CREDENTIAL - Secure Cloud Identity Wallet
With increasing mobility and Internet use, the demand for digital services has increased and already reached critical and high assurance domains like e-Government, e-Health, and e-Business. Those domains have high security and privacy requirements and hence will be harnessed with various novel mechanisms for secure access. Approaches for handling the resulting variety of authentication and authorisation mechanisms include the use of digital identity and access management systems (IAM). Like other technologies IAMs follow the trend of using cloud services. This allows abstracting over used resources and enables ubiquitous access to identity data which is stored and processed in the cloud, but also results in an additional degree of complexity for securely operating IAMs.
CREDENTIAL is an EU Horizon 2020 research project of 36 month duration (October 2015 – September 2018) which aiming to develop, test, and showcase innovative cloud-based services for storing, managing, and sharing digital identity information and other highly critical personal data with a demonstrably higher level of security than other current solutions.
The security of these services relies on the combination of strong hardware-based multi-factor authentication with end-to-end encryption representing a significant advantage over current password-based authentication schemes. The use of sophisticated proxy cryptography schemes will enable a secure and privacy preserving information sharing network for cloud-based identity information in which even the identity provider cannot access the data in plain-text and hence protect access to identity data. CREDENTIAL focuses not only on evaluating and applying novel crypto-approaches for IAMs but also on implementing them in an easy-to-use way to motivate secure handling of identity data. In order to also address security, privacy and trust issues related to the used cloud platforms and services the project will investigate assurance and resilience approaches for enhancing underlying cloud services. To empirically evaluate the work and to produce outputs of a high technical readiness use cases from all three domains mentioned above will be considered.
The consortium with seven industry partners, two applied research organisations, and three universities is led by AIT - Austrian Institute of Technology (Austria) as project coordinator, and IAIK-TUG - Graz University of Technology (Austria) as Technological Manager. Further partners include Atos Spain, S.A. (Spain), FOKUS – FOKUS Fraunhofer Institute for Open Communication Systems (Germany), GUF – Johann Wolfgang Goethe Universität Frankfurt (Germany), OTE – Hellenic Telecommunications Organisation S.A. (Greece), ICERT – INFOCERT S.p.A (Italy), KAU – Karlstad University (Sweden), KGH Klughammer GmbH (Germany), LISPA – Lombardia Informatica S.p.A (Italy), SIC – Stiftung Secure Information and Communication Technologies (Austria), and ECE – EuroCloud Europe a.s.b.l. (Luxembourg/Austria). Furthermore, CREDENTIAL has initiated a User Advisory Board which consists of experts interested in the research results of the project.