (e.g., legacy vs. premium). Through intrusion tolerant gateways, we will ensure trustworthy inter-layer communication, such that no layer contaminates another. Task 5.2 – Trustworthy authentication service architecture This task will take the secure authentication server architecture developed in WP3 and provide it with additional resilience mechanisms based on intrusion tolerance and selfhealing mechanisms, making it able to survive very severe attacks. Hybrid distributed systems models based on trusted-trustworthy components will be followed, leveraging the secure microcontroller specified in WP1. Deliverables D51: Methods Architecture components for resilient network communications and management (M12) D52: Trustworthy authentication service architecture (M18) Proposal Part B: page 52 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 6 description Work-package number WP6 Start date or starting event: T0+9 Work-package title Encryption schemes Activity type16 RTD Participant number 1 2 3 4 5 6 7 8 Participant name STM UPMC TPT ENS IMP TUM UL Person-months per 2 participant 2 0 2 16 0 ? ? Participant number 9 10 11 12 13 14 15 Participant name UFRJ UECE UFMA UFSC UFRGS DWA ? ? ? ? ? ? short ET short UFPE Person-months per ? participant Objectives The work-package 6 aims to develop cryptographic schemes to address issues identified in other work packages, such as secure identification and authentication, and to improve the security and verifiability of the outsourced computation, the integrity of remote storage, the resilience against side-channel attacks, and the overall security of virtual networks and clouds. 16 Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 53 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Description of work The work-package 6 aims to develop cryptographic schemes that are better suited for future networking environments based on virtual networks and clouds. In particular, it aims to develop cryptographic schemes to address issues that were identified in other work packages, such as secure user identification and authentication. In addition to these, it also aims to design cryptographic protocols that can improve the security and verifiability of the outsourced computation, the integrity of remote storage, the resilience against side-channel attacks, and overall security of virtual networks and clouds. The work will consist of three main tasks. The first one is to setup a framework for specifying the different use cases and security requirements for future networking environments based on virtual networks and clouds. The second main task is to develop cryptographic solutions to address these problems in virtual networks. Finally, the third main task is to develop cryptographic solutions to address these problems in cloud computing. Task 6.1 – Cryptographic framework xxxxxxxxxxxxxxxx Task 6.2 – Cryptographic schemes for virtual networks xxxxxxxxxxxxxxx Task 6.3: Cryptographic schemes for Cloud xxxxxxxxxxxxxxx Deliverables D6.1: Cryptographic framework (M15) D6.2: Cryptographic schemes for virtual networks (M26) D6.3: Cryptographic schemes for Cloud accesses (M30) Proposal Part B: page 54 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package 7 description Work-package number WP7 Start date or starting event: T0 Work-package title Test, Dissemination, and Standardisation Activity type17 RTD Participant number 1 2 3 4 5 6 7 8 Participant name STM UPMC TPT ENS IMP TUM UL Person-months per 6 participant 2 2 2 ? ? ? ? Participant number 9 10 11 12 13 14 15 Participant name UFRJ UECE UFAM UFSC UFRGS ? ? ? ? ? short ET short UFPE Person-months per ? participant 17 ? Please indicate one activity per work-package: RTD = Research and technological development (including any activities to prepare for the dissemination and/or exploitation of project results, and coordination activities); DEM = Demonstration; MGT = Management of the consortium; OTHER = Other specific activities, if applicable in this call. Proposal Part B: page 55 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Objectives Work package WP7 has two main objectives: the creation of a testbed to allow the evaluation of the proposed algorithms, and the dissemination of information about the project. Regarding the testbed, it is necessary to conceive and deploy an infrastructure that allows the evaluation of the various algorithms being proposed. More specifically, we envisage that this testbed will comprise at least one node in each participating institution, allowing both preliminary local tests and more complex experiments involving multiple participants to be carried out. The list of experiments that will be conducted in the testbed includes the evaluation of virtual networks isolation as well as the scalability/security of the microcontroller-based authentication service. As for the second objective, it is comprised of the dissemination of results and contribution to standards, effectively promoting and making available the project's research findings and achievements within the world of Industry and Research. To realize this particular objective, SecFuNet will organize events on a national as well as an international scale such as conferences, workshops and fora, where the project objectives and achieved results will be presented and discussed. In addition, SecFuNet will publish articles in scientific journals and produce multimedia and printed promotional material to assure and increase the awareness of the industry and the academia with SecFuNet and its technological impact. These activities will meet the following goals: To ensure wider use of the project results and achievements especially within the European Community and Brazil. To provide continuous Systems Engineering for security algorithms. To establish a focal point for the European community and Brazil concerning security algorithms in virtual networks, fostering the collaboration between members of Academy and of Industry to track the important developments. To promote information exchange among relevant projects, assuring synergy effects. To keep the community informed of current and possible future developments as well as of preliminary achievements. To identify exploitation opportunities, including appropriate IPR protection, patent creation, open source software production and other licensing issues. To identify and support contributions to standards. Description of work Considering the proposed activities and the SiFuNet consortium “ecosystem”, we envisage that SiFuNet will lead to a set of new business opportunities, as well as a potential paradigm transformation in the current security business model. Subsequently, it is expected to have a positive impact on the global communication market. Task 7.1 – Testbed creation This task is comprised of requirements elicitation for the testbed, its design and deployment. The idea is to use the testbed as an environment to conduct a set of evaluation experiments aimed at proving concept and technical feasibility of the proposed algorithms. Proposal Part B: page 56 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Task 7.2 – Test and Evaluation Experiments The first part of this work package is to test the different solutions coming along the SiFuNet project. Results of the test will be used for external communications and for pushing standardization. Task 7.3 – External Communication In order to achieve optimal dissemination and publicity results, during early stages of the project, a SiFuNet Primer will be produced and released through a smart brochure and a website (see below). The Primer will present a high-level concept description, which will emphasize the technological and economic importance of the current project. SiFuNet Website Public appearance at the web is the most efficient method to promote and publish the status, progress and success achieved in the project. The domain “SiFuNet” will be used. SiFuNet Marketing Package: Brochure, Flyer, and Poster These marketing materials will present the SiFuNet in an easy-to-understand way, including an overview and a high-level architecture of the project. They will also present a short description of the consortium members, organization, logo and country. In addition, the flyer and brochure will present SiFuNet in a compact description of motivation, objectives and goals. The advanced issues by the end phase of the project will show an outline of the achieved results so far. This material will be updated during the Project’s lifecycle, every 6 months, or as often as it is necessary. SiFuNet Multimedia Video Clip In order to raise the visibility of SiFuNet, a Multimedia video-clip totally dedicated to the innovations beyond state-of-the-art technologies of SiFuNet, as well as its business impact, will be produced. The video clip will illustrate the SiFuNet project context, main goals and expected achievements. Starting with a description of the current business and visualizing every current scenario and the corresponding one after SiFuNet, illustrating the progress into the future telecom business after providing secure networks, and its impact on the ICT industry and consequently on the global communication market. Four releases of the video clip are planned, at the beginning, and every ten months, and a final closing one at month 30. SiFuNet Newsletters We intend to release a periodical newsletter (at least 4 times yearly). These newsletters will contain reports on the SiFuNet progress, forthcoming activities/events and achievements as well as fact sheets. The newsletter will address decision makers on local, international (both European and Brazilian) levels, according to the target groups identified. Task 7.4 – Dissemination of results Conferences & Workshops SiFuNet Project Board identified a number of strategic and “semi”-strategic events to present its achievements. Strategic Events: IEEE Globecom: IEEE Global Communications Conference IEE ICC: IEEE International Conference on Communications Proposal Part B: page 57 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet IEEE Infocom, Annual IEEE Conference on Computer Communications Semi-Strategic Events All partners will contribute to WP7 by disseminating project results and visions in scientific papers, contributions to exhibitions and workshops. In each participating country, various “SiFuNet marketing strategies” will be studied, corresponding to specific national environments. Subsequently, all results will be synthesized into an overall dissemination and exploitation plan. Task 7.5 – Standardization Contribution to Standards The topics treated in “SiFuNet” are expected to have an impact on multiple standardization bodies and industry fora. The standardization bodies that might be of relevance are: IETF: Recommendations for different working groups on security. 3GPP: Standards for secure networking. Who is doing what. Deliverables D7.1 : Testbed conception and deployment (M18) D7.2 : Test and Evaluation Report (M30) D7.3 : Results Dissemination and Standardization Proposals (M30) Proposal Part B: page 58 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.8. Summary of staff effort Partic. no. Partic. short name WP0 1 ET 6 2 STM 1 3 UPMC 1 4 TPT 1 5 ENS 1 6 IMP 1 7 TUM 1 8 UL 1 9 UFPE 10 UFRJ 6 11 UECE 1 12 UFAM 1 13 UFSC 1 14 UFRGS 1 Total WP1 WP2 WP3 WP4 23 Proposal Part B: page 59 of 91 WP5 WP6 WP7 Total person months FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 1.3.9. Template - List of milestones Milestone number Milestone name Workpackage(s) involved Expected date 18 Means of verification19 M0.1 M0.2 M0.3 M0.4 M0.5.1 M0.5.2 M1.1 M1.2 M1.3 M1.4 M2.1 M2.2 M2.3 M2.4 M3.1 M3.2 M3.3 M3.4 M4.1 M4.2 M4.3 M5.1 M5.2 M5.3 M5.4 M5.5 M6.1 M6.2 M6.3 18 Measured in months from the project start date (month 1). 19 Show how both the participants and the Commission can check that the milestone has been attained. Refer to indicators if appropriate. Proposal Part B: page 60 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Section 2. Implementation 2.1 Management structure and procedures 2.2.1. Integrated Project Consortium Agreement Governance With respect to the size of the project, a hierarchical management structure with clear responsibilities has been defined: the project management of SecFuNet is compliant with the 3-layers structure of Integrated Project Consortium Agreement (IPCA) Governance (see figure below). Strategic Level Operational Level Technical Level General Assembly Chairman: Project Coordinator Members:all Parners' representatives Project Board WP1 Mana WP2 WP3 European Commission Project Coordinator Chairman: Project Coordinator Members: WPLeaders WP4 WP5 WP6 WP7 Figure 20- Layer structure of SecFuNet as an integrated project. The IPCA for the project will be negotiated for the project by the Partners before being provided to European Commission. Governing Bodies and Management Functions The project management of SecFuNet is based on following decision-making bodies and management functions: General Assembly, as the ultimate strategic decision-making body for the consortium, responsible for the overall direction of the project. Project Board, as the executive decision-making and supervisory body for the execution and monitoring of the project. Project Coordinator, the legal entity among the members of the consortium acting as the intermediary between the partners and the Commission, having specific additional contractual, legal, financial and administrative obligations for the consortium coordination, and responsible at a operational level of the day-to-day management of the project. Work-package management teams, responsible for the planning, coordinating and day-to-day management of the technical work of the work-packages. The detailed compositions of these decision-making bodies, management functions and all needed specific additional roles, will be formally defined in the IPCA_SecFuNet. Proposal Part B: page 61 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet General Assembly (GA) is the body responsible for the overall direction of the project at a strategic level. The Partners shall establish, within thirty days after the date of the IPCA, the GA composed of one duly authorized representative of each of them. Competence: decision upon any proposal made by the Project Board for the allocation of the project's budget, reviewing and proposing budget reallocations to the Parties; review and amendment of grant agreement (but Partners have to sign the amendment); serve notice to Defaulting Partner; decision upon any proposal of the Project Board for the launching of competitive calls if required by the terms of the grant agreement, and the entering of new Contractors for the participation in the project; decision upon change and exchange of workpackages between the Parties and proposing corresponding amendments to the grant agreement; giving certain approvals (for ex related to use of Background); deciding upon procedures and tools for the marking and handling of the information exchanged between Parties in performance of the project, decisions related to conflict resolution. Decision-making at the General Assembly: The GA shall be chaired by the Project Coordinator's representative and it shall meet at least once a year, or at any other time when necessary on request of a Partner. Decisions may be taken in a physical meeting, a meeting via teleconference, e-mail, or without meeting under certain conditions (consent in writing delivered for signature to all Partners' representatives) Quorum: 2/3 to be present or represented (except for unanimous decision, quorum = 100%) Decisions: - Unanimity for amendment of the grant agreement - Otherwise 75% - Veto right for Party on a reasonable ground (if work is affected, if information is to be disclosed, if name would be in press release…) Project Board is the body responsible for the management of the project. The composition of the Board shall reflect the Partners' share and respective responsibilities in the Project, or an appropriate mixture in respect of balance of competencies and activity areas. Chairman: Project Coordinator. Other members: in practice representative of each Work-package Leader. The Project Board is composed of Michel Betirac, Guy Pujolle, Djamel Sadok, Otto Duarte, etc. The Project Board will be responsible for management of the project and in particular for: Proposing to General Assembly budget allocation. Proposing to General Assembly notice to defaulting party. Agreeing plan for using and disseminating knowledge (Foreground), press releases and joint publications, without prejudice to IPR. Deciding upon the technical roadmaps with regard to the project. Deciding upon designation of a third party in charge of part of management. Deciding upon measures in the framework of control and audits procedures to ensure the effective day-to-day coordination and monitoring of the progress of the technical work affecting the project as a whole. Proposal Part B: page 62 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet proposing to General Assembly procedures and tools for marking and handling of information exchanged between Partners in the performance of the project. Decisions making in the Project Board: The Project Board will meet at least quarterly at the request of its chairperson or at any other time when necessary at the request of one partner. Decisions may be taken in a physical meeting, a meeting via teleconference, e-mail, or without meeting under certain conditions (consent in writing delivered for signature to all Partners' representatives). The Project Board shall not decide validity unless a majority of 2/3 ("quorum") of its members are present or represented (except for unanimous decision , quorum = 100%). Each Project Board member shall have one vote. Decisions - Unanimity for notice to Defaulting Partner. - Otherwise 75% or simple majority. - Veto right for ¨Project Board member on reasonable ground (if work is affected, if information is to be disclosed, if name would be in press release…). The Project Coordinator is from the European Commission's point of view the member of the consortium who acts as the point of contact with the Commission. The Project Coordinator has the responsibility of coordinating and managing the progress of the total project, and of ensuring the proper implementation of the decisions taken by the General Assembly. He shall have the main following functions: To monitor compliance of Partners with their obligations under the grant agreement and the IPCA (grant agreement: the contract with the Commission for the carrying out of the project). To verify completion of formalities for acceding grant agreement. To receive Community funding and distribute it: - within 30 