Community Research and Development Information Service - CORDIS

H2020

PRISMACLOUD Report Summary

Project ID: 644962
Funded under: H2020-EU.2.1.1.

Periodic Reporting for period 1 - PRISMACLOUD (PRIvacy and Security MAintaining services in the CLOUD)

Reporting period: 2015-02-01 to 2016-01-31

Summary of the context and overall objectives of the project

PRISMACLOUD (PRIvacy and Security MAintaining services in the CLOUD) is a H2020 research project of 42 months duration dedicated to the enablement of secure cloud based services by improving and adopting novel tools from cryptographic research to increase the trustworthiness of cloud offerings.

The research agenda of PRISMACLOUD is based on the following objectives, which we are targeting with our developments. On the one hand, we focus on confidentiality of data, which is considered the sine qua non when outsourcing data into the cloud. In particular, we target the development of secure distributed cloud storage systems (i.e., a multi-cloud storage) as well as encryption solutions for legacy applications already running in the cloud. Secondly, we are putting significant effort in verifiability features for the cloud. Thereby, we focus on cryptographic means (such as verifiable computing and malleable signatures) to protect the integrity and authenticity of dynamic data in cloud-based workflows and computational tasks. Moreover, we are also focusing on cryptographic means (e.g., graph signatures) that allow auditors to attest or certify the cloud infrastructure and thus help providers to increase the transparency towards the customers without revealing internal information about the configurations. Thirdly, also the privacy of users interacting with a cloud environment requires adequate protection. To protect the privacy of users we apply privacy enhancing technologies (e.g., attribute-based anonymous credentials), to implement data minimization strategies and access privacy. In addition, we are interested in efficient data anonymization algorithms to anonymize large datasets in order to facilitate privacy friendly data sharing and third party use.

To assure the practical relevance of the developments within PRISMACLOUD, the aforementioned efforts are accompanied by non-cryptographic research topics considered essential for the commercial success of the project results. We will provide secure and efficient software implementations of core technologies and showcase them in selected testbeds. Three different use-cases from different application domains will be used to demonstrate and evaluate the potential of the project outcome, i.e., demonstrate a measurable increase in service level security and privacy. Furthermore, novel human-computer interaction (HCI) guidelines including HCI design patterns for usable cryptography and protocols for the cloud will help to design services, which respect the users’ needs and therefore guarantee for best acceptance. In order to use the developed methods properly in novel application scenarios after the project, a holistic security framework and accompanying usage patterns will be prepared in support of service developers. Finally, it is a vital goal of the project to have results being incorporated into standards related to cloud security and we will actively participate in various standardization bodies in the second phase of the project.

The major outcome of PRISMACLOUD will be a novel toolkit for security and privacy enhanced services. It comprises a set of tools to build secure and privacy friendly services, i.e. secure object storage, flexible authentication with selective disclosure, verifiable data processing, topology certification and data privacy. The blueprint of the tools together with software implementations will foster the use of cryptography in cloud computing to build end-to-end secure services. Additionally, a portfolio of RPISMACLOUD services will be developed, which provide easy access to the cryptographic developments and expose them to system and application developers for immediate usage. Finally, end-user applications will be piloted. They should show benefits of PRISMACLOUD services and also demonstrate how they could be integrated in real world applications to reach higher security and privacy levels.

The consortium with 16 partners from 7 different EU member states and two associated countries (Switzerland and Israel) is led by AIT Austrian Institute of Technology GmbH (Vienna, Austria) as project coordinator, and Graz University of Technology (Graz, Austria) as Technological Manager. Further partners include Atos Spain, S.A. (Spain), CEA - Commissariat à l’énergie atomique et aux énergies alternatives (France), TUDA - Technische Universität Darmstadt (Germany), ETRA - ETRA Investigación y Desarrollo S.A. (Spain), FCSR - Fondazione Centro San Raffaele (Italy), IBM - IBM Israel Science & Technology Ltd. (Israel), IRT - Interoute S.p.a. (Italy), KAU - Karlstad University (Sweden), LISPA - Lombardia Informatica S.p.A. (Italy), MPL – MikroPlan GmbH (Germany), UNEW - University of Newcastle upon Tyne (UK), UNIL - Université de Lausanne (Switzerland), UNI PASSAU - Universität Passau (Germany), XiTrust – XiTrust Secure Technologies GmbH (Austria). Furthermore, PRISMACLOUD has initiated a User Advisory Board which consists of experts from academia and industry and from different fields, such as cloud providers, end users, policy makers, exponents from legislation and standardisation bodies, and other stakeholders.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

