Thomas Groß

In my professional life, I'm a lecturer in Security, Privacy and Trust at the University of Newcastle upon Tyne. I'm a member of the Systems Research Group and the Centre for Cybercrime and Computer Security (CCCS). Before that, I've been a tenured research scientist at the Security and Cryptography group of IBM Research - Zurich and IBM Research Relationship Manager for Privacy. You find my university page over here.

Currently, I'm creating a research agenda for my time at Newcastle University, which will contain cloud security assurance and verification, identity and privacy.

Research Interests

My research interests are in security, privacy and applied cryptography:

• Cloud security
• Identity and privacy-enhancing technology
• Formal methods in protocol security proofs

I love interdisciplinary work, be it social implications of computer science, its relation to psychology and neurology.

By the way: ever wondered what the world thinks about privacy? See the most Google searches on "Is privacy...?" and "Privacy is...!"

Projects

Security Assurance for Virtualized Infrastructures

I'm researching in how far virtualized infrastructures and clouds can be abstracted sufficiently to allow a systematic analysis of their security properties. In particular, I'm interested in the applications and benefits of formal methods and model checking for large-scale heterogeneous systems. With the IBM Research project Security Assurance for Virtualized Infrastructures (SAVE), we've had some first promising results on verifying isolation properties of a production infrastructure of a global financial institution and continue to explore further properties. This project is a contribution to the validation work package of the FP7 EU project TCLOUDS.

Cryptography for Privacy-enhanced Identity Management

I'm researching cryptography applications to identity management, mostly in the areas of privacy-enhancing technology (PET), zero-knowledge proofs of knowledge and anonymous credential systems. My overall goal is to establish a combination of strong authentication and privacy in identity management. Much of my past research has been on IBM's anonymous credential system Identity Mixer. Watch IBM's Identity Mixer YouTube video!. Beyond its integration into standardized identity federation protocols, I've contributed to a highly efficient attribute encoding for resource-constrained environments based on prime numbers and divisibility. I'm a contributor to the Identity Mixer community page.

Smart Identity Card

I've been leading an initiative to establish anonymous credential systems on electronic identity cards, more generally on the Java Card platform. We coined this Smart Identity Card, and contributed it to the FP7 EU project PrimeLife. Whereas we follow the same goal of strong authentication combined with privacy, the Java Card's trust model, limited access to crypto primitives and resource constraints make this a challenge. The system must be secure in face of untrusted terminals and, thus, cannot easily delegate computation to a more powerful device and still achieve practical response times with secure keys. Nevertheless, we were the first to establish a practical and autonomous anonymous credential system on a standard Java Card (on a JCOP 41/v2.2 to be precise). We will publish this result at ACM CCS 2009. The German Society for Computer Science (Gesellschaft für Informatik, GI) recognized this with the Innovation Award 2009.

Federated Identity Management

I was responsible for research in Federated Identity Management at IBM Research, a technology that facilitates authentication and attribute exchange across trust domains. This research involves the application of cryptography and formal methods to protocol standards such as the Security Assertion Markup Language (SAML), Liberty Alliance Project, and WS-Federation. I contributed significantly to the architecture and research prototype of the Tivoli Federated Identity Manager (TFIM). I continue this line of work with new Identity Management projects in Newcastle.

Publications

Have a look at my publication list, my Google Scholar profile, or DBLP (>2002). [more...]

Pointers

Projects

• Identity Mixer community page
  • Smart Identity Card project
• European Research Projects:
  • TCLOUDS - Privacy and Resilience for Internet-scale Critical Infrastructure (EU FP7)
  • ABC4Trust - Attribute-based Credentials for Trust (EU FP7)
  • PrimeLife - Privacy and Identity Management for Life (EU FP7)
  • PRIME - Privacy and Identity Management for Europe (EU FP6)

Universities

• Newcastle University
  • School of Computing Science
  • Dependability and Systems Research Groups
  • Centre for Cybercrime and Computer Security (CCCS)
  • My profile page at Newcastle University
• Ruhr-University Bochum
  • Chair for System Security
  • Chair for Network and Data Security
  • Chair for Embedded Security
• Saarland University

Research Labs

• IBM Zurich Research Lab
  • Computer Science

Professional Network

• Networks of Excellency:
  • ECRYPT - European Network of Excellency in Cryptology
  • FIDIS - Future of Identity in the Information Society
• Professional Organizations:
  • ACM - Association for Computing Machinery
  • IEEE - Institute of Electrical and Electronics Engineers
  • IACR - International Association for Cryptologic Research
  • GI - German Society for Computer Science (Gesellschaft für Informatik)
  • IAPP - International Association of Privacy Professionals
  • SJDM - Society of Judgement and Decision Making
  • EATA - European Association of Transactional Analysis