days from receipt. - suspend for Defaulting Partner and inform Project Board. To keep records and financial accounts for funding and inform Commission of distribution. To be the intermediary for efficient and correct communication between the Partners and the Commission on the progress of the project Administration, preparation of minutes, chairmanship of General Assembly and Board, follow-up of their decisions, On request, transmission of any documents and information connected with the project between the Partners concerned To monitor procedures regarding Use of Open Source Software To represent the project for external contacts Work-package management teams: these teams will be composed of one representative per involved Partner and chaired by the Work-package Leaders. They provide technical management of the Work-package. Proposal Part B: page 63 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Work-package leaders have important roles with respect to the project organization: - Drive, coordinate and monitor the technical activities within their work-package, to assure good progress and avoid deviations with respect to the work-package activity time plans. - Assure the communication flow within the work-package. - Assure the quality of the produced deliverables (documentation, software, etc.). - Assign activity/editor leadership if felt necessary. - Assure the communication flow externally to the work-package, towards the project coordinator and other work-package leaders to report regularly on workpackage activities and on achieved documented milestones. European Commission The European Commission will be involved in the project strategic decisions for defending its own interests in the project outcome as well as in the appropriate use of its financial contribution. The rules set in the EC Contract as well as the guidelines for project coordination will design the official frame of project reporting. Regular exchanges between the European Commission and the coordinator are expected, to review project objectives as well as project progress (project technical reviews). Project management and quality assurance procedures, risk management At project start the Project Coordinator will establish project management guidelines in the form of a Handbook that will describe the project management and quality assurance procedures. This will be contained in Deliverable D0.1. The quality assurance will include management of the documentation, and also qualitative and quantitative (e.g. measures) assessment procedures for milestones and deliverables that will be key elements in measuring the project progress. To complete the quality assurance, a Risk Register will be set-up at project start and then updated at least every 3 months to monitor the major scientific, industrial and organisational risks of the SecFuNet project. 2.2 Individual participants EtherTrust Michel Betirac Proposal Part B: page 64 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet ST Microelectronic STM provides Proposal Part B: page 65 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet University Pierre et Marie Curie – Paris 6 LIP6 is one of the most important Computer Science laboratories in France. With more than 400 people, LIP6 covers a large number of research areas contributing to the structure a communication system such as micro-electronic, networking, distributed systems, robotic, artificial intelligence, programming language and software engineering. The PHARE team of LIP6 participating in this project have leading expertise in the research on architectures, protocols and algorithms for the next generation communication networks. New technologies for network control, in particular in wireless networks, are studied in depth from different aspects: integration of different technologies, vertical handover, QoS and security management in heterogeneous networks. Past and current national and European projects that this group has been involved include ITEA projects (AMBIENCE, ADANETS, SUMO); Celtic project (Authone, GENIO, etc.), FP7 project (4WARD, AUTOI, GOLDFISH, etc.), and national projects @IRS++, GITAN, RADIC-SF, Safari, SUN, I2TIT, BBnet, Sarah, Horizon. Guy Pujolle received the Ph.D. and "Thèse d'Etat" degrees in Computer Science from the University of Paris IX and Paris XI on 1975 and 1978 respectively. He is currently a Professor at the Pierre et Marie Curie University (Paris 6), a member of the Institut Universitaire de Frabnce, and a member of the Scientific Advisory Board of Orange/France Telecom Group. He spent the period 1994-2000 as Professor and Head of the computer science department of Versailles University. He was also Professor and Head of the MASI Laboratory (Pierre et Marie Curie University), 1981-1993, Professor at ENST (Ecole Nationale Supérieure des Télécommunications), 1979-1981, and member of the scientific staff of INRIA, 1974-1979. He is currently an editor for International Journal of Network Management, WINET, Annals of Telecommunications, and IEEE Surveys & Tutorials. He was in charge of a large number of European and French projects. Thi-Mai-Trang Nguyen received her Engineer degree in Telecommunications from HoChiMinh city University of Technology, Vietnam, in 1999, M.S. degree in Computer Science from University of Versailles, France, in 2000, and Ph.D degree in Computer Science from University of Paris 6, France, in 2003. She is currently associate professor at University of Paris VI. Dr. Nguyen is a member of the IEEE. She has involved in many national and European projects related to the development of the next generation of the Internet. She also has publications in international journals and has one French patent on mobile networking. Her main research interest is the design of new architecture, protocols and algorithms related to the quality of service, security and mobility management. Proposal Part B: page 66 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Telecom ParisTech Telecom ParisTech houses over a thousand students, and over 140 research professor staff. ENST, renamed Telecom Paris then Telecom ParisTech, has also expanded to Sophia‐Antipolis. It receives students from all over the world, and constitutes a centre of excellence for teaching and research in the fields Information and Communication Sciences. Telecom ParisTech has gained international recognition in the technical domain. In addition to working on basic science developments, research at Telecom ParisTech also aims at broadening its field of study, particularly towards system integrations, innovative services on the Internet and in other media, and analysis of users' communication practices and their social impact. Telecom ParisTech thus covers all aspects of Information Technologies. Telecom ParisTech is committed to maintaining an optimal balance between scientific research, where themes remain fairly stable, and applied research, which evolves more rapidly. Research projects are organized principally in collaboration with universities and major research groups, like the CNRS (Centre National de la Recherche Scientifique). Applied research is pursued through contractual agreements between Telecom ParisTech and its corporate partners. Pascal Urien (www.enst.fr/~urien) is full professor at Telecom ParisTech; he graduated from Ecole Centrale de Lyon, holds a PHD in computer science. His main research interests include security and smart cards, especially for networks and distributed computing architectures. He holds fifteen patents and about one hundred publications in these domains. Pascal collaborates in several industrial committees like the IETF. He participated in various French and European research projects. He is the father of the internet smart card technology, which won two industrial awards, Best Technological Innovation at cartes'2000 (Paris) and Most Innovative Product of Year at the Advanced Card Award 2001 (London). He invented the EAP smart card, that won two industrial awards, Best Technological Innovation at cartes'2003 (Paris), and Breakthrough Innovation Award at CardTech/SecureTech 2004 (Washington DC). In 2006 he won a bronze award at the SecureTheWeb Developer Contest, organized by Gemalto and Microsoft. Pascal was one of the winners of French 9 th (2007) and 11th (2009) national contest, for the support of innovative start‐ups. Proposal Part B: page 67 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Ecole Normale Supérieure The École Normale Supérieure (ENS) was founded in 1794 and has had a research group (Crypto Team) in cryptology since 1988. Since its foundation, the Crypto Team at ENS has played a major role in the diffusion of cryptology in France and is one of the leading research groups in cryptology in the world. The team, which is currently led by Dr. David Pointcheval, has 23 members including 2 professors, 2 assistant professors, 4 senior researchers, 2 junior researchers, and 2 postdoctoral researchers. The research of the Crypto Team considers cryptology in a broad sense, from its most theoretical and mathematical aspects to its applications. Its main areas of expertise include all aspects of asymmetric cryptography, the design and implementation of symmetric algorithms, interactive cryptography, and cryptanalysis (both symmetric and asymmetric). Over its lifetime, the ENS Crypto Team has been involved in several European research