Download IAIK Info Brochure - Institute of Applied Information ...
Download IAIK Info Brochure - Institute of Applied Information ...
Download IAIK Info Brochure - Institute of Applied Information ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>IAIK</strong><br />
<strong>Institute</strong> for <strong>Applied</strong> <strong>Info</strong>rmation<br />
Processing and Communications<br />
<strong>Info</strong>rmation Security<br />
Cryptography<br />
E-Government<br />
Design and formal verification<br />
Trusted computing<br />
RFID security<br />
Secure crypto hardware<br />
Side-channel analysis<br />
Network security<br />
Critical information infrastructure<br />
http://www.iaik.tugraz.at
Who is <strong>IAIK</strong>?<br />
Who is <strong>IAIK</strong>?<br />
The <strong>Institute</strong> for <strong>Applied</strong> <strong>Info</strong>rmation Processing and Communications<br />
(<strong>IAIK</strong>) focuses on information security and adjacent domains. Roughly 60<br />
employees at <strong>IAIK</strong> conduct research, teach students, and consult private<br />
as well as public organizations. The institute is part <strong>of</strong> the Faculty <strong>of</strong><br />
Computer Science at the Graz University <strong>of</strong> Technology in Austria.<br />
Research @ <strong>IAIK</strong><br />
<strong>IAIK</strong> researches information security in a broad context: Researchers<br />
work in the areas <strong>of</strong> cryptography, e-government, e-identity, trusted<br />
computing, RFID security, secure hardware implementations <strong>of</strong><br />
cryptographic algorithms, side-channel analysis, network security, and<br />
design and formal verification.<br />
Consulting @ <strong>IAIK</strong><br />
As an advisor, <strong>IAIK</strong> <strong>of</strong>fers expert knowledge in rapidly-evolving information<br />
technologies with respect to information security, and consults public<br />
and private institutions, both national and international. Considering the<br />
migration towards a global information society, such advisory services are<br />
<strong>of</strong> paramount importance. <strong>IAIK</strong> emphasizes the independent position <strong>of</strong> its<br />
consulting activities.
Teaching @ <strong>IAIK</strong><br />
All course topics are aligned to <strong>IAIK</strong>’s research interests. In<br />
addition, the teachers at <strong>IAIK</strong> emphasize new teaching methods:<br />
Students work in teams on projects and follow an inter-disciplinary<br />
approach, usually on material related to up-to-date research<br />
problems. This teaching method corresponds to the dynamics <strong>of</strong><br />
knowledge creation and is able to face the <strong>of</strong>ten short life cycles<br />
<strong>of</strong> relevant knowledge. Moreover, this method proves adequate<br />
when trying to cope with the requirements from the industry at<br />
one hand, and the goal to <strong>of</strong>fer a proper scientific education at<br />
the other hand.<br />
Secure <strong>Info</strong>rmation Society @ <strong>IAIK</strong><br />
In order to intensify research and teaching towards a “Secure<br />
<strong>Info</strong>rmation Society,” <strong>IAIK</strong> has founded the non-pr<strong>of</strong>it organisation<br />
“Stiftung Secure <strong>Info</strong>rmation and Communication<br />
Technologies SIC“. <strong>IAIK</strong> has established SIC to encourage<br />
independent scientific research and development as well as<br />
teaching and knowledge transfer in the fields <strong>of</strong> applied information<br />
processing, communication, and information security.
<strong>IAIK</strong>´s highlights<br />
<strong>IAIK</strong>’s Highlights<br />
Reinhard Posch is Chief <strong>Info</strong>rmation Officer<br />
The Head <strong>of</strong> <strong>IAIK</strong> is Reinhard Posch. As Chief <strong>Info</strong>rmation<br />
Officer <strong>of</strong> the Austrian Government, Reinhard Posch is heading<br />
the platform “Digital Austria” which is the coordination body for<br />
ICT in public administration and e-government in Austria.<br />
Reinhard Posch is Chairman <strong>of</strong> the Board <strong>of</strong> ENISA<br />
Reinhard Posch represents Austria in the Management Board<br />
<strong>of</strong> the “European Network and <strong>Info</strong>rmation Security Agency”<br />
(ENISA) and currently is the chairman <strong>of</strong> this Board.<br />
Vincent Rijmen’s research group in cryptology<br />
<strong>IAIK</strong>’s Krypto Group is lead by the cryptologist Vincent Rijmen.<br />
Vincent Rijmen is the co-designer <strong>of</strong> the algorithm Rijndael. In<br />
October 2000, Rijndael was selected by the National <strong>Institute</strong><br />
for Standards and Technology (NIST) to become the Advanced<br />
Encryption Standard (AES). The Krypto Group is leading the<br />
world-wide collision search for the cryptographic hash function<br />
SHA-1, and is also involved in designing next-generation<br />
symmetric cryptographic primitives.
