The main goal of the Tisphanie project is to propose a systematic and structured methodology, together with the related tools and evaluation process enabling the concerned users (MNOs, application developers, police laboratories, civil security operators) to efficiently assess the security of all major components embedded in personal devices (mobile handsets, PDAs, netbooks, PMR terminals) for critical or value-added applications.
Related research project
Protecting user privacy on NFC-enabled mobile phones.
A personal data breach may, if left unaddressed in an adequate and timely manner, result in a substantial economy loss and social harm. A breach should be considered as adversely affecting the data or privacy of a subscriber or service user when it can result in, for example, a confidentiality breach, discrimination, unwanted exposure, loss of control, unauthorized commercial solicitations or damage to reputation. Innovative crypto can help.
TECHNOLOGICAL AND SCIENTIFIC INNOVATIONS
The key innovations of the project include:
- A typology of all types of attacks that may target consumer or professional mobile terminals.
- A characterization of the terminal main-component’s resistance to physical, logical, protocol or cryptographic attacks.
- A set of innovative HW/SW characterization equipments.
- A set of reference tests enabling to assess component security resistance.
- A time/performance optimized and multi-criteria methodology suitable for the security of mobile terminals.
MAIN PROJECTS OUTCOMES
The project has produced several deliverables including the definition and qualification of assets to be protected and the definition of threats, attack strategies and possible countermeasures in modern handsets and PMR terminals. On the crypto and security side, CryptoExperts was involved in the following studies:
- Evaluation of most popular cryptographic algorithms used in 2G/3G networks, including practical (and successful !) experiments on the cracking of A5/1 using the Rainbow Tables of a the A5/1 Security Project;
- Security analysis of the integrity and confidentiality of Wi-Fi;
- Practical security analysis of various versions of Bluetooth, including new auditing techniques involving, e.g., the Ubertooth One development platform;
- Analysis of some of the digital rights management standards typically used in today’s mobile handsets.