projects (e.g., ECRYPT, STORK, and NESSIE) and French research projects. Michel Abdalla is currently a CNRS researcher and a member of the Crypto Team at ENS. He holds a Ph.D. in Computer Science from the University of California, San Diego. His research focus on design of efficient and provably-secure cryptographic protocols. He has authored or co-authored more than 40 articles in international journals and conferences. He has served on the program committee of several international conferences, including Crypto, Eurocrypt, and PKC, and was program chair for LATINCRYPT 2010 and ACNS 2009. Proposal Part B: page 68 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Implementa xxxxx Proposal Part B: page 69 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Technische Universität München Technische Universiät München (TUM) is one of the leading German universities in Engineering and Science with long standing reputation for scientific excellence. In 2006, with its concept "The Entrepreneurial University" TUM was awarded, in 2006, by the "Excellence Initiative" of the German Research Foundation and Federal Government. TUM scientists have been repeatedly singled out for the award of the Nobel Prize. Today, nine holders of the Leibniz Prize awarded by the German Research Council – Deutsche Forschungsgemeinschaft (DFG) – give lectures and pursue research at the Technische Universität München. In many international and national rankings, TUM ranks first among all German universities. The department of computer science at TUM has a long tradition, starting lectures in computer science in 1967. Today it is one of the largest computer science departments in Germany and is regularly evaluated being among the top computer science departments in Germany. The chair for Network Architectures and Services is one of 20 research units of the department of computer science at Technische Universität München. Research activities include innovative Internet technologies, with special focus on network security, network monitoring, attack detection and defense, secure peer-to-peer and overlay networking, and negotiation of security policies over fixed and mobile network technologies. Relevant projects are the EU FP7 project ResumeNet, with contributions towards the resilient Internet: service layer resilience, testbed and experiments; the EU Celtic project AutHoNe, with contributions on Autonomic Home Networking, in particular architecture, components for automated management and monitoring, testbed and experiments, and the German national science foundation (DFG) project LUPUS, with contributions on load transformations and their usage for traffic prediction and understanding in networks with security requirements. The chair for network architectures and services at TUM operates a Future Internet laboratory. As part of this laboratory, TUM operates one Future Internet Instance, which is a result of the US-based GENI project GpENI. TUM operates another Future Internet Instance which supports decentralized, user-controlled networks and knowledge plane mechanisms. Georg Carle is full professor at the faculty of computer science at Technische Universität München, where he holds the chair on Network Architectures and Services. He conducts research on autonomic, self-organized and peer-to-peer networks, network security, monitoring of IP networks, mobile communications, voice and video services over IP, charging and accounting. He received a M.Sc. degree from Brunel University London in 1989, a diploma degree in electrical engineering from the University Stuttgart in 1992 and a doctoral degree from the faculty of computer science of University Karlsruhe in 1996. From 1992 to 1996 he worked at the Institute of Telematics at the University Karlsruhe, being supported by a "Graduiertenkolleg" scholarship. In 1997, he worked as postdoctoral researcher at Institut Eurécom, Sophia Antipolis, France, supported by a TMR (Training and Mobility for Researchers in Europe) scholarship from the European Commission. In October 1997 he joined GMD FOKUS in Berlin, where he has been the leader of numerous projects funded by the European R&D program, national research programs and industry (service providers and manufacturers). In January 2003, he joined University of Tübingen as a full Proposal Part B: page 70 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet professor, founding the newly established chair on computer networks and internet. From there, he joined Technische Universität München in April 2008. Heiko Niedermayer is a senior research staff member at the Chair for Network Architectures and Services at the Technische Universität München. He has a strong background in security and protocols. His overall research spans from network security to overlay networks as well as cloud computing and autonomy in networks. He worked on the projects Semobis (Semantically-oriented Software Engineering for mobile information systems, 2004-2006), SpoVNet (Spontaneous Virtual Networks, 2006-2009), and AutHoNe (Autonomic Home Networks, 2007 - ) as well as for smaller industrial projects. He also worked on the proposals of many more projects of the Chair. He studied Informatics at the University of Würzburg with emphasis on machine learning, optimization, theory, and networking. His diploma thesis was about optimization of processes in semiconductor manufacturing. He received his diploma degree in 2003 and subsequently joined the group of Prof. Georg Carle in the same year as researcher at the University of Tübingen and later 2008 at Technische Universität München. He submitted his doctoral thesis about the architecture and components of secure and anonymous Peer-to-Peer systems in 2009 and received his doctoral degree from Technische Univesität München in 2010. Proposal Part B: page 71 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Foundation of the University of Lisbon Faculty of Sciences - FFCUL The University of Lisboa, whose origins date back to 1288, has presently an estimated number of 20000 students, and a teaching staff of about 1600 highly qualified teachers. The University of Lisbon Faculty of Sciences is currently organized in 9 Departments, among which the Department of Informatics (DI), and has approximately 5000 students. With more than 200 ongoing projects, R&D activities at the Faculty of Sciences are carried out in 26 different research units, many of which developed together with international teams, funded both at national and European levels. These units are run under the umbrella of Foundation of the University of Lisbon Faculty of Sciences (Fundação da Faculdade de Ciências da Universidade de Lisboa), a private non-profit organization totally held by the Faculty of Sciences, created in 1993, whose main purposes are to promote research and technological development activities, provide qualified human resources training and offer consulting expertise and knowledge dissemination. The Large-Scale Informatics Systems Laboratory (LASIGE) is a laboratory of the DI whose core personnel is formed by professors and researchers belonging to two areas: Computing Systems Organization and Information Systems. Its mission is to organize the intervention of the department in research, teaching and training, and technology transfer, on the domains pertaining to the core activity of the laboratory. Navigators is a group within LASIGE that addresses architecture and infrastructure issues of distributed systems (middleware), namely the aspects of large-scale, dependability, security and real-time, both of system support and applications. The core people of the Navigators group originated from the Distributed Systems and Automation Group at INESC, and have been very active in international research for almost 20 years now, mainly in the areas of distributed systems, fault-tolerance and real-time (http://www.navigators.di.fc.ul.pt). The group has produced several PhD and MSc theses, and hosted a few foreign post-doctorates. It took part in several international research projects, namely ESPRIT: DELTA-4; BANK'92; BROADCAST; DINAS-DQS, CORTEX, MAFTIA, some of which as the coordinating partner. The group has recently been involved in several European projects, including IST-FP6-26979 HIDENETS and IST-FP6-27513 CRUTIAL, and the IST-FP6-26764 RESIST NoE, and currently participates in two IPs: FP7-ICT-257475 MASSIF and FP7-ICT-257243 TCLOUDS. FCUL (Faculty of Sciences of the University of Lisbon) will act as a third party of FFCUL based on the cooperation agreement on R&D projects signed between these two institutions. The core team of FFCUL involved in SecFuNet are faculty from FCUL and they will be involved in all activities of FFCUL within this project. Paulo Veríssimo is a full professor of the DI of the University of Lisbon Faculty of Sciences and former Director of LASIGE. He belongs to the European Security & Dependability Advisory Board, and is associate editor of the IEEE Transactions on Dependable and Secure Computing. He is past Chair of the IEEE Technical Committee on Fault Tolerant Computing and of the Steering Committee of the DSN conference, and belonged to the Executive Board of the CaberNet European Network of Excellence. He was coordinator of the CORTEX IST/FET project (http://cortex.di.fc.ul.pt). He is a senior member of the IEEE. Paulo Veríssimo leads the Navigators group and is currently