Formal Methods for Design & Verification<br />
The Design and Verification Group started work in<br />
February 2008. Lead by Roderick Bloem, the group<br />
studies the use <strong>of</strong> formal methods for the design <strong>of</strong> correct<br />
systems. This includes verification, automatic fault<br />
localization and repair, and correct-by-construction design.<br />
E-Government Innovation Center (EGIZ)<br />
EGIZ is a joint effort <strong>of</strong> the Federal Chancellery Austria and<br />
<strong>IAIK</strong>. EGIZ provides the scientific background to the highly<br />
successful e-Government development in Austria. In the<br />
EU-wide ranking <strong>of</strong> e-Government implementations, Austria<br />
has been ranked number 1 in the years 2006 and 2007.<br />
Secure <strong>Info</strong>rmation Technology Center Austria (A-SIT)<br />
A-SIT is a joint project <strong>of</strong> the Austrian Ministry <strong>of</strong> Finances, the<br />
Austrian National Bank, and <strong>IAIK</strong>. <strong>IAIK</strong> constitutes the research<br />
unit in this center. A-SIT supports Austria’s public administration<br />
in questions <strong>of</strong> information security. Currently, the policies for<br />
electronic signatures, the use <strong>of</strong> cryptography, the citizen card<br />
and its role within Austria’s e-government are the major research<br />
topics.
Foundation “Stiftung Secure <strong>Info</strong>rmation and<br />
Communication Technologies” (SIC)<br />
<strong>IAIK</strong> has established SIC to encourage independent scientific<br />
research, development, as well as teaching and knowledge<br />
transfer in the fields <strong>of</strong> applied information processing,<br />
communication and information security. SIC is also responsible<br />
for continued development, support and sales <strong>of</strong> the Crypto<br />
Toolkits for the Java platform that were developed by <strong>IAIK</strong>.<br />
The VLSI Design and IMPA-Lab –<br />
experts in hardware crypto design<br />
This group focuses on secure application-specific hardware<br />
implementations <strong>of</strong> cryptographic algorithms. It investigates<br />
implementation issues <strong>of</strong> area-efficient, low-power, and high-speed<br />
implementations <strong>of</strong> symmetric and asymmetric cryptographic<br />
algorithms such as RSA, DES, AES, and ECC. Solutions are<br />
customized IP modules, architecture enhancements, or whole<br />
systems based on secure hardware. The group is interested<br />
in contactless technology and adequate crypto-enhancements<br />
(secure RFID chips and secure smartcard chips). <strong>IAIK</strong>’s highly<br />
successful Implementation Attack Lab (IMPA-Lab) is part <strong>of</strong> this<br />
group. The researchers <strong>of</strong> the IMPA-Lab develop efficient and<br />
secure countermeasures against implementation attacks, like<br />
side-channel attacks, and evaluate these.
Trusted Computing and Java<br />
Based on more than ten years <strong>of</strong> experience in implementing<br />
Java TM -based cryptography, the Trusted Computing and Java<br />
Team focuses on Java TM language and public-key-infrastructure<br />
support for Trusted Computing. Research aims at trust technology<br />
for small devices such as mobile phones and other embedded<br />
and networked systems.<br />
Network Security & Critical <strong>Info</strong>rmation Infrastructures<br />
The Network Security Group focuses on secure computer network<br />
infrastructures, with emphasis in network traffic verification and<br />
intrusion detection. The group investigates machine-learning<br />
techniques for building models that can detect traffic anomalies<br />
and invisible attacks.
