Community Research and Development Information Service - CORDIS



Project ID: 240665
Funded under: FP7-IDEAS-ERC
Country: Germany

Innovative methodologies and tools to heighten security on the web

Today's technology is falling behind in its ability to detect and prevent potential security threats. An EU initiative developed solutions to address this critical issue.
Innovative methodologies and tools to heighten security on the web
There are few appropriate guidelines or automated tools to design or analyse security properties. Inconsistent methodologies and tools to analyse security protocols throughout their design prevents early detection and prevention of security vulnerabilities, and makes comprehensive analysis of these protocols much more difficult. What is more, advanced verification tools only deal with limited aspects of a protocol's security and require specialised knowledge not possessed by typical protocol designers.

The EU-funded END2ENDSECURITY (Practical design and analysis of certifiably secure protocols – Theory and tools for end-to-end security) project aimed to ensure end-to-end security by delivering solutions to automatically devise security protocols and programmes based on high-level specifications of selected security requirements and protocol tasks.

To achieve its objectives, END2ENDSECURITY developed several general methodologies and tools, most notably dynamic verification techniques for mobile devices, a privacy-friendly online behavioural advertisement (OBA) system and cryptographic protocols.

AppGuard enables users to implement security and privacy policies on third-party apps using inline reference monitoring. This limits the spread of vulnerabilities to third-party apps and the operating system. The developed app is publicly available, with over half a million downloads to date.

ObliviAd was designed to serve as a practical and secure architecture for OBA, which involves tracking web users' online activities to provide personalised adverts. It uses secure hardware-based private information retrieval to disseminate ads and high-latency mixing of electronic tokens for billing advertisers without revealing client details to brokers. ObliviAd is a cost-effective option for brokers that maintains the accuracy of advertisement selection.

A general framework was also created for developing and verifying cryptographic proofs.

Project outcomes were presented at high-profile conferences and published in leading journals.

Information systems are under constant attack, seemingly ill equipped to cope with different security vulnerabilities. Thanks to END2ENDSECURITY, new automated and easy-to-use methodologies and tools should provide high security.

Related information


Security protocols, security vulnerabilities, END2ENDSECURITY, third-party apps
Record Number: 183158 / Last updated on: 2016-08-03
Domain: IT, Telecommunications