Download IAIK Info Brochure - Institute of Applied Information ...

IAIK
Institute for Applied Information
Processing and Communications
Information Security
Cryptography
E-Government
Design and formal verification
Trusted computing
RFID security
Secure crypto hardware
Side-channel analysis
Network security
Critical information infrastructure
http://www.iaik.tugraz.at

Who is IAIK?
Who is IAIK?
The Institute for Applied Information Processing and Communications
(IAIK) focuses on information security and adjacent domains. Roughly 60
employees at IAIK conduct research, teach students, and consult private
as well as public organizations. The institute is part of the Faculty of
Computer Science at the Graz University of Technology in Austria.
Research @ IAIK
IAIK researches information security in a broad context: Researchers
work in the areas of cryptography, e-government, e-identity, trusted
computing, RFID security, secure hardware implementations of
cryptographic algorithms, side-channel analysis, network security, and
design and formal verification.
Consulting @ IAIK
As an advisor, IAIK offers expert knowledge in rapidly-evolving information
technologies with respect to information security, and consults public
and private institutions, both national and international. Considering the
migration towards a global information society, such advisory services are
of paramount importance. IAIK emphasizes the independent position of its
consulting activities.

Teaching @ IAIK
All course topics are aligned to IAIK’s research interests. In
addition, the teachers at IAIK emphasize new teaching methods:
Students work in teams on projects and follow an inter-disciplinary
approach, usually on material related to up-to-date research
problems. This teaching method corresponds to the dynamics of
knowledge creation and is able to face the often short life cycles
of relevant knowledge. Moreover, this method proves adequate
when trying to cope with the requirements from the industry at
one hand, and the goal to offer a proper scientific education at
the other hand.
Secure Information Society @ IAIK
In order to intensify research and teaching towards a “Secure
Information Society,” IAIK has founded the non-profit organisation
“Stiftung Secure Information and Communication
Technologies SIC“. IAIK has established SIC to encourage
independent scientific research and development as well as
teaching and knowledge transfer in the fields of applied information
processing, communication, and information security.

IAIK´s highlights
IAIK’s Highlights
Reinhard Posch is Chief Information Officer
The Head of IAIK is Reinhard Posch. As Chief Information
Officer of the Austrian Government, Reinhard Posch is heading
the platform “Digital Austria” which is the coordination body for
ICT in public administration and e-government in Austria.
Reinhard Posch is Chairman of the Board of ENISA
Reinhard Posch represents Austria in the Management Board
of the “European Network and Information Security Agency”
(ENISA) and currently is the chairman of this Board.
Vincent Rijmen’s research group in cryptology
IAIK’s Krypto Group is lead by the cryptologist Vincent Rijmen.
Vincent Rijmen is the co-designer of the algorithm Rijndael. In
October 2000, Rijndael was selected by the National Institute
for Standards and Technology (NIST) to become the Advanced
Encryption Standard (AES). The Krypto Group is leading the
world-wide collision search for the cryptographic hash function
SHA-1, and is also involved in designing next-generation
symmetric cryptographic primitives.

Formal Methods for Design & Verification
The Design and Verification Group started work in
February 2008. Lead by Roderick Bloem, the group
studies the use of formal methods for the design of correct
systems. This includes verification, automatic fault
localization and repair, and correct-by-construction design.
E-Government Innovation Center (EGIZ)
EGIZ is a joint effort of the Federal Chancellery Austria and
IAIK. EGIZ provides the scientific background to the highly
successful e-Government development in Austria. In the
EU-wide ranking of e-Government implementations, Austria
has been ranked number 1 in the years 2006 and 2007.
Secure Information Technology Center Austria (A-SIT)
A-SIT is a joint project of the Austrian Ministry of Finances, the
Austrian National Bank, and IAIK. IAIK constitutes the research
unit in this center. A-SIT supports Austria’s public administration
in questions of information security. Currently, the policies for
electronic signatures, the use of cryptography, the citizen card
and its role within Austria’s e-government are the major research
topics.

Foundation “Stiftung Secure Information and
Communication Technologies” (SIC)
IAIK has established SIC to encourage independent scientific
research, development, as well as teaching and knowledge
transfer in the fields of applied information processing,
communication and information security. SIC is also responsible
for continued development, support and sales of the Crypto
Toolkits for the Java platform that were developed by IAIK.
The VLSI Design and IMPA-Lab –
experts in hardware crypto design
This group focuses on secure application-specific hardware
implementations of cryptographic algorithms. It investigates
implementation issues of area-efficient, low-power, and high-speed
implementations of symmetric and asymmetric cryptographic
algorithms such as RSA, DES, AES, and ECC. Solutions are
customized IP modules, architecture enhancements, or whole
systems based on secure hardware. The group is interested
in contactless technology and adequate crypto-enhancements
(secure RFID chips and secure smartcard chips). IAIK’s highly
successful Implementation Attack Lab (IMPA-Lab) is part of this
group. The researchers of the IMPA-Lab develop efficient and
secure countermeasures against implementation attacks, like
side-channel attacks, and evaluate these.