interested in: architecture, middleware and protocols for distributed, pervasive and embedded systems, in the facets of real-time adaptability, and fault- and intrusion-tolerance. He is author of more than 130 refereed publications in international scientific conferences and journals in the area, and co-author of five books. Proposal Part B: page 72 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Marcelo Pasin is an assistant professor of the DI of the University of Lisbon Faculty of Sciences and member of the Navigators team within the LASIGE laboratory. After working for the Brazilian computer industry, he joined the Federal University of Santa Maria (UFSM, Brazil), being tenured as assistant and later as associate professor. During a sabbatical leave from UFSM, he worked as a Coregrid (IST FP6 NoE) fellow for the Engineering and Architecture School of Fribourg (Switzerland) and the University of Pisa (Italy). Leaving UFSM, he worked at INRIA in Lyon (France), where he was in charge of most aspects of the EC-GIN project (IST FP6 STREP). His research interests are resource virtualization, scheduling and allocation, high performance computing and networking (data transfer performance and synchronisation), and large-scale distributed systems as grids and clouds. He has published in conferences and journals more than twenty refereed articles, and is the editor of two conference proceedings. He is member of IEEE, ACM and SBC (Brazil).Key People: Proposal Part B: page 73 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Universidade Federal de Pernambuco - UFPE Djamel Fawzi Hadj Sadok possui graduação em Engenharia Eletrônica pela Universidade Federal do Rio de Janeiro (UFRJ-1976), mestrado em Engenharia Elétrica pela Universidade Federal do Rio de Janeiro (COPPE/UFRJ-1981) e doutorado em Téléinformatique - Ecole Nationale Supérieure des Télécommunications (ENST-1985-França). Atualmente é professor titular da Universidade Federal do Rio de Janeiro. Entre 1992 e 1993, fez pós-doutorado no laboratório MASI da Universidade de Paris VI. Em 1995, fez um outro pós-doutorado no International Computer Science Institute (ICSI) associado à Universidade da Califórnia em Berkeley. Em 1999, e 2001 e 2006, foi Professor Convidado da Université Pierre et Marie Curie. Tem experiência na área de redes de computadores, atuando principalmente nos seguintes temas: protocolos de comunicação, Internet, segurança, qualidade de serviço, protocolos multidestinatário e avaliação de desempenho. Proposal Part B: page 74 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Universidade Federal do Rio de Janeiro - UFRJ The Universidade Federal do Rio de Janeiro (UFRJ ‐ Federal University of Rio de Janeiro) is the oldest and most important federal university of Brazil. In UFRJ. COPPE (Coordenação dos Programas de Pós‐Graduação em Engenharia) is the first and biggest post-engineering research institute of South America. COPPE’s defining characteristic is the overriding priority assigned to teaching and basic engineering research, graduating highly qualified engineers, as well as to the generation of advanced state‐of‐the art concepts in the service of social, technical, and economic development of Brazil. The major emphasis of the teaching and research faculty is on research as well as on training of master’s and doctoral degree students. COPPE’s interface with industry is COPPETEC Foundation. Applied industrial research, expert technical opinion and consultancy, extension courses and technical workshops as well as related activities are all carried out by means of contracts between the Foundation and clients requiring consultancy or technical services. The Grupo de Teleinformática e Automação (GTA – Computer Network Research Group) began its activities on March 1986. GTA belongs to the Program of Eletric Enginnering (PEE COPPE), which recently maintained the maximum grade (7 out of 7) in CAPES. CAPES grade is a Brazilian standard for evaluating the best post-graduation programs in Brazil. GTA is currently participating of international projects such as the CAPES/COFECUB Project. This project is an international cooperation agreement where GTA participates since 1994. The project involves LIP6 (Laboratoire d’Informatique de Paris 6) from Université Pierre et Marie Curie (France), LAAS (Laboratoire d’Analyse et d’Architecture des Systèmes) associated to Université de Toulouse (France), and three Brazilian universities. The main activities are in Quality of Service, Mobility, and Multimedia. In addition, GTA also participates several Brazilian projects funded by CNPq and Faperj . CNPq is the National Council for Scientific and Technological Development. CNPq is linked to the Ministry of Science and Technology (MCT), which supports Brazilian research. Faperj, on the other hand, is a public foundation to support research in the state of Rio de Janeiro. Otto Carlos Muniz Bandeira Duarte was born in Rio de Janeiro, Brazil, on October 23, 1953. He. is a Full Professor at Universidade Federal do Rio de Janeiro, Brazil, where he works since 1978. He received his B.E. degree in Electronic Engineer and M.Sc. in Electrical Engineering also from Universidade Federal do Rio de Janeiro in 1976 and 1981, respectively, and his Dr. Ing. from ENST/Paris, France, in 1985. Otto has strong international ties, which he reinforces during his sabbaticals: between January 1992 and June 1993 he worked as a researcher at the MASI laboratory at the University of Paris 6; in 1995, he spent three months at International Computer Science Institute (ICSI) in Berkeley; and in 1999 and 2001, he worked as invited professor at the University of Paris 6. His research interests include mobile communications, security, multicast, and QoS guarantees. He has advised 45 doctoral and masters students, and published 150 articles in international and national conferences and 40 articles in international and national journals. He has given numerous invited talks and tutorials, and serves as a consultant to companies in the area of Internet technologies. He is also the head the computer networks group (Grupo de Proposal Part B: page 75 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Teleinformtica e Automao - GTA). Otto has recently received the "Scientist of Our State" award (granted to the 200 most outstanding researchers of the state of Rio de Janeiro) and is one of 250 researchers in computer science from all over Brazil selected to be CNPq researchers (CNPq is the technology research branch of the Brazilian government). Otto is currently involved in a number of research projects. He is the coordinator of TAQUARA (Technology, Applications and Quality of Service in Advanced Networks), a project funded by the National Research Network (RNP) through the GIGA Project. He is also the head of the ad hoc research group of the project CISBTVD (Interactivity Channel for the Brazilian System of Digital Television) and the coordinator of RARA (Advanced Networks and Autonomic Networks), both funded by the Brazilian government. Finally, he leads the RAT (Packet traceback) project, one of the 14 selected from 430 submissions to the UOL (a major Internet provider of Brazil) open call. Proposal Part B: page 76 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Universidade Estadual do Ceará - UECE The State University of Ceará (UECE) is one of the main Universities located on the Northeast of Brazil, with almost 17,000 students enrolled. The Computer Sciences Department, with about 400 graduate and undergraduate students is engaged in leading edge research andteaching with an emphasis in applied computing. The proposed work will be performed by members of the Information Security Research Team (INSERT), housed in the Computer Science Department of UECE. INSERT started in 2000, housed at the Georgia Institute of Technology, migrating later to Brazil. INSERT has an extensive experience in cooperation with industry, academia and public sectors having worked on successful research projects with Raytheon, Infineon, Microsoft, and US Department of Defense among others. Andre Luiz Moura dos Santos has graduated in Electronics Engineering from the Instituto Tecnológico de Aeronáutica (1988), received a Master degree in Atmospheric Science from University of Washington (1994) and a PhD in Computer Sciences from University of California, Santa Barbara (2000). Dr. dos Santos is the director of the Information Security Research Team (INSERT), research team dedicated to study security of digital data. Currently, he is a full professor at the Computer Sciences Department of the State University of Ceará (UECE). Dr. dos Santos has more than 20 years working on information security and before working at UECE has worked as Assistant Professor of the College of Compunting at Georgia Institute of Technology (200-2005). Dr. dos Santos has worked as consultant to Banco Bradesco, government of the State of Ceará, Netscape, and Wargo & French LLP. Dr. dos Santos has worked on succesfull research projects with Raytheon, Infineon, Microsoft, IBM, National Security Agency, National Science Foundation, US Army and Department of Defense. Dr. dos Santos has patents with Georgia Tech and Infineon Technologies in Germany, France, US, Japan and China on systems, methods and computer program products using partitioning (used by operating systems on secure microcontrollers). Proposal