Cloud computing is fast becoming the principal IT infrastructure facilitating, and often driving, the digital marketplace. According to one projection, the Worldwide Public Cloud Services Market will be worth USD 206.2 billion in 2019, up from 175.8 billion in 2018, a growth of 17.3 3 %. However, with a dearth of reassuring security arrangements, public authorities and companies are hesitant to entrust the storage and processing of sensitive data to external suppliers. PRISMACLOUD was set up to develop cryptographic solutions. The EU-funded project created a toolkit, alongside a portfolio of eight security enhanced cloud services. Together with the associated software, these enable end-to-end secure data services.

Gap in the clouds

PRISMACLOUD set out to fill a pronounced gap in the market for user-friendly and accessible security solutions. “Cloud computing is essentially a new form of IT outsourcing. And just as you would perform due diligence on any outsourcing company, so you need to fully trust cloud-based arrangements. Modern cryptography could reduce the reliance on trust alone by allowing control over data,” says Mr Thomas Loruenser, project coordinator. The solution combines different data protection approaches. “For example the core idea of one service is to distribute trust using encoding techniques across multiple clouds. In effect because data is fragmented no single part can reveal discernible, intelligible information to the storage provider”, says Loruenser. Moreover, because only a subset of the fragments is needed to reconstruct the data, the system is also resilient against single provider failures. As a proof of concept to demonstrate a measurable increase in service level security and privacy, PRISMACLOUD developed three case-studies based within the fields of SmartCity, e-Government, and e-Health. Project solutions were integrated into existing applications, as well as alongside new ones. By combining the pilots’ results with human-computer interaction research, PRISMACLOUD was able to identify further developments necessary for commercialisation, while better reflecting users’ needs. Generating recommendations for applications through the case studies also helps increase user acceptance of the technology.

Growing the digital single market

Access to more trustworthy cloud services will be a key enabler for European industry and for the European Cloud Strategy. One of PRISMACLOUD’s key advantages is that it can be mounted on top of existing cloud offerings, even those of less trusted lineage. The work done on data authenticity, based on digital signatures, is also relevant to digital identities’ (eIdas) regulations. Additionally, PRISMACLOUD’s enhancement of privacy directly supports the implementation of the General Data Protection Regulation (GDPR). PRISMACLOUD has succeeded in nudging some of its research results towards higher Technical Readiness Levels and its data privacy tools are already of interest to IBM. Furthermore, PRISMACLOUD’s methodology has been licensed to a start-up company which has already released its first product based on the technology. The team is further commercialising the project’s services, as well as continuing activities towards achieving standardisation of cloud security service levels and advanced digital signatures. However, as Loruenser says, “The technology has to adapt to new use cases, such as the Internet of things, which requires more advanced manipulation of encrypted and authenticated data. We also need security against potential quantum computer attacks in the future. We will be working in these areas.”

Mikroplan (MPL) and AIT presented the project results at the Infosecurity Europe. Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 400 exhibitors showcasing the most relevant information security solutions and products to 19,500+ information security professionals.

The stand was organized in a joint effort together with CREDENTIAL project, also a member of the TRUSTEE common dissemination cluster. In fact, besides the results, we were also promoting other H2020 project’s output, who are part of the dissemination cluster. It was a main target to generate awareness of the many innovations produced in the project and to bring project partners in contact with potential commercialization partners for exploitation beyond the consortium.

The overall outcome of the dissemination activity was very positive and we were able to establish more than 20 new contacts within security industry, which were interested in adoption of certain technologies or as a friendly customer.

Additionally, Thomas Lorünser (AIT) gave an oral presentation of the project’s result at the Cyber Innovation Showcase series stage. He presented the results achieved to interested industry people. The presentation raised some interesting discussions, specifically with governmental officials from Scandinavian countries who are involved in the development of a governmental cloud strategy.

The work on PRISMACLOUD’s SECOSTOR tool directly influenced the STF529 work. In deliverable D4.3 - "Efficient Sharing-Based Storage Protocols for Mixed Adversaries", cryptographic access-control mechanisms are discussed where ABE is considered as a possible technique to encrypt", shares of sensitive data at the cloud provider which motivates the use of ABE for enhanced access control mechanisms to reduce the trust in cloud storage providers.

After a first joint workshop where collaboration opportunities have been elaborated, the project partners AIT (PRISMACLOUD) and University of Passau (AGILE) teamed up to integrate a first PRISMACLOUD service into the AGILE open source framework.

In particular, the Secure Archiving Service Proxy (SAaaS) has been integrated into the AGILE gateway software such that it can be seamlessly deployed. The service has been “containerized” and is now available from the AGILE software repository for two different architectures:

• https://hub.docker.com/r/agileiot/archistar-s3-x86_64/
• https://hub.docker.com/r/agileiot/archistar-s3-armv7l/

Also, other services have been identified as interesting addons for the AGILE ecosystem, however, because of licence restrictions they could not be integrated right away.