Trusted Computing and Java
Based on more than ten years of experience in implementing
Java TM -based cryptography, the Trusted Computing and Java
Team focuses on Java TM language and public-key-infrastructure
support for Trusted Computing. Research aims at trust technology
for small devices such as mobile phones and other embedded
and networked systems.
Network Security & Critical Information Infrastructures
The Network Security Group focuses on secure computer network
infrastructures, with emphasis in network traffic verification and
intrusion detection. The group investigates machine-learning
techniques for building models that can detect traffic anomalies
and invisible attacks.

IAIK is different
What Makes IAIK Special?
Strong Internal Coherence
Within a few years, IAIK has grown from 20 to 60 people. This
successful dynamic has been possible due to the strong internal
coherence of the group. All 7 sub-groups interact intensively.
One of the Most Competitive Research Groups
As a result of this coherence and a long-term research focus
on information security, with specializations in various directions,
IAIK has become one of the most complete research groups in
IT security.
Research Excellence & Research Lobbying
IAIK is not only a trademark in research excellence, but also
renowned as a strong player in research lobbying, be it on
national or on international level. IAIK’s foundation SIC has
thousands of business partners who use its Java crypto toolkit.
Members of IAIK advise EU administrators and chair boards
of European agencies, such as the European Network and
Information Security Agency. Moreover, the head of IAIK serves
as Chief Information Officer of Austria. And IAIK’s cryptographers
take a leading role in new worldwide developments in
cryptology, such as the development of standard algorithms
like the AES, or the currently ongoing collision search for
SHA-1.

Next Generation Researchers
The success of IAIK is also based on a strong commitment to
students as potential next-generation researchers. Bachelor
students are not only introduced to fundamental topics, but are
also offered help for professional orientation. To master level
students, IAIK’s courses on IT security in integrated modes
are known as the “IAIK Summer Term”. In addition, IAIK has
been offering summer internships for students as well as for
prospective students for many years.
Satisfaction & Motivation
IAIK pays yearly bonuses to all employees. These bonuses have
stimulated a high degree of satisfaction and the motivation to
repeat the achievements of the previous year.

funded projects 2008
IAIK’s Externally Funded Research in 2008
The volume of externally funded research projects in 2007
was approximately € 2,4 million. For 2008, this value will rise
to an estimated € 2,8 million. Most funding comes from the
European Union Framework Programmes, and from national
funding agencies such as the Austrian Science Foundation
(FWF), FIT-IT, and the Austrian Federal Government.In
2008, IAIK is involved in six projects within the European
Framework Programmes (one Network of Excellence, three
Integrated Projects, two STREPs), and one project within the
Competitiveness and Innovation Framework Programme, two
projects funded by the Austrian National Science Foundation
(FWF) and six projects funded by the Austrian Ministry of
Transportation, Innovation and Technology (FIT-IT, BM-VIT).
Moreover, IAIK has attracted a variety of funds from industry
and public bodies. Below you find short descriptions for a
selection of projects. See also http://www.iaik.tugraz.at for
more details.
GRANDESCA deals with an investigation of new concepts
of random number generators and of open issues of poweranalysis-resistant
logic styles.
PROACT is a research and teaching programme. PROACT
intends to intensify training for students in RFID-related topics
to provide industry with more qualified graduates specialized
in RFID, and will promote research in several fields connected
with RFID devices and systems.
10

In SNAP, a system of secure mobile coupons will be developed
using NFC (Near Field Communication) technology.
BRIDGE is an Integrated Project funded by the European
Commission. The proper implementation of RFID technology
based on EPC standards in Europe is the major goal. IAIK is
mainly active in the research of security issues.
C@R is an Integrated Project funded by the European
Commission. Development of future collaborative working
environments for rural applications is the major goal of this project.
IAIK is mainly active in research of secure RFID technology that
will be integrated into those collaborative applications.
The development of middleware for secure networks of sensor
nodes is the overall objective of the FP6 STREP SMEPP.
11

The goal of the FIT-IT-funded project QCC is to realize an
FPGA-based system on chip for securing virtual private
networks by combining quantum cryptography with classical
cryptography.
The Open Trusted Computing (OpenTC) consortium is a
research & development project focusing on the development
of trusted and secure computing systems based on open
source software. The project targets traditional computer
platforms as well as embedded systems such as mobile
phones. The goal of OpenTC is to protect against systemrelated
threats, errors, and malfunctions.
TOPAS
TOPAS (Trust Oriented Platform For Advanced Security)
works on providing the necessary framework for creating
trusted – or trustworthy – personal devices, devices that are as
familiar to their users as their mobile phones are and that can
be used in security-relevant or sensitive application scenarios.
The major objective of this project is the development of a
framework of Mobile Trusted Platforms that can be used on
a variety of mobile and embedded systems, cost-effectively
providing trusted computing technologies to these platforms,
irrespective of the security features of the underlying system.
ISCA
Investigation of Side Channel Attacks (ISCA) is an FWF
project dealing with the development of new side-channel
analysis attacks and countermeasures for symmetric and
asymmetric cryptographic primitives.
12

