European project takes new approach to information security

Despite millions of dollars spent by IT companies, digital security often contains more holes than a Swiss cheese. One European project plans to plug those holes by creating a virtual security framework independent of both devices and the networks they are trying to access.

SEINIT, the Security Experts Initiative, offers the promise of seamless security regardless of hardware, software or access protocol, whether it's mobile phones, bluetooth, WiFi, ethernet or broadband connection. And this will be achieved without sacrificing privacy.

The SEINIT project team has created a framework for security that negotiates between users and the service they are trying to access.

"We set ourselves the almost paradoxical goal of reconciling security and freedom," says Mr Andre Cotton, coordinator of the IST-funded SEINIT project and Head of the Advanced Information Technologies Laboratory at Thales Communication in France. "Users decide at the beginning what level of information they want to reveal to the service. The framework then negotiates with the service and applies the appropriate security component or protocol."

Users don't have to reveal more information than they want and control of privacy is left with the user, while the framework applies the appropriate level of security. This has the obvious impact that it may not be possible to set up a secure connection in the way the user wants. Either the device can't cope with the protocols required or the user isn't willing to divulge a vital piece of information.

"In this case the framework alerts the user that the connection is not possible, and suggests alternatives," explains Mr Cotton.

Deploying a system like this means that security is by its very nature hardware and software independent. It's governed by a framework rather than a particular piece of encryption or a specific programme.

Additionally, SEINIT has designed the framework security protocols and technologies as components. Mr Cotton explains the reason for this: "When new security components or technologies emerge, they can be added to the framework. This means the system is sustainable."

The project team are finalising a demonstrator for the framework on Windows and popular Unix system Linux and across LANs, Internet, and wireless networks.

The next stage is the development of a user interface and that will take place in a separate project, called DISCREET. This is due to start in January next year.

Ultimately, Mr Cotton hopes the SEINIT approach will be adopted as a formal security standard. "This is a demonstrator, but we hope to show the advantages of this approach," he says.

If deployed, Mr Cotton believes a security system like SEINIT could have a profound impact on society.

"If we had the capability for any platform, hard or soft, to be involved in a security agreement with any requirement and standard it would truly unlock the potential and promise of the information age," he says.

•Date: 29th Nov 2005 • Region: W.Europe • Type: Article •Topic: ISM
Rate this article or make a comment - click here