CREDENTIAL is an EU Horizon2020-funded research project developing, testing, and showcasing innovative cloud-based services for storing, managing, and sharing digital identity information and other highly critical personal data with a demonstrably higher level of security than other current solutions. The main idea and goal of CREDENTIAL is to enable end-to-end security and improved privacy in cloud identity management services for managing secure access control. This is achieved by advancing novel cryptographic technologies and improving strong authentication mechanisms.
With increasing mobility and Internet use the demand for digital services also increases, and has already reached critical and high assurance domains such as e-Government, e-Health, and e-Business. Those domains have high security and privacy requirements and hence will be harnessed with various novel mechanisms for secure access. Approaches for handling the resulting variety of authentication and authorization mechanisms include the use of digital identity and access management systems (IAM). Like other technologies, IAMs follow the trend into the cloud. However, while this allows users to benefit from advantages including scalability and ubiquitous access to identity data, this development also introduces the challenge of securely operating IAMs in the cloud.
The goal of CREDENTIAL is to develop, test, and showcase innovative cloud-based services for storing, managing, and sharing digital identity information and other critical personal data. The security of these services relies on the combination of strong hardware-based multi-factor authentication with end-to-end encryption, representing a significant advantage over current password-based authentication schemes. The use of sophisticated proxy cryptography schemes will enable a secure and privacy-preserving information sharing network for cloud-based identity information in which even the identity provider cannot access the data in plain-text, and hence protect access to identity data.
We focus not only on evaluating and applying novel crypto-approaches to IAMs, but also on implementing them in an easy-to-use way to encourage secure handling of identity data. In order to also address security, privacy and trust issues related to the cloud platforms and services used, we will investigate assurance and resilience approaches for enhancing underlying cloud services. To empirically evaluate our work and to produce outputs of a high technical readiness we will consider use cases from all three domains mentioned above.
- Project start: October 2015
- Project duration: 36 months
- Project costs: approximately EUR 6.6 million.
- Funding: EU-funding of approximately EUR 6.0 million.
- Coordination: AIT Austrian Institute of Technology GmbH
- Partners: Atos SE (Spain); Fraunhofer FOKUS (Germany); Goethe University Frankfurt (Germany); Graz University of Technology (Austria); OTE Hellenic Telecommunications Organizations SA (Greece); InfoCert S.p.A. (Italy); Karlstad University (Sweden); Klughammer GmbH (Germany); Lombardia Informatica S.p.A. (Italy); Stiftung Secure Information and Communication Technologies (Austria); Eurocloud Europe a.s.b.l. (Luxembourg)