PRIvacy and Security MAintaining services in the CLOUD
PRISMACLOUD (PRIvacy and Security MAintaining services in the CLOUD) was a H2020 research project of 42 months duration dedicated to the enablement of secure cloud-based services by improving and adopting novel methods from cryptographic research to increase the trustworthiness of cloud offerings. The research agenda of PRISMACLOUD was based on the following objectives, which we were targeting with our developments. On the one hand, we focused on confidentiality of data during their life cycle in the cloud. Secondly, we put significant effort in verifiability features for data in the cloud and thirdly, also the privacy of users interacting with a cloud environment. To assure the practical relevance of the developments within PRISMACLOUD, the aforementioned efforts were accompanied by non-cryptographic research and development topics considered essential for the commercial success of the project results. The consortium provided secure and efficient software and hardware implementations of core technologies and showcased them in selected testbeds. In fact, new cryptographic software tools were developed, and eight novel cloud services were designed. Furthermore, use-cases from three different application domains were used to demonstrate and evaluate the potential of the project outcome, i.e., demonstrate a measurable increase in service level security and privacy. Furthermore, novel humancomputer interaction (HCI) guidelines helped to design services, which respect the users’ needs and therefore guarantee for best acceptance. In order to allow a proper use of the developed methods in novel application scenarios after the project, a holistic security framework and accompanying usage patterns were prepared in support of service developers. The major outcome of PRISMACLOUD is a novel cryptographic toolkit to build security and privacy enhanced services as well as a portfolio of eight security enhanced cloud services. The delivered blueprints of the technologies together with software implementations will foster the use of cryptography in cloud computing to build end-to-end secure services. This is of enormous importance, given the risk associated to a large scale use of cloud computing without proper security and privacy mechanisms in place. Consequently, PRISMACLOUD can help to increase the security and privacy of European citizens by increasing the security and privacy standards of cloud services. The consortium with 16 partners from seven different EU member states and two associated countries (Switzerland and Israel) was led by AIT Austrian Institute of Technology GmbH.
Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far (For the final period please include an overview of the results and their exploitation and dissemination) In the first period the use cases have been specified and the requirements gathered as well as the research gaps identified. The second period was dedicated to research and development activities towards the development of the PRISMACLOUD toolkit and services, which are among the main results of the project. In the third period the developed technologies were tested and evaluated in different application scenarios. In the following we present the work performed and achievements in the project on a work package level. WP3 was dedicated to promoting the uptake of PRISMACLOUD by end users and business. For achieving this, research on factors motivating both end users and businesses to use/deploy PRISMACLOUD’s novel methods and services have been conducted as well as HCI guidelines for the development of usable user interfaces were established. Additionally, a reference architecture has been developed in WP7 together with a development methodology, which helped in the engineering of the eight security and/or privacy enhanced PRISMACLOUD services. In WP4 enabling cryptographic primitives, protocols and schemes have been advanced. We improved the state in different topics and provided the basis for the PRISMACLOUD toolkit designed in WP5. The toolkit comprises five tools, i.e., secret sharing based distributed storage, end-toend authenticity while preserving privacy, verifiable data processing, certification of virtualized infrastructures, encryption of structured data and anonymization of large data sets. All these tools were also implemented in software/hardware (WP6) and have been cloudified via the PRISMACLOUD services (WP7). Finally, the eight security and/or privacy enhanced PRISMACLOUD services have been evaluated and validated in a testbed infrastructure (WP8). The consortium was able to generate high visibility in the scientific community and achieved 87 publications including top venues in the respective fields. It also started with the exploitation of the results and already identified six key exploitable results for near-term commercialization. Furthermore, three out of the eight developed services have already been selected for testing in near operational environments and will be commercialized within a year after the projects’ end.
Progress beyond the state of the art, expected results until the end of the project and potential impacts (including the socio-economic impact and the wider societal implications of the project so far) The project advanced the state of the art in various aspects. In order to explain the expected results and the potential impact generated, we are grouping the results into four layers, i.e., Primitives, Tools, Services and Applications. On the Primitives layer PRISMACLOUD advanced the state-of-the-art in various cryptographic fields. Cryptographic methods were improved and adapted to fit the requirements that have been derived from the use cases developed within the project. Advancement of cryptographic methods and protocols towards more flexibility, functionality, efficiency and stronger provable security guarantees was a basic prerequisite for generating impact. The Tools layer encapsulates the so called PRISMACLOUD toolkit which comprises five novel technologies developed within the project and make the research output more tangible. Tools describe how cryptography can be combined to provide useful functionality and are accompanied with software implementations which help to build real world applications in a convenient and efficient way. We developed tools for secure object storage, flexible authentication with selective disclosure, verifiable data processing, infrastructure certification and data privacy. All tools provide new security and/or privacy properties not available today in the cloud market. In the service layer we developed eight new services based on the specific tools developed. The services expose the functionality of the PRISMACLOUD tools in a way that they can easily be accessed via the Web. The services were designed in a domain independent manner and with broad application fields in mind, therefore, they can be commercialized right after the project by partners in different form and providers like Interoute can directly extend their offerings. Furthermore, some of the services do not even require a full access to the data center they run in, i.e., they can be directly 2 deployed on public cloud services. Finally, the potential impact on the service layer is expected to be substantial, because the services give application developers an easy way to access the cryptographic tools developed and integrate them in their applications. To outreach to end users and demonstrate the higher level of security of PRISMACLOUD services we were piloting the use cases in three domains. The use cases were the first to support the new features of the secure services in the project and demonstrated the benefit for end users.
Address (URL) of the project's public website
- Partner: AIT Austrian Institute of Technology GmbH (Koordinator), ATOS SPAIN SA, COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES, TECHNISCHE UNIVERSITAET DARMS TADT, ETRA INVESTIGACION Y DESARROLLO SA, Fondazione Centro San Raffaele, TECHNISCHE UNIVERSITAET GRAZ, IBM ISRAEL - SCIENCE AND TECHNOLOGY LTD, 9. INTEROUTE S.P.A., 10. KARLSTADS UNIVERSITET, LOMBARDIA INFORMATICA SPA, MIKROPLAN GMBH, UNIVERSITY OF NEWCASTLE UPON TYNE, UNIVERSITE DE LAUSANNE, UNIVERSITAT PASSAU, 16. XITRUST SECURE TECHNOLOGIES GMBH
- Förderprogramm: H2020-ICT-2014-1, ICT-32-2014, Cybersecurity, Trustworthy ICT
- Projektlaufzeit: 02/2015-07/2018