Part B: page 77 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Universidade Federal do Amazonas - UFAM Emerging Technologies & System Security Research Group (ETSS) is a research group from the Federal University of Amazonas in Brazil. Our research focus is to identify emerging technologies and conceive of new security solutions that will have a high impact on innovation with industrial relevance. ETSS performs research and development on behalf of government and industry. To keep pace with the rate of change in emerging technologies, we conduct a large amount of research in existing and emerging technology areas including wireless sensor network, delay-tolerant network, emergency network architectures, mobile system and security system. We collaborate extensively with government, academia and private sector entities including Ministry of Science and Technology, National Council of Scientific and Technological Development, Federal University of Pernambuco, Federal University of Minas Gerais, University of Campinas, Nokia Institute, and Ericsson Research in Kista Sweden. Currently, ETSS holds around 20 researchers including 04 PhDs, PhD and MSc students, and undergraduate students. Eduardo Feitosa received Ph.D. in Computer Science from the Federal University of Pernambuco in Brazil (2010). Currently, Dr. Eduardo Luzeiro Feitosa is an Associate Professor at the Department of Computer Science of the Federal University of Amazonas. He is researcher in the Emerging Technologies & System Security (SSET) research group and holds a position as a research fellow in the Networking and Telecommunications Research Group at Federal University of Pernambuco since February 2006. He has been involved in different research projects such as Secure Fieldwork Networks (SEFIN), supported by Ericsson Sweden and access control for automation in power system (SIRCAM), supported by Companhia Hidroelétrica do São Francisco (CHESF). His broad areas of interest are Computer Networks and System Security, including security architectures, unwanted and malicious traffic, traffic analysis and mobile networks. Eduardo Souto received his Ph.D. degree in Computer Science in 2007 from the Federal University of Pernambuco in Brazil. Currently, Dr. Eduardo Souto is an Associate Professor at the Department of Computer Science of the Federal University of Amazonas, where he coordinates the undergraduate course in information systems. Besides, he is ETSS group leader and holds a position as a Research Fellow in the Networking and Telecommunications Research Group at Federal University of Pernambuco, which he has visited on a regular basis since 2007. He has been involved in research projects financed through Brazilian research agencies, such as Brazilian National Council for Scientific and Technological Development (CNPq) and State of Amazonas Research Foundation (FAPEAM). He has also been in the program committee and organizing committee of national and international conferences in Computer Science. His research interests are in the areas of Wireless Sensor Network, Network Security, Internet Traffic Measurement, and Distributed Systems. Proposal Part B: page 78 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Proposal Part B: page 79 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Universidade Federal de Santa Catarina - UFSC Joni da Silva Fraga possui graduação em Engenharia Eletrica pela Universidade Federal do Rio Grande do Sul (1974), mestrado em Engenharia Elétrica pela Universidade Federal de Santa Catarina (1979) e doutorado em Informatique/ Automatique - Institute National Polytechnique de Toulouse (1985). Atualmente é professor titular da Universidade Federal de Santa Catarina. Tem experiência na área de Sistemas de Computação, com ênfase em Sistemas Distribuídos, atuando principalmente nos seguintes temas: Segurança, Tolerância a Falhas, Tolerância a Intrusões, Algoritmos Distribuídos e Middleware. Proposal Part B: page 80 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Universidade Federal do Rio Grande do Sul - UFRGS The Federal University of Rio Grande do Sul (Universidade Federal do Rio Grande do Sul, UFRGS) is one of the 5 top Brazilian universities in scientific and technologic activities and, with more than 30,000 students, one of the largest public ones. The Institute of Informatics, where part of the project will be carried out, is a world-class center of excellence in Computer Science and Computer Engineering engaged in leading research, teaching, and technology transfer to Industry. It was founded in 1989 as one of the faculties at UFRGS. The Institute has 71 faculty members, which makes it one of the largest Computer Science and Computer Engineering groups in the country. One of its main characteristics is a strong connection between research on software and hardware. The Institute also includes a team of 36 administration staff to provide support for a community of over 700 undergraduate and 250 graduate students. Antonio Marinho Pilla Barcellos holds BSc and MSc degrees in Computer Science from Universidade Federal do Rio Grande do Sul (1989 and 1993, respectively) and a Ph.D. in Computer Science from University of Newcastle Upon Tyne (1998). Between 2000 and 2007 he worked for Unisinos University, heading the research group on Computer Networks and supervising postgraduate students. he has been a Principal Investigator of projects on the fields of High-Performance Computing, Computer Networks, Fault Tolerance and Distributed Systems. He has received financial support from research agencies including ACM, IEEE, CNPq, CAPES, RNP and FAPERGS. Prof. Barcellos is currently the chair of the Special Interest Group on Security of the Brazilian Computing Society (SBC). His broad areas of interest are Computer Networks and Systems Security, in which he is authored dozens of papers. He heads a research project on P2P security (P2P-SeC) and a Working Group on BitTorrent network monitoring, called GT-UniT and supported by Rede Nacional de Ensino e Pesquisa (RNP). He is an Associate Professor at Federal University of Rio Grande do Sul (UFRGS). Luciano Paschoal Gaspary holds a Ph.D. in Computer Science (UFRGS, 2002) and serves as associate professor at the Institute of Informatics, UFRGS. He is managing director of the Brazilian Computer Society (SBC) and director of the National Laboratory on Computer Networks (LARC). Prof. Gaspary has been involved in various research areas, mainly computer networks, network management and computer system security, and has been publishing his work in reputable journals and conferences. Prof. Gaspary is author of more than 100 full papers published in leading peer-reviewed publications. He has a history of dedication to research activities such as participation in Technical Program Committees of relevant symposia, organization of scientific events and review of journal papers. Currently, he serves as editorial board member for the Brazilian Journal on Computer Networks and Distributed Systems (RESD). Gaspary has been supervising doctoral thesis, a dozen masters dissertations and undergraduate students, as well as participating of projects funded by both agencies such as CNPq, CAPES and FAPERGS and companies such as HP, Digistar and RNP. Proposal Part B: page 81 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 2.3 Consortium as a whole The consortium is the result of a rigorous search and identification of key partners together forging a diverse and well balanced group of individuals backed by organizations dedicated to the success of the SecFuNet project. R&D in Europe involves three main types of institutional actor: enterprises, universities, and public research organisations. They complement one another and all contribute importantly to the European Research Area (ERA). Public research organisations are entities "which as their predominant activity provide research and development, technology and innovation services to enterprises, governments and other clients…". This definition distinguishes public research organisations from universities, which have education at the core of their activities, and from enterprises, which primarily produce goods and services for commercial purposes. The SecFuNet consortium is organized around these three main types of institutions each standing a pillar for the project. As strong part of the consortium comes from the Small and Medium Enterprises. Small enterprises are the backbone of the European economy. They are a key source of jobs and a breeding ground for business ideas. Europe’s efforts to usher in the new economy will succeed only if small business is brought to the top of the agenda. Small enterprises are the most sensitive of all to changes in the business environment. They are the first to suffer if weighed down with excessive bureaucracy, and are the first to flourish from initiatives to cut red tape and reward success. At Lisbon was set the goal for the European Union to become the most competitive and dynamic knowledge-based economy in the world, capable of sustainable economic growth, more and better jobs and greater social cohesion. Small enterprises must be considered as a main driver for innovation, employment as well as social and local integration in Europe. The SecFuNet project paid specific attention to the involvement of SMEs bringing together EtherTrust, Implementa and