Based on the last delivered specification from the FIDO Alliance, the team succesfully embedded a FIDO2 applet in the existing card and leveraged the biometric sensor and display for the authentication process.
NTNU laboratory team started to prepare the methodology of the work package including research for Tamarin and Scyther. Formal analysis and verification methods can aid the design and validation of security properties in many security protocols. Tamarin and Scyther are automatic tools for the symbolic formal analysis of security protocols. The initial research gives an introduction of Tamarin and Scyther, together with their protocol specifications and use cases. (document available upon request)
Fraunhofer SIT studied the requirements of the Offpad and its utilized protocols. The performance prop-erties of the proposed PQC schemes in the NIST PQC standardization competition and of the already defined RFC of the IETF are very heterogeneous. The PQC schemes are not for general purposes as it is common for the currently deployed schemes. Each proposed scheme has its advantages and draw-backs, depending on the specific use case. In the next step Fraunhofer SIT will select proper PQC schemes and prepare a hardware setup for the evaluation
OFFPAD AS is a Norwegian start-up company founded in 2017 by Inven2, Petter Taugbøl and Jan-Erik Skaug to commercialize a Norwegian patented an innovative endpoint security product which ambition is to develop the OFFPAD device as an Identity Access Management (IAM) device – A pioneer in wireless, biometric authentication by delivering a high-end smart card with state of the art cryptographic and biometric algorithms protecting users against data breach when accessing their most sensitive data.
This R&D project is based on scientific research on the core technology elements encompassed in the OFFPAD device from leading European scientists in Applied Cryptology, Biometrics authentication, Firmware platforms and eventually Post Quantum Algorithms. The project packages will be executed separately with a vision to incorporate the results in a future innovative wireless personal security device with highest level security combined with ease of use to corporate and institutional users.
This proposed R&D project will create an innovative way to perform biometric authentication by strengthening the existing cryptographic functionalities. By scientific research and validation of post-quantum cryptographics, OFFPAD can potentially be an early adopter and prevent first cyber quantum attacks. This initiative may optimize the existing biometric process and facilitate presentation attack detection (PAD) following international standards relating to robustness against attacks for all non-supervised or semi-supervised applications.
With the need to strengthen the cryptography mechanisms due to the raise of Quantum Computing risks, the OFFPAD device will embed a hybrid solution including FIDO standard and PQC (Post Quantum Cryptography). This will give OFFPAD an opportunity to become a game changer with the perfect mix between high-end biometrics and authentications mechanisms coupled with innovative post-quantum cryptographic features.