In summary, the project progresses as planned within the proposed budget and timeframe. The major outcome of the first period was dedicated to the design of use cases and the derivation of requirements on various levels in WP2. The requirements are now the main guidance for developments in WP3, WP4, WP5, WP6 and WP7. They define the need of users and what they consider practical and also commercially interesting. Backing the research and developments of PRISMACLOUD on real world scenarios was an important step in the first year. In fact, work done so far in WP4 could already close some gaps identified by mapping requirements from the use cases to the state of the art in cryptography. First achievements have already been published (17 scientific publications) which helped to generate substantial visibility in the research community. Moreover, the use cases developed in WP2 also helped to generate awareness throughout stakeholder groups relevant for exploitation of project results. Finally, to demonstrate the impact of PRISMACLOUD for European citizens, another important stakeholder group, we made a video explaining in simple words how the project outcome can be useful for them. In the next period more output on the research side is expected, but more importantly, the project will deliver specifications and implementations of novel trustworthy cloud services with increased security and privacy compared to the state of the art.

In the following we present the work performed during the first 12 month and achievements for each work package (WP) separately.

* WP1 Project Management (AIT) (M01-M42): AIT set up and maintained the website https://prismacloud.eu, the twitter and LinkedIn accounts as well as the project IT infrastructure; distributed the pre-financing to the consortium; produced and submitted D1.1 “Project Handbook” [M03] as well as D1.2 “First management and progress report” [M12]; coordinated the first amendment to the Grant Agreement to the commission. AIT and TU Graz organized regular telcos and two plenary meetings. Moreover, AIT and TU Graz took corrective actions whenever needed. The main achievements include having the project on track, by keeping the project schedule on time and within budget, providing technical assistance, executing administration of the contracts and project financial management, liaise between the EC and the consortium partners, and by facilitating user’s involvement through the establishment of the user advisory board. The goals regarding project management for the first reporting period have been achieved.

* WP2 Use cases and requirement (LISPA) (M01-M21): Period 1 work in WP2 has been mainly aimed at the identification of the user requirements and the definition of the use cases. Semi-structured interviews, surveys and focus groups with end users and key stakeholders have been conducted. A balanced distribution and meaningful application of cryptographic tools in the different use cases has been achieved and deliverables D2.1 “Legal, social and HCI requirements” [M09], D2.2 “Domain independent generic security models” [M12], D2.3 “Use case specification” [M12], D2.4 “Progress report on threat analysis and security requirements” [M12] have been submitted.

* WP3 End user and business deployment (KAU) [M01-M42]: WP3 has the overall objective to promote the uptake of PRISMACLOUD by end users and business. For achieving this, it is conducting research on factors motivating both end users and businesses to use/deploy PRISMACLOUD’s novel methods and services, provide HCI guidelines for the development of usable user interfaces, and develops business and governance models and best practice solutions for PRISMACLOUD.

However, in the first period mainly Task 3.1 was active which collected and reviewed the current baseline security (standard security measures) of cloud services and provides and analysis of potential impact of deployment of secure cloud services in order to facilitate faster, and more sustainable diffusion and market adoption. T3.1 has completed its work in time and delivered D3.1 “Analysis of current baselines and best practices for secure services” [M09]. The three other tasks only started in the 2nd half of the first project year (month 7 or month 10).