also Virtuor as a subcontractor, to join forces and bring added value to the scientific and technical objectives. Specific focus on SMEs involvement is identified below. Universities are key actors in both the European Higher Education Area (EHEA) and in Brazil. The essential mission of academia is producing new knowledge answering societal needs (including needs of business and industry) and disseminating this new knowledge to all stakeholders or users. Universities are at the leading edge of research. SecFuNet targeting advanced networking principles highly relies on the key competencies and open minded academic partners. Universities account for 33% of the overall consortium partners. The SecFuNet project brings together scientific communities, companies and researchers with varying approaches. This is an essential value towards the objectives. SMEs specific involvement The contribution of EtherTrust to the SecFuNet project should be highly valuable for a number of reasons: The goals of SecFuNet and EtherTrust are fully aligned The goal of the SecFuNet project, namely finding practical ways for step by step introduction of building blocks dealing with increasing network complexity towards full automated secure networks, is fully in line with objective of EtherTrust. The SME EtherTrust is strongly focused Proposal Part B: page 82 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet As an SME, EtherTrust ought to be highly focused on its mission. Since there is full alignment of goals between the SecFuNet project and EtherTrust, one can expect that the company will be do whatever it takes to make the SecFuNet project highly successful and reap its share of this success. The SME EtherTrust brings shorter time to market As an SME, EtherTrust is able to shorten the cycle between R&D and commercialization, compared to what big companies can do. This means that some elements of solution developed in the SecFuNet project will reach the market earlier through EtherTrust, benefiting not only users, but also larger industrial partners in the project because this will help the market to move faster to SecFuNet-like solutions, therefore opening the way to those more complete solutions they will offer soon after. Note that such early commercialization of elements of SecFuNet solution by EtherTrust is fully aligned with the "practical approach of step-by-step introduction of building blocks" chosen by the SecFuNet project. The SME EtherTrust is dedicated to exploit results As an SME, EtherTrust has an obligation and a high degree motivation to turn the results of the SecFuNet project into a business success. This "business obligation" shall benefit the SecFuNet project in the sense that it will help the whole project to keep a business focus. The respective strengths of SME's like EtherTrust and larger industrial players like STM are very complementary The combination of strengths of SMEs like EtherTrust (focus, flexibility, nimbleness, reactivity, etc.) with the complementary strengths of larger industrial players (market understanding, customer trust, reliability, investment capacity, resilience, etc.) is very powerful, provided they work well together to add their strong points. EtherTrust founders have a track record of successfully working with large telecom industry players, providing a great starting point for setting up and driving the cooperation in the SecFuNet project to a successful outcome. 2.4 Resources to be committed No major equipment costs are considered within the project. Planned demonstrations will be based on material today belonging to the different organisations. Proposal Part B: page 83 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Section 3. Impact 3.1 Expected impacts listed in the work programme The evolution or revolution expected in support of the future networked society imposes to solve major issues. The security is clearly one of them and a pre-requisite that will strongly impact the success of networks and clouds deployments. It is widely understood, that the ever growing complexity need a change in paradigm, migrating from quasi-static human operations with all constraints in terms of scalability, intelligence, errors, towards integrated environment encapsulated into a microcontroller. It is just a matter of fact that service delivery is limited today by the current lack of network security. As such, the foreseen infrastructure solutions will not only solve the problem from a theoretical point of view, but also will surely consider practical and migration path constraints enabling a realistic impact. This class of issues is obviously a worldwide problem that is starting to be addressed in other regional initiatives related to the future of Internet (US: GENI, u-Japan, u—Korea, etc..). Beyond the legitimate interest, there is an unambiguous requirement to contribute to the European and Brazilian industrial competitiveness through effective solutions and means to make it a reality. The selection of the consortium was carefully done along this result objective. We consider the mix defined as close to the optimum for high quality outputs as well as reactivity in dissemination leading to confidence in the industrial impact. Moreover based on the intrinsic holistic approach encompassing services and networks architectures, we do believe that conditions ensuring synergies exist. Solving security issues means enabling and acceleration of Internet migration towards the networked society. Europe and Brazil should be the region of excellence initiating the new era, demonstrating its capabilities of innovation and transfer into actual deployments. The solution expected here is a strategic building block allowing recovery of a legitimate worldwide position. Expected impacts: Strengthened European and Brazilian position in the development of the Future Internet. The trend towards security will push beyond the limit the current virtual networks, and clouds evolution. Starting from an already difficult situation due to the heterogeneity of the systems and services, the introduction of a strong unified framework for security becomes mandatory. Providing solutions and the means to make it reality, convenient theory of operation will allow solving the problem. The highly valuable propositions will not only deal with very complex problems but will take care of the migration and practical deployment constraints. As such a great impact is expected giving easy-to-use and optimized tools but as simple as possible and hiding the complexity in order to facilitate the adoption in the field. The SecFuNet project will tentatively interact and benefit from ongoing Security initiatives Description of some projects on security 3.2 Dissemination and/or exploitation of project results, and management of intellectual property Even before the project has really begun, the consortium has started already a set of preparations e.g. the preliminary structure of the project site was defined. Thus assuring one Proposal Part B: page 84 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet of the important ways that all the achieved results will be continuously disseminated to the research community and relevant standardisation bodies to ensure immediate relevance of the SecFuNet research and to obtain an early feedback. 3.2.1. Dissemination and Exploitation of Results Throughout the proposal preparation phase, a team spirit was achieved, which was shaped, helping to easy define the way, goals and future cooperation. However, concerning dissemination and exploitation of the results, every category of the consortium may set its individual strategy. Large Telecommunications Vendors & Industrials The general strategy is establishing a strong action of direct and immediate transfer of knowledge between the consortium, local systems engineering and subsequently to the R&D departments to achieve a head start and gain a competitive edge. Thus SecFuNet will give the opportunity for innovative sustainable network security solutions to meet a larger market. In addition, it is intended to organize dissemination events through IEEE, ACM, and IFIP events. Universities & Research Institutes A carefully targeted strategy will be followed to maximise the impact of the project, both within the project period and following its completion. The principal activities and routes are summarised below: To publish the achieved research results extensively at the highest quality conferences like IEEE Globecom, IFIP/IEEE International Conference on security, specialized workshops , and journals including the IEEE Journal on Selected Areas in Communications (J-SAC), the Computer Communications Journal, and the Annals of Telecommunications. Moreover, dissemination within the corresponding teaching courses will be done e.g. Computer Networks and Communication System, Performance Evaluation of Distributed Systems, as well as in seminars and practical courses. Generally, Universities and research institutes will benefit from the project through their participation in a leading edge research and will achieve competencies, which are needed to support SMEs. SMEs Through the experience achieved from SecFuNet, and through the insights and technology developed in the project, SMEs will be able to develop new services and applications that take advantage of the project achievements. Moreover, SME`s will benefit from involvement in SecFuNet common research areas and increased know how. This will facilitate future contracts with potential partners and provide a pool of skilled personnel to enable expansion into the growing market for telecommunication management networks. Remark: Exploitation activities shall be done with respect to exploitation rights within the consortium defined in compliance with the Grant Agreement and the consortium agreement. Remark: In compliance with the Rules of participation , the Grant Agreement (Ref. FP7Grant Agreement document http://cordis.europa.eu/fp7/calls-grant-agreement_en.html) and the consortium agreement, Proposal Part B: page 85 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Dissemination activities shall be compatible with the protection of intellectual property rights, confidentiality obligations, and the legitimate interests of the owner of the foreground. Prior notice of any dissemination activity shall be given to the other participants concerned. 