Mark Manulis

SECANT project will develop an innovative cyber security risk assessment platform to tackle cascading cyber threats and vulnerabilities, increasing privacy, data protection and accountability across the entire interconnected ICT ecosystem. The solution is expected to facilitate the collection, analysis and sharing of cyber threat intelligence among supply chain stakeholders and CERTs/CSIRTs. SECANT will also provide cutting-edge trust and accountability mechanisms for data protection and security awareness training to facilitate more informed cybersecurity decisions. SECANT is a multi-national consortium of 4 academic institutions and 16 industrial partners from 10 countries. See https://secant-project.eu/ for more information.

This project aims to design secure and privacy-friendly protocols for multi-factor web authentication, in particular focusing on the decentralised approaches such as the new WebAuthn standard. As part of this project cooperation with Yubico has been setup to explore privacy-preserving and standards-conform approaches for backing up and delegating WebAuthn credentials. One of the outcomes is the design of Asynchronous Remote Key Generation, a new primitive which is particularly well aligned with the decentralised and unlinkable key management behind the WebAuthn standard.

ASTRID develops a novel approach for secure development and deployment of micro-services in emerging software-defined and virtualized infrastructures. This is a crucial aspect towards providing organizations the appropriate situational awareness in relation to cyber security threats allowing them to quickly detect and effectively respond to sophisticated cyber-attacks. In ASTRID we are working on the design of advanced forms of run-time attestation and on specification of vulnerability analysis components of the overall framework. ASTRID is a multi-national consortium of academic institutions and industry from Italy, Denmark, Germany, Greece and the UK. See https://www.astrid-project.eu/ for more information.

The aim of TargetSat is to explore cyber security challenges for new space scenarios involving COTS-based satellites and satellite constellations. The project work led to the journal article "Cyber Security in New Space" which analyses past satellite security threats and highlight key enabling technologies and associated security challenges in connection with new space. A long-term goal ois to develop a COTS-based testbed capable of emulating RF communications between satellite constellations (incl. inter-satellite links) and the ground segment. The testbed will be built using single-board computers and software-defined radios to support the design and evaluation of protocols for satellite constellations. This project is part of ongoing cooperation with Surrey Space Centre.

The aim of SAFRON is to design and demonstrate a secure solution for train-to-trackside communications over public radio networks where private, mission-critical, safety-related train data systems (e.g. train control systems) can share the same connection with public data systems (e.g. passenger WiFi) at an assured level of priority, quality, safety and security. This will reduce the cost for the Train Operator Companies by eliminating duplicate connections and enabling them to make better use of data. SAFRON solution will incorporate multiple existing commercial Mobile Network Operators (MNOs) to create a resilient communication system between trains and trackside. This R&D project is a cooperation with industrial partners Apollo Rail Ltd (project lead), TeleRail Networks Ltd, and Network Rail.

This project focuses on the design and demonstration of a secure control system for ground-controlled missions involving fleets of consumer drones. Off-the-shelf consumer drones are repurposed for secure drone-to-drone and drone-to-ground communications by appropriate non-invasive modifications to the original software running on the drones. The project uses reverse-engineering techniques along with open-source software available for the drones and modifies the latter to achieve the desired functionality. The designed control system ensures end-to-end security of drone control messages (e.g. based on MAVLink protocol) exchanged between the ground control and the fleet and of mission-specific payloads (e.g., video streams, photographs, etc) collected by the swarm. As part of experimental research activities, a prototype has been built and demonstrated on an open land. A paper summarising the work is available here.

This project focuses on the design, analysis and development of new cryptographic protocols for privacy-preserving authentication in vehicular communications. The project aims at enriching the functionality, security and privacy properties of Attribute-based Signature schemes, while taking into account the specific requirements and constraints imposed by V2X applications, to achieve flexible and efficient forms of privacy-preserving real-time V2X communications. The new protocols will provide support for an efficient update of vehicle's attributes, their expiration and revocation, and controllable identification of vehicles for the purpose of liability attribution.

The aim of TAPESTRY is to investigate, develop and demonstrate transformational new technologies to enable people, businesses and digital services to connect safely online, exploiting the complex "tapestry" of multi-modal signals woven by their everyday digital interactions; their Digital Personhood. In this way we will de-risk the Digital Economy, delivering completely new ways of determining or engendering trust online, and enabling users and businesses to make better decisions about who they trust online. From a technological standpoint, the project will develop the decentralised infrastructure necessary to make sense of the vast number of digital interactions using multimodal signals aggregated via machine learning from social media and IoT interactions. Additionally, new cryptographic strategies will be needed to secure the privacy of trust evidence and to disseminate access on a granular basis. From a HCI and co-design perspective, the development of trust services and the shift to use of the digital personhood and interaction history as trust evidence will break new ground, fundamentally altering the way users think about identity and interaction online. This multi-disciplinary project includes academic partners from the University of Surrey (CVSSP, SCCS, 5GIC), University of Dundee (DJCAD), and University of Northumbria, and is supported by industry.

The project PRIMAKE aims at the design of advanced cryptographic protocols for authentication, key establishment, and secure communication in various networks and applications that in addition to the classical computation of session keys will preserve privacy of their participants. The goal of PRIMAKE is to provide à la carte solutions for privacy-preserving secure communications. PRIMAKE protocols will address several flavors of privacy such as affiliation-hiding, attribute-hiding, and deniability. They will be usable in arbitrary multi-user applications with minimalistic trust requirements and be suitable for resource constraint devices such as smart phones. PRIMAKE protocols will have formal proofs of security and privacy, obtained using standard cryptographic models.