* WP4 Advancement of enabling cryptographic primitives, protocols and schemes (TU Graz) [M01-M30]: The objective of WP4 is to investigate and design cryptographic primitives and protocols to be used as building blocks in next generation secure cloud services designed within PRISMACLOUD. Within the first year, first and foremost we have reviewed the state-of-the-art in all the fields that are covered by the research on security and cryptography tools within PRISMACLOUD. The overview and findings are documented in project deliverables (D4.1, D4.4, D4.6, D4.9). In particular, we have reviewed the state-of-the-art in secret sharing techniques for storage systems, malleable and functional signature schemes as well as format- and order-preserving encryption schemes. Furthermore, the consortium has obtained several research results in the context of malleable signature schemes and is currently working on cryptographic protocols for challenges that appeared during the requirements gathering of the use-cases. Also the consortium has made progress in researching privacy-enhancing cryptography and in particular studying revocation mechanisms and the design of attribute-based anonymous credential systems as well as group signature schemes and other privacy-friendly authentication mechanisms for authenticating to the cloud. The results obtained in this work package have been presented in various scientific conferences. Moreover talks and lectures from partners involved in the WP have been given.

* WP5 Basic building blocks for secure services (TUDA) [M07-M42]: In WP5, existing solutions for multi-cloud secure cloud storage were analysed and a new storage architecture to be used in PRISMACLOUD was outlined. Furthermore, the challenges introduced by the new architecture were identified and discussed in deliverable D5.1 “Design of distributed storage systems without single-point-of failure” and techniques beyond traditional issues in a storage have been investigated. We also started to analyse the state-of-the-art and the requirements for privacy and anonymization techniques and completed deliverable D5.5 “Analysis of the requirements for and the state of the art for privacy and anonymisation techniques. We investigated the state-of-the-art with respect to verifiable computing and finalized deliverable D5.8 “Overview of verifiable computing techniques providing private and public verification”. In parallel, the use of various malleable and functional signatures schemes for authenticity, accountability, and privacy in workflows were evaluated. Finally, we already started with analysing commitment schemes that are assumed to be post quantum secure and by introducing proactivity to hierarchical secret sharing schemes.

* WP6 Efficient and secure implementations (CEA) [M07-M42]: In WP6 we started with selected prototypical implementations of cryptographic primitives to assist in the selection of the primitives for their use on higher layer building blocks within WP5. So far we had a focus on implementing several building blocks for privacy-enhancing cryptography, i.e., group signatures and attribute-based anonymous credentials (ABCs) in the languages C and Java. Moreover, we have implemented a highly efficient and state-of-the-art implementation of cryptographic bilinear pairings in the programming language Java, which will be used as a basis in Task 6.2. In the context of secure data storage, we have focused on an evaluation of the performance of various secret sharing schemes in software and we worked on modularizing the existing ARCHISTAR framework. Moreover, CEA performed a state-of-the-art review of side channel attack (SPA, DPA, CPA, algebraic), with a particular focus on attacks based on power consumption analysis.

* WP7 Composition of next-generation secure cloud services (UNI PASSAU) [M07-M42]: The goal of WP7 is to allow an easy adoption of principles and mechanisms researched in PRISMACLOUD. Currently, the tasks within the WP are at an early stage, but work has been started as planned. Initial brainstorming and early discussion among all partners of this task (AIT, ATOS, CEA, LISPA, UNIL UNI PASSAU, XiTrust) took place already and first results are expected in M12.

* WP8 Experimental evaluation and validation of use cases (ETRA) [M19-M42]: This WP did not start yet.

* WP9 Exploitation and dissemination (UNIL) [M01-M42]: During the reporting period a range of dissemination, exploitation, standardization and communication activities have been undertaken by the PRISMACLOUD consortium and various communications tools were developed. Each consortium partner actively worked to disseminate the project in national, European and international level. The activities carried out by the PRISMACLOUD consortium are summarized to:

Initial assessment of current cloud standardization efforts and development of a standardization action plan; numerous participations in high profile conferences and workshops; presentations to industry; participation to events organised by the European Commission; talks at events related to the cloud; 17 scientific publications (peer reviewed, technical reports and chapter in book); 5 public technical deliverables; joint events with other European projects; participation to DPSP Cluster dedicated to Data Protection, Security and Privacy (DPSP) in the Cloud, part of the Clusters of European Projects on Cloud; establishment of a User Advisory Board; establishment of liaisons with other H2020 and FP7 research projects; designation of projects identity; preparation of advertising materials such as flyer, poster, USB sticks; web presence by designing a simple and easy to navigate website and set up of social media accounts; distribution of newsletter and press release; lectures; and PhD, Master and Bachelor thesis.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

The project is advancing the state of the art in various aspects. In order to explain the progress and also the potential impact generated we are grouping the results. In particular, we have developed the PRISMACLOUD architecture which describes the different layers we are working on in order to develop secure cloud services. Besides more efficient collaboration and maximization of the project outcome, the PRISMACLOUD architecture should also lead to better and clearer dissemination and exploitation of project results. The architecture comprises 4 layers called Primitives & Protocols, Tools, Services and Applications. They are organized in a bottom up fashion and we are explaining the progress and expected impact for each of them.

On the Primitives & Protocols layer PRISMACLOUD is advancing cryptography. Cryptographic methods are improved and adapted to fit the requirements we derived from the use cases developed in the project. Advancement of cryptography in the right direction make them practically relevant and is a basic prerequisite for generating impact. The PRISMACLOUD already achieved considerable progress in this area and already disseminated them via 17 scientific publications already in the first year. We expect to have much more advancement in this area and generate a substantial impact in the scientific community.

The Tools layer encapsulates the so called PRISMACLOUD tools. On one hand tools are abstract concepts which describe how cryptography can be combined to provide useful functionality. On the other hand tools are accompanied with software implementations which help to apply them to build real world applications in a fast and efficient way. The goals of the Tools layer is to facilitate the possibility to build various kinds of services out of one tool in a very flexible way and therefore to open up broad application of PRISMACLOUD results. The PRISMACLOUD toolkit comprises 5 new tools which are currently under development and which advance the state of the art. We develop tools for secure object storage, flexible authentication with selective disclosure, verifiable data processing, infrastructure certification and data privacy. All tools provide new security and/or privacy properties not available today in the cloud market. Furthermore, they enable the implementation of new cloud services with increased security and privacy in short time and without deep knowledge of underlying cryptography. They help to make the results more accessible. Having access to such documentation and software implementations will enable cloud service architects to benefit from new technical security and privacy features not available today. The potential for European providers could be substantial, because they could develop a competitive advantage over existing offerings and compete in this growing market, especially in the business domain.

To demonstrate the benefits of the tools, in the service layer we are developing new services based on the specific tools developed. The services are part of the service layer and give developers of applications a simple way to access the PRISMACLOUD tools.

The selected services will be deployed and showcased in the pilots of the projects. However, the services are designed in a domain independent manner and with broad application fields in mind and the tools easily allow to design new services. They could be commercialized right after the project by partners in different form and providers, e.g., Interoute can directly extend their offerings and reach a large market. Furthermore, some of the services do not even require a full access to the data center they run in, i.e., they can be directly deployed on public cloud services. This enables even small companies without own infrastructure to benefit from PRISMACLOUD results and facilitates an even broader impact of the project. Finally, the potential impact on the service layer is also expected to be substantial, because the services give application developers an easy way to access the cryptographic tools developed and integrate them in their applications. In short, delivering PRISMACLOUD results also as services fully unleashes their potential impact, because their users can fully benefit from the advantages of the cloud, i.e., scalability and elasticity as well as the pay-per-use model.

To outreach to end users and also demonstrate the higher level of security of PRISMACLOUD services we are piloting the use cases in three domains. The use cases will be the first to support the new features of the secure develop din the project and demonstrate the added value for end users. The pilots also demonstrate to application developers and cloud architects, how the services can be used and integrated. The specification of the use cases have been part of the first phase and their implementation will take part in the last phase. However, we already developed new use cases in the domains of e-Health, e-Government and Smart-City which are extending the state of the art in security and privacy of cloud services or use the results of PRISMACLOUD to enable the cloudification of existing services.

Related information

Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top