UBITECH participated at the kick-off meeting hosted by NETCOMPANY-INTRASOFT SA in Athens, Greece (February 1-2, 2023) of the TENSOR Innovation Action, officially started on January 1st, 2023. The project is funded by European Commission under Horizon Europe Programme (Grant Agreement No. 101073920) and spans on the period January 2023 – December 2025. TENSOR will provide Law Enforcement Agencies (LEAs) a platform that facilitates the biometric evidence extraction, sharing and storage in cross border environments allowing them to share best practices in an automated, robust, secure, privacy-preserving and scalable manner. In addition, the full potential of biometrics technologies will be exploited and their fusion in case of partial evidence gathered in the crime scenes by forensic institutes strengthening their acceptance in the court of justice.
More particularly, TENSOR will equip security practitioners with novel tools focusing on (a) Extraction of biometrics and other more or less distinctive features validated in forensic conditions that assist LEAs in identification, identity verification, intelligence and investigation processes and can be leveraged to unlock criminals’ mobile devices; (b) Sharing of biometrics through secure, automated, scalable exchange of biometric intelligence and court-proof evidence among LEAs in a cross-border manner, enhancing interoperability among legacy systems owned by security practitioners and Forensic Institutes; and (c) Storage of biometrics in a privacy-preserving way through a biometric data protection mechanism enabling revocability of biometric templates. TENSOR will also introduce the one-of-its-kind European Biometric Data Space creating a common ground among LEAs, Forensic Institutes and Security Researchers assisting in the faster adoption of modern biometric solutions.
Within TENSOR, UBITECH is responsible for developing a fault injection mechanism that will allow unlocking of smartphone devices for the retrieval of relevant information and the biometric of the device owner. In this context, a test environment will also be prepared and adapted to the traditional physical security test for complex targets. The attack implementation will then follow aiming at the extraction of the biometric data stored at the TEE of the mobile device as well as any other relevant data that could constitute input to the investigation. In an attempt to bypass the system boot or access the flash memory contents gathering evidence from the mobile phones, EMFI techniques will be deployed.