Unlike classical digital signatures, group-oriented signatures (GOS) assume that the signature generation process is related to some group or formation of users. GOS schemes come in different flavors, depending on the assumed setting and security requirements. Examples of GOS include multisignatures, aggregate-signatures, threshold signatures, group signatures, ring signatures, etc. This project will extend current GOS models and constructions with new properties driven by practical applications.

The project UMA with CRYPO and Queensland University of Technology in Australia as partners aims to design and implement practical, efficient, and user-centred cryptographic protocols for user authentication in higher security applications involving multiple authentication secrets – so called multi-factor authentication. Due to the increasing risks of phishing and malware on Internet-connected devices such as personal computers, mobile devices, and public terminals, traditional single-factor authentication (usually performed via passwords) no longer suffices to protect sensitive applications such as online banking, e-government, and corporate remote network access. This project will explore a new approach for user authentication by employing the use of multiple factors and communication channels in a secure and usable manner.

Group signatures are cryptographic privacy-preserving authentication mechanisms. Potential signers are formed into a group, which is managed by a usually centralized authority (group manager). Each group member being in possession of a (valid) membership certificate can sign documents on behalf of the whole group. In addition to various forms of unforgeability the distinguished privacy property of group signatures is that they do not leak any information about the actual signer, except for the validity of the signer's membership in the group. In case of dispute the group manager can, however, identify the signer and possibly prove this fact to a third-party. The concept of group signatures was introduced in 1991 by Chaum and Van Heyst and many more schemes appeared since then. The goal of the project is to reflect the state-of-the-art in this field by providing a comparative study of existing group signatures, thereby focusing on their security and privacy properties, cryptographic strength, performance, and practical relevance.

The outcome of the project is the study published by the German Federal Office for Information Security.

The project POC with CRYPO and Queensland University of Technology in Australia as partners aims at the design of novel cryptographic protocols for secure online communications that go beyond the classical notion of secure channels (e.g. TLS). Given that privacy on the Internet is one of the major concerns today, the next generation of secure channels must be equipped with appropriate mechanisms for preserving privacy of communication participants, yet ensuring the traditional requirements of confidentiality and authenticity. In addition to the development and appropriate security and privacy analysis of new protocols, POC uses modern cryptographic methods to investigate the relationship amongst the different notions of privacy in online communications in a formal way.

The project PACU with CRYPO and Royal Holloway, University of London in UK as partners aims at the design and implementation of efficient cryptographic protocols for privacy-preserving communication and authentication amongst users based on their attributes. Due to the increasing popularity of collaborative Internet applications such as online communities (social networks, peer-to-peer systems, instant messaging applications, etc.) there is strong demand to protect personal data from unauthorized access and use. The difficulty is that hiding personal information is problematic from the perspective of authentication, which is needed to ensure that communicating users are indeed those who they pretend to be. The project PACU investigates novel cryptographic approaches where identities of users are replaced with properties (or attributes) that users may possess in order to perform authentication in a privacy-friendly way.

An internationally important cluster for IT security research and development is found at Darmstadt. It is here where computer scientists, engineers, physicist, legal experts and experts in business administration of TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt (University of Applied Sciences) develop trend-setting IT security solutions and prepare them in order to be commercially useful. All involved partners, qualify students and scientists for careers in science, business and administration. Headquarters of that cluster is the Center for Advanced Security Research Darmstadt (CASED) which receives funds by the LOEWE program of the Hesse government. The funds of LOEWE cover infrastructure of CASED and cooperative CASED projects of cluster partners, i.e. TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt. In these projects the cluster develops applicable basic knowledge and IT security solutions. In CASED CRYPO had research projects on communication privacy, authentication, and security in wireless networks.

European research project (NoE-type) with partners from academia and industry aiming to ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in the areas of cryptography and watermarking. Successor of ECRYPT I project (see below). In ECRYPT II CRYPO is involved in the Multi-Party Asymmetric Algorithms Virtual Lab (MAYA). (more information)

Interdisciplinary research project aiming at the design of a WiFi network access control architecture allowing a large number of organizations to share their WiFi networks in a secure and law-conform way. The project also aims at the development of incentives and business models to make WiFi roaming attractive to its participants. CRYPO contributes to the design and security evaluation of the architecture for secure WiFi roaming including the specification of its cryptographic protocols.

European research project (STReP-type) with partners from academia and industry aiming to provide a comprehensive architecture for medium and large scale wireless sensor networks (WSNs) with the full level of security. I was responsible for the deliverable on the lightweight authentication for various patterns of WSN communication based on the suitable key management for the establishment of the shared secrets between the involved entities.

The study is avaiable in German. It lists 19 varieties of attacks on VoIP systems that can lead to different security threats, including identity theft, manipulations during transmission, and malicious software. Additionally it issues recommendations on how to deal with these threats and protect VoIP systems. I contributed to the security analysis and identification of potential threats on the application layer of VoIP systems.

European research project (NoE-type) with partners from academia and industry aiming to ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in the areas of cryptography and watermarking. In ECRYPT I I was involved in the Protocols Virtual Lab (PROVILAB) and contributed to its deliverables on secure computation protocols and models. (more information)