<strong>IAIK</strong> is different<br />
What Makes <strong>IAIK</strong> Special?<br />
Strong Internal Coherence<br />
Within a few years, <strong>IAIK</strong> has grown from 20 to 60 people. This<br />
successful dynamic has been possible due to the strong internal<br />
coherence <strong>of</strong> the group. All 7 sub-groups interact intensively.<br />
One <strong>of</strong> the Most Competitive Research Groups<br />
As a result <strong>of</strong> this coherence and a long-term research focus<br />
on information security, with specializations in various directions,<br />
<strong>IAIK</strong> has become one <strong>of</strong> the most complete research groups in<br />
IT security.<br />
Research Excellence & Research Lobbying<br />
<strong>IAIK</strong> is not only a trademark in research excellence, but also<br />
renowned as a strong player in research lobbying, be it on<br />
national or on international level. <strong>IAIK</strong>’s foundation SIC has<br />
thousands <strong>of</strong> business partners who use its Java crypto toolkit.<br />
Members <strong>of</strong> <strong>IAIK</strong> advise EU administrators and chair boards<br />
<strong>of</strong> European agencies, such as the European Network and<br />
<strong>Info</strong>rmation Security Agency. Moreover, the head <strong>of</strong> <strong>IAIK</strong> serves<br />
as Chief <strong>Info</strong>rmation Officer <strong>of</strong> Austria. And <strong>IAIK</strong>’s cryptographers<br />
take a leading role in new worldwide developments in<br />
cryptology, such as the development <strong>of</strong> standard algorithms<br />
like the AES, or the currently ongoing collision search for<br />
SHA-1.
Next Generation Researchers<br />
The success <strong>of</strong> <strong>IAIK</strong> is also based on a strong commitment to<br />
students as potential next-generation researchers. Bachelor<br />
students are not only introduced to fundamental topics, but are<br />
also <strong>of</strong>fered help for pr<strong>of</strong>essional orientation. To master level<br />
students, <strong>IAIK</strong>’s courses on IT security in integrated modes<br />
are known as the “<strong>IAIK</strong> Summer Term”. In addition, <strong>IAIK</strong> has<br />
been <strong>of</strong>fering summer internships for students as well as for<br />
prospective students for many years.<br />
Satisfaction & Motivation<br />
<strong>IAIK</strong> pays yearly bonuses to all employees. These bonuses have<br />
stimulated a high degree <strong>of</strong> satisfaction and the motivation to<br />
repeat the achievements <strong>of</strong> the previous year.
funded projects 2008<br />
<strong>IAIK</strong>’s Externally Funded Research in 2008<br />
The volume <strong>of</strong> externally funded research projects in 2007<br />
was approximately € 2,4 million. For 2008, this value will rise<br />
to an estimated € 2,8 million. Most funding comes from the<br />
European Union Framework Programmes, and from national<br />
funding agencies such as the Austrian Science Foundation<br />
(FWF), FIT-IT, and the Austrian Federal Government.In<br />
2008, <strong>IAIK</strong> is involved in six projects within the European<br />
Framework Programmes (one Network <strong>of</strong> Excellence, three<br />
Integrated Projects, two STREPs), and one project within the<br />
Competitiveness and Innovation Framework Programme, two<br />
projects funded by the Austrian National Science Foundation<br />
(FWF) and six projects funded by the Austrian Ministry <strong>of</strong><br />
Transportation, Innovation and Technology (FIT-IT, BM-VIT).<br />
Moreover, <strong>IAIK</strong> has attracted a variety <strong>of</strong> funds from industry<br />
and public bodies. Below you find short descriptions for a<br />
selection <strong>of</strong> projects. See also http://www.iaik.tugraz.at for<br />
more details.<br />
GRANDESCA deals with an investigation <strong>of</strong> new concepts<br />
<strong>of</strong> random number generators and <strong>of</strong> open issues <strong>of</strong> poweranalysis-resistant<br />
logic styles.<br />
PROACT is a research and teaching programme. PROACT<br />
intends to intensify training for students in RFID-related topics<br />
to provide industry with more qualified graduates specialized<br />
in RFID, and will promote research in several fields connected<br />
with RFID devices and systems.<br />
10
In SNAP, a system <strong>of</strong> secure mobile coupons will be developed<br />
using NFC (Near Field Communication) technology.<br />
BRIDGE is an Integrated Project funded by the European<br />
Commission. The proper implementation <strong>of</strong> RFID technology<br />
based on EPC standards in Europe is the major goal. <strong>IAIK</strong> is<br />
mainly active in the research <strong>of</strong> security issues.<br />
C@R is an Integrated Project funded by the European<br />
Commission. Development <strong>of</strong> future collaborative working<br />
