Tredisec Primitives

Atos

Atos SE (Societas Europaea) is a leader in digital services with 2014 pro forma annual revenue of circa € 11 billion and 93,000 employees in 72 countries.

Serving a global client base, the Group provides Consulting & Systems Integration services, Managed Services & BPO, Cloud operations, Big Data & Security solutions, as well as transactional services through Worldline, the European leader in the payments and transactional services industry. With its deep technology expertise and industry knowledge, the Group works with clients across different business sectors: Defense, Health, Manufacturing, Media & Utilities, Public Sector, Retail, Telecommunications and Transportation.
Atos operates under the brands Atos, Atos Consulting and Technology Services, Atos Worldline and Atos WorldGrid.

Atos Research & Innovation (ARI) is the research, development and innovation hub of Atos and it is a key reference for the whole Atos group, delivering technology innovation to our customers. Our background of 27 years participating in EC projects helps us reinforce our links with our customers by bringing research outcomes to Atos' customers and empowering our role as source of innovative ideas.

With presence in Spain, Belgium, Slovakia and Turkey, ARI performs research on emergency management, security, transport, health, technology enhanced learning, trust, identity, semantics, media, services, GIS and smart object technologies.

Atos is a founding member of the European Technology Platform NESSI (Networked European Software and Services Initiative), and is member of eSafety Forum, ARTEMIS, NEM, EOS and Nanomedicine, as well as of the Spanish platforms Logistop for Integral Logistics, eMOV for mobility, Railway, Maritime, eSEC for security, PROMETEO for embedded systems, PLANTETIC for ICT and electronics and es.Internet for Future Internet technologies. Atos is also a member of the refunded NET!WORKS ETP (industrial core group for the 5G PPP). Atos is a major partner in Future Internet-related initiatives, including industrial ones such as EFII (European Future Internet Initiative) and FIRA (Future Internet Research Alliance), as well as project-oriented groups, like the ones established by FIA, FIRE and FInES. Furthermore Atos is member of some cybersecurity initiatives, such as the International Cyber Security Protection Alliance (ICSPA), the Spanish Industrial Cybersecurity Center (CCI) and the Cloud Security Alliance (CSA).

IBM Research GMBH

IBM Research - Zurich (formerly known as Zurich Research Laboratory), with approximately 300 employees, is a wholly-owned subsidiary of the IBM Research division with headquarters at the T.J. Watson Research Center in Yorktown Heights, NY, USA. IBM Research - Zurich, which was established in 1956, represents the European branch of IBM Research.

At IBM Research - Zurich scientific and industrial research is conducted in five scientific and technical departments: Science and Technology, Systems, Storage, Computer Science, and Mathematical and Computational Sciences. Main research topics are nanotechnology, advanced server and storage technology, security, privacy, risk and compliance, computational biochemistry and materials science, chip cooling technologies, business optimization and transformation.

IBM Research - Zurich is world-renowned for its outstanding scientific achievements - most notably Nobel Prizes in Physics in 1986 and 1987 for the invention of the scanning tunneling microscope and the discovery of high-temperature superconductivity, respectively. Other key innovations include; the Trellis-coded modulation, which revolutionized data transmission over telephone lines; Token Ring, which became a standard for local area networks and a highly successful IBM product; the Secure Electronic Transaction (SET) standard used for highly secure payments; and Smartcard JavaCard™ technology.

IBM Research - Zurich is dedicated not only to fundamental research, but also to exploring and creating innovative industry and customer-oriented solutions based on several key areas including; future chip technology; nanotechnology; supercomputing; security and privacy; risk and compliance as well as business optimization and transformation. The Zurich laboratory is involved in more than 80 joint projects with universities throughout Europe, in research programs established by the European Union and the Swiss government, and in cooperation agreements with research institutes of industrial partners.

