Crystal Security: Generating unclonable patterns to fight counterfeiting



Verifiable Internet Voting (VIVO): Moving Theory into Practice

October 2012 – October 2014

The VIVO project is motivated by the broad discrepancy between theory and practice in electronic voting today. The general goal of the project is to diminish this gap between the theory and practice of Internet voting and to push the deployment of the latest research achievements into next-generation systems to be developed worldwide.

The project is a collaboration between two internationally well-recognized e-voting research groups from the Bern University of Applied Sciences and the University of Luxembourg.

Involved researchers: Peter Y. A. Ryan, Rui Joaquim, Rolf Haenni, Eric Dubuis, Reto Koenig


RAPID -- Practical Searchable Encryption Design through Computation Delegation (AFR PhD)

January 1st , 2013 --  December 30th , 2015

In this project, we are interested in searchable encryption schemes, which allow third-party service providers to search in encrypted data. Despite of the abundance of literature, there is a gap between the theory (theoretical schemes) and practice (practical requirements of application scenarios). The main objective of this project is to bridge this gap by designing new searchable encryption schemes, which provide rigorous security guarantees, support flexible search queries, and remain efficient in practical application scenarios.

Involved researchers: Afonso DELERUE ARRIAGA and Qiang TANG and Peter Y. A. RYAN


PAKAJ -- Password-Authenticated Keying Algorithms by Juggling

July 31st , 2012 --  June 30th , 2014

The objective of PAKAJ is to conduct a broad study of the password-based key exchange protocol J-PAKE designed by Feng HAO and Peter Y.A. RYAN. Three main directions are to be explored: 1) comparing different notions of security for password-authenticated key agreement, 2) establishing the exact security of J-PAKE in a computational model of security, and 3) abstracting J-PAKE’s underlying construction to try to obtain similar password-based key exchange algorithms from other computational assumptions.

Involved researchers: Jean LANCRENON and Peter Y. A. RYAN


STAST – Socio-Technical Analysis of Security and Trust (CORE-FNR)

May 2012 – May 2015

STAST is about modelling and analysing the security and trustworthiness of systems as complex socio-technical structures where humans are crucial in either maintaining or undermining security. In such systems vulnerabilities exist not in the technical but rather in the social components, which are usually weaker because they are overlooked in traditional security analysis. STAST refers to a multi-layered model of systems, which consists of a sequence of communicating elements such as personae, user interfaces, operating system processes, and network agents.

 Involved researchers: Peter Y. A. Ryan, Sjouke Mauw, Vincent Koenig, Gabriele Lenzini, Ana Margarita Ferreira, Wu Yining, Jean-Louis Huynen.


Secure and Trustworthy Electronic Exam Systems (CSC funding)

April 2012 – April 2015

When, by adopting new technologies, we renew certain established procedures we should evaluate carefully the risks and the threats that may come along. The shift to new technologies should be performed in such a way that the security and trust on those procedures is maintained or improved. This situation is happening for exams systems.  Schools and universities are interested in anticipating the publication of results and in offering courses to a larger number of outsiders. Thus, they are offering exam systems that are not any more paper-based but computer or Internet-based. This shift is likely to allow new frauds and collusion which nobody has deeply considered so far. This research project studies the security aspects of exam systems of new generation, that is, electronic exam (e-exam) systems.


Principal Investigator: Peter Y. A. Ryan, Gabriele Lenzini, Rosario Giustolisi


ESA LASP – Localisation Assurance Service Provider

December 2010 – December 2012

LASP is about assuring reliable localisation. It aims at developing a solution that, by intelligently combining existing techniques, can assess the integrity of GNSS satellite signals from spoofing attacks. Spoofing is a serious threat able to compromise satellite signals and to cause untrue localisation in navigation devices, and thus able to compromise the quality and the utility of location-based services. The target activity sectors of the ESA/LASP project are automotive industries (e.g., insurance, road toll), fleet and resource management, location-based access control. The project has been managed by itrust consulting and executed together with SnT of the University of Luxembourg. Wherein the research has been coupled with the AFR-PhD project “Secure and Private Location Proofs: Architecture and Design for Location-based Services”.

Principal Investigators: Sjouke Mauw, Carlo Harpes, Gabriele Lenzini, Miguel Martins, Jun Pang, Xihui Chen.