From travelling to buying coffee, shopping online and sharing on social media, our lives are becoming increasingly digital. But while you’re busy living your daily digital life – swiping a credit card here, filling in a digital form there – your critical data is not protected, and your identity is exposed. To help keep your personal information from falling into the wrong hands, the EU-funded CREDENTIAL project has developed an innovative cloud-based service for storing, managing, and sharing digital identity information and other critical personal data. The CREDENTIAL project set out to develop a cloud-based ‘wallet’ for storing and managing personal information. “Using our wallet, individuals can easily upload their personal data and have complete control over what information is shared with who, where, and when,” says Project Coordinator Stephan Krenn. “On the other hand, CREDENTIAL provides the data receiver with a guarantee that the data – whether shared in whole or in part – is authentic and has not been altered in any way.” Protecting privacy by cryptography The main idea behind CREDENTIAL was to enable end-to-end security and improved privacy in cloud identity management services for managing secure access control. To achieve this, researchers utilised advanced novel cryptographic technologies and improved authentication mechanisms. For example, by using multi-factor authentication with end-to-end encryption, CREDENTIAL offers a significant advantage over traditional, password-based authentication schemes. Furthermore, the solution can be easily integrated into existing cloud services. “The project pushed the state-of-the-art in privacy-preserving cryptography and cryptographic primitives for cloud-based data sharing, while also contributing to research on human-computer interaction,” explains Krenn. The CREDENTIAL Wallet has been successfully demonstrated in several real-world pilots, including in such high-security domains as eHealth, eBusiness and eGovernment. “These pilots prove the practical efficiency and usability of highly trustworthy cloud-based authentication and data sharing platforms,” adds Krenn. Easing legal compliance The CREDENTIAL Wallet addresses real-world needs, which Krenn says is crucial for adoption by both end-users and end-customers. “Our solution decreases the risk in case of data breaches, lowers the level of trust that needs to be put into a cloud service, and supports service providers in their compliance with legal privacy and data protection regulations like the GDPR,” he adds. By increasing the trustworthiness of cloud services without negatively effecting the efficiency or usability of existing services, CREDENTIAL has contributed to the European Next Generation Internet initiative’s work on increasing online security and privacy. The project was also very active in standardisation and certification. For instance, EuroCloud StarAudit, a European cloud certification organisation, integrated a catalogue on cryptography developed by CREDENTIAL into its certification scheme. Together with the PRISMACLOUD project, CREDENTIAL researchers initiated a new ISO/IEC standard on advanced signatures, one of the core cryptographic building blocks underlying the CREDENTIAL Wallet. With the project now closed, consortium partners are working to integrate the CREDENTIAL Wallet into their own services. They are also in contact with relevant stakeholders to guarantee an efficient market uptake of the technologies.
CREDENTIAL, CREDENTIAL Wallet, data protection, cybersecurity, digital identity, cryptography, cloud services, data sharing, GDPR