environments for rural applications is the major goal <strong>of</strong> this project.<br />
<strong>IAIK</strong> is mainly active in research <strong>of</strong> secure RFID technology that<br />
will be integrated into those collaborative applications.<br />
The development <strong>of</strong> middleware for secure networks <strong>of</strong> sensor<br />
nodes is the overall objective <strong>of</strong> the FP6 STREP SMEPP.<br />
11
The goal <strong>of</strong> the FIT-IT-funded project QCC is to realize an<br />
FPGA-based system on chip for securing virtual private<br />
networks by combining quantum cryptography with classical<br />
cryptography.<br />
The Open Trusted Computing (OpenTC) consortium is a<br />
research & development project focusing on the development<br />
<strong>of</strong> trusted and secure computing systems based on open<br />
source s<strong>of</strong>tware. The project targets traditional computer<br />
platforms as well as embedded systems such as mobile<br />
phones. The goal <strong>of</strong> OpenTC is to protect against systemrelated<br />
threats, errors, and malfunctions.<br />
TOPAS<br />
TOPAS (Trust Oriented Platform For Advanced Security)<br />
works on providing the necessary framework for creating<br />
trusted – or trustworthy – personal devices, devices that are as<br />
familiar to their users as their mobile phones are and that can<br />
be used in security-relevant or sensitive application scenarios.<br />
The major objective <strong>of</strong> this project is the development <strong>of</strong> a<br />
framework <strong>of</strong> Mobile Trusted Platforms that can be used on<br />
a variety <strong>of</strong> mobile and embedded systems, cost-effectively<br />
providing trusted computing technologies to these platforms,<br />
irrespective <strong>of</strong> the security features <strong>of</strong> the underlying system.<br />
ISCA<br />
Investigation <strong>of</strong> Side Channel Attacks (ISCA) is an FWF<br />
project dealing with the development <strong>of</strong> new side-channel<br />
analysis attacks and countermeasures for symmetric and<br />
asymmetric cryptographic primitives.<br />
12
The European Network <strong>of</strong> Excellence for Cryptology<br />
(ECRYPT) is funded within the IST Programme <strong>of</strong> the European<br />
Commission’s 7th Framework Programme. Its objective is<br />
to intensify the collaboration <strong>of</strong> European researchers in<br />
information security, and more in particular in cryptology<br />
and digital watermarking. Cryptology and watermarking are<br />
interdisciplinary research areas with a high strategic impact for<br />
European industry and for the society as a whole. They are a<br />
fundamental enabler for security, privacy and dependability in<br />
the <strong>Info</strong>rmation Society for digital asset management.<br />
SECRICOM (Seamless Communication for Crisis<br />
Management) is a collaborative research project in the<br />
Seventh Framework Programme. The project aims at<br />
the development <strong>of</strong> a reference security platform for EU<br />
crisis management operations. The goal is to solve or<br />
mitigate problems <strong>of</strong> contemporary crisis communication<br />
infrastructures. In addition, it should add new smart functions<br />
to existing services which will make the communication<br />
more effective and helpful for users.<br />
13
STORK (Secure Identity Across Borders Linked) is a three<br />
year Large Scale Pilot under the EU Competitiveness and<br />
Innovation Programme – ICT Policy Support Programme. The<br />
objective is to demonstrate cross-border interoperability <strong>of</strong><br />
national electronic identity (eID) technologies in e-government.<br />
Thirteen EU Member States (Austria, Belgium, Estonia, France,<br />
Germany, Italy, Luxemburg, Portugal, Slovenia, Spain, Sweden,<br />
The Netherlands, United Kingdom) and Iceland will develop<br />
models and common specifications for eID in e-government<br />
and will demonstrate the results in cross-boder e-government<br />
services.<br />
Design and verification <strong>of</strong> modern embedded platforms are<br />
two highly related problems which are still addressed by<br />
using unrelated methodologies. This reduces development<br />
productivity and complicates achieving predictable system<br />
properties. The COCONUT project focuses on the definition<br />
<strong>of</strong> a formal framework based on a tight integration <strong>of</strong> design<br />
and verification through all refinement steps <strong>of</strong> an embedded<br />
platform design flow, from specifications to logic synthesis<br />
and s<strong>of</strong>tware compilation.<br />
Numerical Cryptanalysis<br />
In this project, sponsored by the Austrian Science Fund (FWF),<br />
we examine how advanced nonlinear optimization techniques<br />
and numerical solving methods can be used to break modern<br />
symmetric cryptosystems.<br />
14
ARTEUS<br />