More information about AGILE IOT project here: http://agile-iot.eu/

Our project coordinator Thomas Lorünser (AIT) will give a talk at Infosecurity Europe 2018 under the "Cyber Innovation Showcase"platform. He will present recent results and prototypes of the two EU funded projects PRISMACLOUD & CREDENTIAL developing novel secure and privacy friendly cloud services and identity management solutions.

The PRISMACLOUD research project is dedicated to enabling secure and trustworthy cloud-based services by improving and adopting novel tools from cryptographic research. The project brings novel concepts and methods to practical application to improve the security and privacy of cloud services.

CREDENTIAL is developing, testing and showcasing innovative cloud-based services for storing, managing, and sharing digital identity information and other highly critical personal data with a demonstrably higher level of security than other current solutions.

Learning Outcomes:

1. Learn about leading edge security topics for cloud computing
2. See new products and services available to protect your data
3. Understand novel cryptographic tools and concepts for security
4. Get in contact with potential partners for commercialisation of new solutions
5. See innovations for GDPR friendly identity management

Picture: Vogel IT-Akademie / © Marko's Photography [1]

Hosting & Service Provider Summit 2018
Frankfurt, Germany, May 16 – 18, 2018

Henrich C. Pöhls (UNI PASSAU) gave a keynote with the title “Cryptography – for a new generation of secure Cloud services”[2] at the seventh hosting and service provider summit. This event for German speaking cloud service providers and “adjacent businesses” was organised for the seventh time by Vogel IT and was visited by around 120 business strategists, CEOs, CTOs, and other key people in the cloud and hosting business. In the keynote Henrich C. Pöhls presented the gains of redactable signature schemes and secret sharing schemes and the opportunities from the resulting security and privacy increases.

[1]https://www.cloudcomputing-insider.de/index.cfm?pid=9231&pk=8164&fk=1400096&type=gallery

[2] Original German title: “Kryptographie – die neue Generation sicherer Cloud-Services?”
https://prismacloud.eu/wp-content/uploads/2018/06/2018_Poehls_Keynote_HostingServiceProviderSummit2018.pdf

Daniel Slamanig (AIT) gave a PRISMACLOUD lighting talk in the break-out session “Foundation technical methods and risk management for trustworthy systems”. The main idea of this meeting was to bring projects in cybersecurity together and find collaboration opportunities. Daniel had the chance to discuss with many other interesting projects such as PANORAMIX, FENTEC and CREDENTIAL, get informed about the future strategy of the EC and discuss with other experts the future landscape of cybersecurity research.

Date: 5 - 7 June 2018
Place: Olympia London | Stand X141

At Infosecurity Europe 2018, AIT is showcasing its portfolio of cryptographic solutions for the cloud. Developed over recent years together with industry partners like Atos, IBM, Interoute and Etra, these solutions are driven by the increased need for security and data protection in the cloud.

A live demo of the FragmentiX secure multi-cloud storage appliance based on Archistar technology will be shown alongside the CREDENTIAL-NGPID privacy preserving identity management solution. Both solutions have been built to maximise security and privacy, and can substantially increase GDPR compliance for business customers.

What’s more, AIT helps customers to design cybersecurity solutions for cloud, IoT, big data and Blockchain through the application of next generation cryptography in a seamless manner.

In WG4, the standard ISO/IEC 19086-4 "Cloud SLA - Security and Privacy", to which we already contributed objectives covering our newly developed services (integrity protection of data in motion, anonymous and pseudonymous authentication support, and data minimisation cryptographic controls) was propagated to "Draft International Standard" level and thus will likely be published at the upcoming 27th meeting in Norway in autumn. Although PRISMACLOUD will be over then, at least two of our project partners have already established channels through their respective national bodies (i.e. Austria and Germany) and intend to continue the PRISMACLOUD mission beyond project end. We would like to thank Thomas Länger (UNIL) and Henrich C. Pöhls from (UNI PASSAU) for their support.

In WG2 we were particularly successful in Wuhan: Together with the CREDENTIAL H2020 project, we managed to secure enough international support to kick off a new "work item" for a standard covering the cryptographic technology of "redactable signatures", one of the technologies we employ to minimize unnecessary dispersion of private data. We have been working towards this goal for the last 1,5 years and now also provide one of the rapporteurs of this upcoming standard.

Beyond the mentioned activities, we could again link up and network with excellent researchers from all over the world. And visiting the metropolitan area of Wuhan, a 20 million inhabitants megacity that generates about 20% of the Chinese GDP (particularly in optical technology) was also an interesting adventure and a pleasure.