PRISMACLOUD (PRIvacy and Security MAintaining services in the CLOUD) was a H2020 research  project of 42 months duration dedicated to the enablement of secure cloud-based services by  improving and adopting novel methods from cryptographic research to increase the trustworthiness  of cloud offerings. The research agenda of PRISMACLOUD was based on the following objectives,  which we were targeting with our developments. On the one hand, we focused on confidentiality of  data during their life cycle in the cloud. Secondly, we put significant effort in verifiability features  for data in the cloud and thirdly, also the privacy of users interacting with a cloud environment.  To assure the practical relevance of the developments within PRISMACLOUD, the aforementioned  efforts were accompanied by non-cryptographic research and development topics considered essential  for the commercial success of the project results.  The consortium provided secure and efficient software and hardware implementations of core  technologies and showcased them in selected testbeds. In fact, new cryptographic software tools were  developed, and eight novel cloud services were designed. Furthermore, use-cases from three different  application domains were used to demonstrate and evaluate the potential of the project outcome, i.e.,  demonstrate a measurable increase in service level security and privacy. Furthermore, novel humancomputer  interaction (HCI) guidelines helped to design services, which respect the users’ needs and  therefore guarantee for best acceptance. In order to allow a proper use of the developed methods in  novel application scenarios after the project, a holistic security framework and accompanying usage  patterns were prepared in support of service developers.  The major outcome of PRISMACLOUD is a novel cryptographic toolkit to build security and  privacy enhanced services as well as a portfolio of eight security enhanced cloud services. The  delivered blueprints of the technologies together with software implementations will foster the use of  cryptography in cloud computing to build end-to-end secure services. This is of enormous importance,  given the risk associated to a large scale use of cloud computing without proper security and privacy  mechanisms in place. Consequently, PRISMACLOUD can help to increase the security and privacy of  European citizens by increasing the security and privacy standards of cloud services. The consortium  with 16 partners from seven different EU member states and two associated countries (Switzerland  and Israel) was led by AIT Austrian Institute of Technology GmbH. 

Work performed from the beginning of the project to the end of the period covered by the report  and main results achieved so far (For the final period please include an overview of the results  and their exploitation and dissemination)  In the first period the use cases have been specified and the requirements gathered as well as the  research gaps identified. The second period was dedicated to research and development activities  towards the development of the PRISMACLOUD toolkit and services, which are among the main  results of the project. In the third period the developed technologies were tested and evaluated in  different application scenarios. In the following we present the work performed and achievements in  the project on a work package level.  WP3 was dedicated to promoting the uptake of PRISMACLOUD by end users and business.  For achieving this, research on factors motivating both end users and businesses to use/deploy  PRISMACLOUD’s novel methods and services have been conducted as well as HCI guidelines for  the development of usable user interfaces were established. Additionally, a reference architecture has  been developed in WP7 together with a development methodology, which helped in the engineering  of the eight security and/or privacy enhanced PRISMACLOUD services.  In WP4 enabling cryptographic primitives, protocols and schemes have been advanced. We improved  the state in different topics and provided the basis for the PRISMACLOUD toolkit designed  in WP5. The toolkit comprises five tools, i.e., secret sharing based distributed storage, end-toend  authenticity while preserving privacy, verifiable data processing, certification of virtualized  infrastructures, encryption of structured data and anonymization of large data sets. All these tools were  also implemented in software/hardware (WP6) and have been cloudified via the PRISMACLOUD  services (WP7). Finally, the eight security and/or privacy enhanced PRISMACLOUD services have  been evaluated and validated in a testbed infrastructure (WP8).  The consortium was able to generate high visibility in the scientific community and achieved  87 publications including top venues in the respective fields. It also started with the exploitation  of the results and already identified six key exploitable results for near-term commercialization.  Furthermore, three out of the eight developed services have already been selected for testing in near  operational environments and will be commercialized within a year after the projects’ end. 

Progress beyond the state of the art, expected results until the end of the project and potential  impacts (including the socio-economic impact and the wider societal implications of the project  so far)  The project advanced the state of the art in various aspects. In order to explain the expected results  and the potential impact generated, we are grouping the results into four layers, i.e., Primitives, Tools,  Services and Applications.  On the Primitives layer PRISMACLOUD advanced the state-of-the-art in various cryptographic  fields. Cryptographic methods were improved and adapted to fit the requirements that have been  derived from the use cases developed within the project. Advancement of cryptographic methods and  protocols towards more flexibility, functionality, efficiency and stronger provable security guarantees  was a basic prerequisite for generating impact.  The Tools layer encapsulates the so called PRISMACLOUD toolkit which comprises five novel  technologies developed within the project and make the research output more tangible. Tools describe  how cryptography can be combined to provide useful functionality and are accompanied with software  implementations which help to build real world applications in a convenient and efficient way. We  developed tools for secure object storage, flexible authentication with selective disclosure, verifiable  data processing, infrastructure certification and data privacy. All tools provide new security and/or  privacy properties not available today in the cloud market.  In the service layer we developed eight new services based on the specific tools developed. The  services expose the functionality of the PRISMACLOUD tools in a way that they can easily be  accessed via the Web. The services were designed in a domain independent manner and with broad  application fields in mind, therefore, they can be commercialized right after the project by partners in  different form and providers like Interoute can directly extend their offerings. Furthermore, some of  the services do not even require a full access to the data center they run in, i.e., they can be directly  2  deployed on public cloud services. Finally, the potential impact on the service layer is expected to be  substantial, because the services give application developers an easy way to access the cryptographic  tools developed and integrate them in their applications.  To outreach to end users and demonstrate the higher level of security of PRISMACLOUD services we  were piloting the use cases in three domains. The use cases were the first to support the new features  of the secure services in the project and demonstrated the benefit for end users.

Address (URL) of the project's public website

https://prismacloud.eu