ARTEUS stands for Attack Resistance and Tolerance<br />
Enabling Universal Security. The project is sponsored by<br />
FIT-IT. The major goal <strong>of</strong> the project is a secure development<br />
methodology for embedded systems that includes protection<br />
against fault analysis and other implementation attacks.<br />
POWER-TRUST<br />
“Low POWer & Energy Relevant Techniques Targetting<br />
Robust Universal Security in deep sub-micron<br />
Technologies” is the full title <strong>of</strong> this project. It is funded by FIT-<br />
IT’s Trust in IT Systems programme line. The project focuses<br />
on secure implementations <strong>of</strong> future microcontrollers. Our<br />
main tasks deal with implementation specific issues that arise<br />
when countermeasures against fault analysis and side-channel<br />
analysis are embedded into such designs.<br />
15
Teaching at <strong>IAIK</strong><br />
Teaching at <strong>IAIK</strong><br />
The success <strong>of</strong> <strong>IAIK</strong> is based on a strong commitment to<br />
students as potential next-generation researchers. Most <strong>of</strong> our<br />
students study <strong>Info</strong>rmatics, S<strong>of</strong>tware Development, or Telematik.<br />
At bachelor level, <strong>IAIK</strong> <strong>of</strong>fers foundations and introductions to<br />
typical computer science topics such as computer organization,<br />
operating systems, networks, and information security. For<br />
master-level students, <strong>IAIK</strong> teaches courses on cryptology,<br />
verification, secure s<strong>of</strong>tware design, IT security, critical<br />
information infrastructures, and trusted computing. You can also<br />
find hardware-oriented courses like VLSI Design or Systems<br />
on Chip. Many <strong>of</strong> these courses are <strong>of</strong>fered as an integrated<br />
package known as the “<strong>IAIK</strong> Summer Term” (in spring <strong>of</strong> each<br />
year). During summer months, <strong>IAIK</strong> has been <strong>of</strong>fering internships<br />
for students as well as for prospective students for many years.<br />
Courses for Bachelor Programmes<br />
On the bachelor level, students are introduced to foundations<br />
<strong>of</strong> computers, operating systems, networks, and information<br />
security.<br />
16
Master’s Level Courses<br />
Students work in teams on projects and immerse into topics<br />
related to top-notch research in IT security:<br />
IT Security<br />
<strong>Applied</strong> Cryptography<br />
<strong>Applied</strong> Cryptography 2<br />
Security Aspects in S<strong>of</strong>tware Development<br />
Trusted Computing<br />
Advanced Computer Networks<br />
Critical <strong>Info</strong>rmation Infrastructures<br />
Verification & Testing<br />
Design & Verification<br />
VLSI Design<br />
System-on-Chip Architectures and Modelling<br />
Master Project<br />
Diploma Seminar<br />
Seminar/Project <strong>Applied</strong> <strong>Info</strong>rmation Processing<br />
Master Thesis<br />
PhD Level Courses<br />
Formal Methods for Design and Verification<br />
Seminars in Cryptography<br />
Cryptanalysis <strong>of</strong> Symmetric Cryptographic Algorithms<br />
Scientific Working<br />
Privatissimum <strong>Applied</strong> <strong>Info</strong>rmation Processing<br />
17
structure & Dynamics<br />
<strong>IAIK</strong>’s structure and dynamics<br />
<strong>IAIK</strong> was founded in 1987. Since then, the institute’s researchers<br />
have been working on various aspects <strong>of</strong> IT security. Over the<br />
years, the number <strong>of</strong> employees has grown to almost 60 full<br />
time equivalents. As is shown in the figure below, <strong>IAIK</strong> has six<br />
research groups and an administrative group.<br />
18
Roughly 30% <strong>of</strong> all employees are financed by the university<br />
budget which comes from Austria’s Federal Government. The<br />
remaining 70% are financed through research contracts.<br />
The figure below shows the distribution <strong>of</strong> <strong>IAIK</strong>’s personnel<br />
according to their academic level.<br />
19
Additional <strong>Info</strong>rmation<br />
http://www.iaik.tugraz.at<br />
<strong>IAIK</strong><br />
http://jce.iaik.tugraz.at<br />
The Foundation SIC, Java Crypto Toolkit<br />
http://www.buergerkarte.at<br />
Austria’s Citizen Card<br />
http://www.egiz.gv.at<br />
EGIZ E-Government Innovation Center<br />
http://www.a-sit.at<br />
Secure <strong>Info</strong>rmation Technology Center – Austria<br />
http://cs.tugraz.at<br />
Faculty <strong>of</strong> Computer Science <strong>of</strong> TU Graz<br />
http://www.tugraz.at<br />
Graz University <strong>of</strong> Technology<br />
Impressum<br />
<strong>Institute</strong> for <strong>Applied</strong> <strong>Info</strong>rmation<br />
Processing and Communications,<br />
Graz University <strong>of</strong> Technology,<br />
Inffeldgasse 16a,<br />
8010 Graz, Austria<br />
October 2008