by Daniel Slamanig, Agi Karyda and Thomas Lorünser
The EU Horizon 2020 PRISMACLOUD research project is dedicated to enabling secure and trustworthy cloud-based services by improving and adopting novel tools from cryptographic research.
Cloud computing is seen as a major growth area in ICT, with a 2013 forecast from International Data Corporation predicting that worldwide spending on public cloud services will exceed USD $107 billion in 2017. Despite these predictions, the practical adoption of cloud computing technologies may be greatly hindered by inadequate security and privacy protection. Some fundamental properties of (public) cloud computing, such as being an open platform, its anytime and anywhere accessibility, as well as the intrinsic multi-tenancy, introduce new security threats, leading to tremendous risk for personal and sensitive data. Studies from the EU Agency for Network and Information security (ENISA) show that security and privacy concerns represent major stumbling blocks for cloud adoption within European industry.
The need to protect the security and privacy of the data in the cloud is therefore a critical issue. The strongest level of protection can be achieved through cryptography. However, although many recent advances in cryptography have yielded promising tools for cloud computing, far more work is required to transform theoretical techniques into practical solutions for the cloud. PRISMACLOUD is contributing to this transformation by developing tools that allow the next generation of cryptographically secured cloud services to be built with security and privacy incorporated by design and from end to end.
PRISMACLOUD’s research, and resulting developments [1], are based on the following objectives. On the one hand we focus on confidentiality of data, which is considered absolutely essential when outsourcing data into the cloud. In particular, we target the development of secure distributed cloud storage systems (i.e., the cloud-of-cloud approach [2]) as well as encryption and tokenization solutions for legacy applications already running in the cloud. Secondly, we are putting significant effort in verifiability features for the cloud. Thereby, we focus on cryptographic means (such as verifiable computing and malleable signatures [3]) to protect the integrity and authenticity of dynamic data in cloud-based workflows and computational tasks. Moreover, we are also focusing on cryptographic means (e.g., graph signatures) that allow auditors to attest or certify the cloud infrastructure and thus help providers to increase the transparency for customers without revealing internal information about the configurations. Thirdly, the privacy of users interacting with a cloud environment requires adequate protection. To protect user privacy, we apply privacy enhancing technologies (e.g., attribute-based anonymous credentials) to implement data minimization strategies and access privacy. In addition, we are interested in efficient data anonymization algorithms to anonymize large datasets to facilitate privacy-friendly data sharing and third party use.
To assure the practical relevance of the developments within PRISMACLOUD, the aforementioned efforts are accompanied by non-cryptographic research topics considered essential for the commercial success of the project results. We will provide secure and efficient software implementations of core technologies and showcase them in selected testbeds. Three different use-cases from different application domains will be used to demonstrate and evaluate the potential of the project outcome, i.e., demonstrate a measurable increase in service level security and privacy. Furthermore, novel human-computer interaction (HCI) guidelines, including HCI design patterns for usable cryptography and protocols for the cloud, will help to design services that respect the users’ needs and will therefore maximize acceptance of the technology. In order to use the developed methods properly in novel application scenarios after the project, a holistic security framework and accompanying usage patterns will be prepared in support of service developers. Finally, a vital goal of the project is for the results to be incorporated into standards related to cloud security, and we will actively participate in various standardization bodies in the second phase of the project.
The PRISMACLOUD project has been running since February 2015 and is a 42 month project that receives funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No 644962. The project is coordinated by AIT and its consortium consists of 16 partners from academia and industry from nine different countries.
Links:
Website: https://prismacloud.eu
LinkedIn: https://linkedin.com/in/prismacloud
Twitter: @prismacloud, http://twitter.com/prismacloud
CORDIS: http://cordis.europa.eu/project/rcn/194266_en.html
References:
[1] T. Lorünser et al.: “Towards a New Paradigm for Privacy and Security in Cloud Services”, Cyber Security and Privacy, Vol 530 of CCIS, Springer, 2015.
[2] T. Lorünser, A. Happe, D. Slamanig: “ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing”, CloudCom 2015, IEEE, 2015.
[3] D. Derler et al.: “A General Framework for Redactable Signatures and New Constructions”, 18th International Conference on Information Security and Cryptology, LNCS, Springer, 2015.
Please contact:
Thomas Lorünser, AIT Austrian Institute of Technology GmbH
Tel: +43 664 8157857, E-mail: