Projet

TISPHANIE

Technologies et investigations sécuritaires pour téléphones mobiles et appareils numériques mobiles
The main goal of the TISPHANIE project is to propose a systematic and structured methodology, together with the related tools and evaluation process enabling the concerned users (MNOs, application developers, police laboratories, civil security operators) to assess rapidly the security of all major components embedded in personal devices (mobile handsets, PDAs, netbooks, PMR terminals) for critical or value-added applications.

The TISPHANIE project has put in evidence new ways of attacking Mobile Platforms from the HW, SW or Cryptographic standpoints. It has developed new HW equipment enabling to assess the security of mobile devices as well as some efficient SW mechanisms proposing countermeasures against possible malicious SW injection in classical platforms such as Symbian, IoS or Android (some of them are classifed).

Number of scientific articles published: 8

– Mobile phone hypervisor testing for vulnerabilities discovery, Smart Mobility 2011, A. Gauthier, C.Mazin, J. Cartigny, J.-L. Lanet, Nice France, September 2011.
– Enhancing fuzzing technique for OKL4 syscalls testing, SecSE 2011, A.Gauthier, C.Mazin, J.Cartigny, J.-L.Lanet, Vienna Austria, August 2011.
– Testing micro-kernel syscalls to discover vulnerabilities, 3SL 2011, A.Gauthier, C.Mazin, J.Cartigny, J.-L. Lanet, Saint Malo France, May 2011.

Number of patents filed: 0

Number of product’s innovation: 4

3 : New mechanisms for PMR terminal protection. First release of a SW TEE (Transaction Execution Environment) product; mobile virtualization SW; new HW security workbench

Number of product’s innovation service: 1

1 Global approach for the security evaluation of mobile terminals. Light certification process, compatible with the fast mobile applicaiton development life-cycle (CSPN like)

Number of projected jobs created: 3

Number of jobs maintained: 0

Number of related companies creation: 1

Most of results are of a deep technological or methodological nature and are not subject to directcommercialization; they nevertheless represent business enablers for the partners, enabling them to enhance the security of their products and differentiate from the competition..
One training course on security from the University of Limoges has largely benefited form the results of the project, hence creating a worlk-class course on the mobile security subject