Cryptographic solutions offer enhanced cloud security

It isn’t just individuals uploading more and more information to the cloud, governments and companies do so too – but at what risk? One project set out to respond to security and privacy concerns.

Cloud computing is fast becoming the principal IT infrastructure facilitating, and often driving, the digital marketplace. According to one projection, the Worldwide Public Cloud Services Market will be worth USD 206.2 billion in 2019, up from 175.8 billion in 2018, a growth of 17.3 3 %. However, with a dearth of reassuring security arrangements, public authorities and companies are hesitant to entrust the storage and processing of sensitive data to external suppliers. PRISMACLOUD was set up to develop cryptographic solutions. The EU-funded project created a toolkit, alongside a portfolio of eight security enhanced cloud services. Together with the associated software, these enable end-to-end secure data services.

Gap in the clouds

PRISMACLOUD set out to fill a pronounced gap in the market for user-friendly and accessible security solutions. “Cloud computing is essentially a new form of IT outsourcing. And just as you would perform due diligence on any outsourcing company, so you need to fully trust cloud-based arrangements. Modern cryptography could reduce the reliance on trust alone by allowing control over data,” says Mr Thomas Loruenser, project coordinator. The solution combines different data protection approaches. “For example the core idea of one service is to distribute trust using encoding techniques across multiple clouds. In effect because data is fragmented no single part can reveal discernible, intelligible information to the storage provider”, says Loruenser. Moreover, because only a subset of the fragments is needed to reconstruct the data, the system is also resilient against single provider failures. As a proof of concept to demonstrate a measurable increase in service level security and privacy, PRISMACLOUD developed three case-studies based within the fields of SmartCity, e-Government, and e-Health. Project solutions were integrated into existing applications, as well as alongside new ones. By combining the pilots’ results with human-computer interaction research, PRISMACLOUD was able to identify further developments necessary for commercialisation, while better reflecting users’ needs. Generating recommendations for applications through the case studies also helps increase user acceptance of the technology.

Growing the digital single market

Access to more trustworthy cloud services will be a key enabler for European industry and for the European Cloud Strategy. One of PRISMACLOUD’s key advantages is that it can be mounted on top of existing cloud offerings, even those of less trusted lineage. The work done on data authenticity, based on digital signatures, is also relevant to digital identities’ (eIdas) regulations. Additionally, PRISMACLOUD’s enhancement of privacy directly supports the implementation of the General Data Protection Regulation (GDPR). PRISMACLOUD has succeeded in nudging some of its research results towards higher Technical Readiness Levels and its data privacy tools are already of interest to IBM. Furthermore, PRISMACLOUD’s methodology has been licensed to a start-up company which has already released its first product based on the technology. The team is further commercialising the project’s services, as well as continuing activities towards achieving standardisation of cloud security service levels and advanced digital signatures. However, as Loruenser says, “The technology has to adapt to new use cases, such as the Internet of things, which requires more advanced manipulation of encrypted and authenticated data. We also need security against potential quantum computer attacks in the future. We will be working in these areas.”