The European Network of Excellence for Cryptology
(ECRYPT) is funded within the IST Programme of the European
Commission’s 7th Framework Programme. Its objective is
to intensify the collaboration of European researchers in
information security, and more in particular in cryptology
and digital watermarking. Cryptology and watermarking are
interdisciplinary research areas with a high strategic impact for
European industry and for the society as a whole. They are a
fundamental enabler for security, privacy and dependability in
the Information Society for digital asset management.
SECRICOM (Seamless Communication for Crisis
Management) is a collaborative research project in the
Seventh Framework Programme. The project aims at
the development of a reference security platform for EU
crisis management operations. The goal is to solve or
mitigate problems of contemporary crisis communication
infrastructures. In addition, it should add new smart functions
to existing services which will make the communication
more effective and helpful for users.
13

STORK (Secure Identity Across Borders Linked) is a three
year Large Scale Pilot under the EU Competitiveness and
Innovation Programme – ICT Policy Support Programme. The
objective is to demonstrate cross-border interoperability of
national electronic identity (eID) technologies in e-government.
Thirteen EU Member States (Austria, Belgium, Estonia, France,
Germany, Italy, Luxemburg, Portugal, Slovenia, Spain, Sweden,
The Netherlands, United Kingdom) and Iceland will develop
models and common specifications for eID in e-government
and will demonstrate the results in cross-boder e-government
services.
Design and verification of modern embedded platforms are
two highly related problems which are still addressed by
using unrelated methodologies. This reduces development
productivity and complicates achieving predictable system
properties. The COCONUT project focuses on the definition
of a formal framework based on a tight integration of design
and verification through all refinement steps of an embedded
platform design flow, from specifications to logic synthesis
and software compilation.
Numerical Cryptanalysis
In this project, sponsored by the Austrian Science Fund (FWF),
we examine how advanced nonlinear optimization techniques
and numerical solving methods can be used to break modern
symmetric cryptosystems.
14

ARTEUS
ARTEUS stands for Attack Resistance and Tolerance
Enabling Universal Security. The project is sponsored by
FIT-IT. The major goal of the project is a secure development
methodology for embedded systems that includes protection
against fault analysis and other implementation attacks.
POWER-TRUST
“Low POWer & Energy Relevant Techniques Targetting
Robust Universal Security in deep sub-micron
Technologies” is the full title of this project. It is funded by FIT-
IT’s Trust in IT Systems programme line. The project focuses
on secure implementations of future microcontrollers. Our
main tasks deal with implementation specific issues that arise
when countermeasures against fault analysis and side-channel
analysis are embedded into such designs.
15

Teaching at IAIK
Teaching at IAIK
The success of IAIK is based on a strong commitment to
students as potential next-generation researchers. Most of our
students study Informatics, Software Development, or Telematik.
At bachelor level, IAIK offers foundations and introductions to
typical computer science topics such as computer organization,
operating systems, networks, and information security. For
master-level students, IAIK teaches courses on cryptology,
verification, secure software design, IT security, critical
information infrastructures, and trusted computing. You can also
find hardware-oriented courses like VLSI Design or Systems
on Chip. Many of these courses are offered as an integrated
package known as the “IAIK Summer Term” (in spring of each
year). During summer months, IAIK has been offering internships
for students as well as for prospective students for many years.
Courses for Bachelor Programmes
On the bachelor level, students are introduced to foundations
of computers, operating systems, networks, and information
security.
16

Master’s Level Courses
Students work in teams on projects and immerse into topics
related to top-notch research in IT security:
IT Security
Applied Cryptography
Applied Cryptography 2
Security Aspects in Software Development
Trusted Computing
Advanced Computer Networks
Critical Information Infrastructures
Verification & Testing
Design & Verification
VLSI Design
System-on-Chip Architectures and Modelling
Master Project
Diploma Seminar
Seminar/Project Applied Information Processing
Master Thesis
PhD Level Courses
Formal Methods for Design and Verification
Seminars in Cryptography
Cryptanalysis of Symmetric Cryptographic Algorithms
Scientific Working
Privatissimum Applied Information Processing
17

structure & Dynamics
IAIK’s structure and dynamics
IAIK was founded in 1987. Since then, the institute’s researchers
have been working on various aspects of IT security. Over the
years, the number of employees has grown to almost 60 full
time equivalents. As is shown in the figure below, IAIK has six
research groups and an administrative group.
18

Roughly 30% of all employees are financed by the university
budget which comes from Austria’s Federal Government. The
remaining 70% are financed through research contracts.
The figure below shows the distribution of IAIK’s personnel
according to their academic level.
19

Additional Information
http://www.iaik.tugraz.at
IAIK
http://jce.iaik.tugraz.at
The Foundation SIC, Java Crypto Toolkit
http://www.buergerkarte.at
Austria’s Citizen Card
http://www.egiz.gv.at
EGIZ E-Government Innovation Center
http://www.a-sit.at
Secure Information Technology Center – Austria
http://cs.tugraz.at
Faculty of Computer Science of TU Graz
http://www.tugraz.at
Graz University of Technology
Impressum
Institute for Applied Information
Processing and Communications,
Graz University of Technology,
Inffeldgasse 16a,
8010 Graz, Austria
October 2008