3.2.2. Contribution to standards Security of heterogeneous networks is still considered as a green field for standardization. Currently, there are much more proprietary protocols rather than standardized ones. According to the fact that most standardisation bodies have a 2-3 year life-cycle, from first consideration of a work item to finalised specification, the SecFuNet consortium is in conscious to follow up, identify and propose all necessary standardization proposals from the very beginning on. These activities are supported by the fact that a number of consortium members are also members in international standard bodies (i.e. IETF, ITU, ETSI, etc.). Proposal Part B: page 86 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet 3.2.3. Intellectual Property Rights (IPR) management SecFuNet with its innovative topics is expected to result in a number of patents and intellectual properties. The appropriate handling of IPR is critical to the success of the Project. IPR management will be clearly defined in the Integrated Project Consortium Agreement (IPCA). Below, the key principles of IPR management to be inserted in the Consortium Agreement. KEY PRINCIPLES TO BE INSERTED IN THE CONSORTIUM AGREEMENT FOR FP 7 PROJECTS Words with capital letters refer to defined terms in the Rules for Participation for the Seventh Framework Programme or the Model of Grant Agreement for the FP 7 Projects. Confidentiality: A clause providing for a protection period that will be (a) the longer of (i) the period of the Grant Agreement plus 2 years or (ii) 5 years from the effective date of the Grant Agreement, or, (b) if no Grant Agreement is signed, 5 years from the effective date of the consortium agreement, should be integrated. Intellectual Property: Foreground, which is generated by more than one party such that it is impossible to separate them for the purpose of IPR protection, shall, unless otherwise agreed, be owned jointly by the parties generating such Foreground. Each joint owner may Use such Foreground and grant non-exclusive licences to third parties to do so without being obliged to account to the other joint owners or to demand their consent. Specific Background may be excluded by a party by agreement prior to signature of the Grant Agreement. Foreground may be assigned, without prior written notice, by a party to any of its Affiliates (as further defined) or to the assignee of that party’s relevant business or to a pre-identified third party, provided that party ensures that the other parties’ rights to use that Foreground in accordance with the provisions of the Grant Agreement and consortium agreement are preserved. The other parties may not object to such an assignment. Access Rights needed for the execution of the Project or for Use shall be granted on a nonexclusive, worldwide basis. Where needed for the execution of the Project, Access Rights shall be granted royalty-free, as of the date of the Grant Agreement entering into force. Each party shall grant Access Rights to any Affiliate of any other party (so long as such Affiliate remains an Affiliate of that other party) as if such Affiliate were another party provided that such Affiliate undertakes to grant licences under its IPR needed to Use Foreground to all parties and their Affiliates in accordance with the consortium agreement and to fulfil all obligations under the Grant Agreement and consortium agreement as if it were a party. “Affiliate” of a party shall mean an Affiliated Entity of that party (as defined in the Rules for Participation for FP7) together with any legal entity directly or indirectly controlling, controlled by, or under common control with that party, for so long as such Proposal Part B: page 87 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet control lasts. Other legal entities may be specifically listed in an Annex to the consortium agreement as being “Affiliates” under certain conditions. Access Rights by a party to the Foreground of another party for Use shall be deemed granted by that other party on a royalty-free basis. Access Rights by a party to the Background or sideground of another party needed for the Use of Foreground shall be granted by that other party on Fair and reasonable conditions to be contained in specific written agreements between the relevant parties. All of the provisions of the Grant Agreement and consortium agreement concerning Access Rights shall apply equally to software. Access Rights to the source code of such software will only be required to be granted to the extent expressly so provided in the consortium agreement. Further, specific licence rights and specific sub-licensing rights shall be specified in relation to software that is Background, sideground or Foreground. Each party shall abstain from using in the Project or introducing into the Project any Background or sideground or other work that would or might require Foreground, Background, sideground or any other work to be licensed under conditions commonly known as “Open source software” or “Controlled License terms” unless approved in writing by the all the other parties. No party will have the right to publish or allow the publishing of any data which constitutes Foreground, sideground, Background or confidential information of another party, even where such data is amalgamated with such first party’s Foreground, sideground, Background or other information, document or material. A copy of any proposed publication in connection with or relating to the Project shall be sent to the Co-ordinator and by the Coordinator to the Commission and to the parties at the earliest time possible, and the Commission and the parties may object to the publication within a stated period on the basis that that it adversely affects the objecting party’s Foreground or commercial interests or includes its Confidential Information. Liabilities: Parties should agree on an appropriate limitation of liabilities under the consortium agreement. For certain cases of breach the normal limits will be increased or will not be applicable at all, such as the case where the liability involves the use of any party’s IPR outside the scope of the relevant Access Rights. Amendments to the Grant Agreement or the consortium agreement: Amendments to the Grant Agreement or the consortium agreement may only be made with the specific written agreement of the parties. Standards-Related Activities: No party is obligated to make any contribution to any European or other standard, unless made under a separate written agreement signed by that party. Proposal Part B: page 88 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Section 4. Ethical Issues None of the ethical issues presented in the table below apply to the SecFuNet project Proposal Part B: page 89 of 91 FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet ETHICAL ISSUES TABLE YES Informed Consent Does the proposal involve children? Does the proposal involve patients or persons not able to give consent? Does the proposal involve adult healthy volunteers? Does the proposal involve Human Genetic Material? Does the proposal involve Human biological samples? Does the proposal involve Human data collection? Research on Human embryo/foetus Does the proposal involve Human Embryos? Does the proposal involve Human Foetal Tissue / Cells? Does the proposal involve Human Embryonic Stem Cells? Privacy Does the proposal involve processing of genetic information or personal data (eg. health, sexual lifestyle, ethnicity, political opinion, religious or philosophical conviction) Does the proposal involve tracking the location or observation of people? Research on Animals Does the proposal involve research on animals? Are those animals transgenic small laboratory animals? Are those animals transgenic farm animals? Are those animals cloned farm animals? Are those animals non-human primates? Research Involving Developing Countries Use of local resources (genetic, animal, plant etc) Benefit to local community (capacity building i.e. access to healthcare, education etc) Dual Use Proposal Part B: page 90 of 91 NO FP7-ICT-20011-EU-Brazil STREP proposal SecFuNet Research having direct military application Research having the potential for terrorist abuse ICT Implants Does the proposal involve clinical trials of ICT implants? I CONFIRM THAT NONE OF THE ABOVE ISSUES APPLY TO MY PROPOSAL Proposal Part B: page 91 of 91 X