NEC Europe LTD

NEC Corporation is a leader in the integration of IT and network technologies that benefit businesses and people around the world. By providing a combination of products and solutions that cross utilise the company's experience and global resources, NEC's advanced technologies meet the complex and everchanging needs of its customers.
NEC brings more than 100 years of expertise in technological innovation to empower people, businesses and society. NEC Europe was founded in 1995 as a subsidiary of NEC Corporation and holds itself 15 subsidiary organizations all over Europe, which all build upon NECs heritage and reputation for innovation and quality by providing its expertise, solutions and services to a broad range of customers, from telecom operators to enterprises and the public sector.
NEC Laboratories Europe is a research laboratory established by NEC Europe Ltd. and is located in Heidelberg, Germany. NEC Labs Europe conducts leading research and development across IT and communications, including Future Internet, next generation fixed and mobile networks, security and privacy technologies, the Internet-of-Things, multimedia and smart energy services. NEC Laboratories Europe has provided solutions for Identity and Access Management, processing of encrypted data and for mobile device security.

Greek Research And Technology Network S.A.

GRNET is the National Research and Education Network for Greece, providing network connectivity to all universities and research centres in Greece, and also connecting the Greek academia with the GÉANT pan-European network. GRNET has also provided computational resources, first in the form of Grid computing and more recently with Infrastructure as a Service cloud computing. In particular, GRNET has developed and provides as a production service Okeanos (http://okeanos.grnet.gr), a computing and storage cloud infrastructure that services more than 6000 users providing more than 8000 virtual machines. GRNET has significant development experience, developing software for both in house needs and in the context of numerous European projects in which it has participated. It has also developed and offers a secure, verifiable, secure, e-voting platform, Zeus (http://zeus.grnet.gr) that has been used for more than 120 elections involving more than 22000 voters to date.

IDEMIA

IDEMIA is the global leader in trusted identities for an increasingly digital world, with the ambition to empower citizens and consumers alike to interact, pay, connect, travel and vote in ways that are now possible in a connected environment.
Securing our identity has become mission critical in the world we live in today. By standing for Augmented Identity, we reinvent the way we think, produce, use and protect this asset, whether for individuals or for objects. We ensure privacy and trust as well as guarantee secure, authenticated and verifiable transactions for international clients from Financial, Telecom, Identity, Security and IoT sectors.
With close to €3bn in revenues, IDEMIA is the result of the coming together of OT (Oberthur Technologies) and Safran Identity & Security (Morpho). This new company counts 14,000 employees of more than 80 nationalities and serves clients in 180 countries.

EU-Funded Cybersecurity and Privacy investment shortening the gap from research to innovation

The CSP Innovation Forum 2015 was organised by the European Commission, DG CNECT (Unit H4 Trust & Security) and the CSP Forum along 28th and 29th of April.
https://www.cspforum.eu/2015/

Over 40 top tech, EU funded, trust and security projects, including TREDISEC (Trust-aware, Reliable and Distributed Information Security in the Cloud), with focused research activities in hot topical areas such as mobile devices technologies and tools, cloud security, criptography and trustworthy network and services infrastructures are being showcased live at a major EU Innovation forum this week, were over 500 cyber security and privacy experts, project leaders, industry, academics and visionaries are also pooling their knowledge to create a safer and more secure ICT environment.

Technical Approach

Tredisec Requirements

Objectives

Objective 1

Designing novel end-to-end security solutions for scenarios with conflicting functional and security requirements

• Supporting data reduction: enabling cloud providers to perform data reduction (e.g., deduplication and compression) without compromising the confidentiality of outsourced data.
• Enabling secure data processing: focusing on new techniques that enable the processing of encrypted data in an efficient and privacy-preserving manner, guaranteeing efficient data processing that scales with large amounts of outsourced data.
• Enhancing data availability and integrity : ensuring the availability and the integrity of outsourced data against misbehaving cloud providers, allowing users to verify that, relying only on low capacity devices such as smart-phones. This entails that the verification process performed by the end-user should not be greedy in terms of either bandwidth or computation.
• Ensuring user isolation in multi-tenant systems : identifying platform and operating system primitives that provide strong isolation guarantees to individual user’s workloads, and integrate these solutions into current and future infrastructures such that it only minimally impacts their performance and efficiency.

Objective 2

Implementing a unified framework to support the orchestration of the security mechanisms in different scenarios.

• Once different security mechanisms have been designed, our ultimate goal would be to produce a realistic system where various features will work in a holistic manner.
• The integration of the newly proposed features as part of a unique architecture requires a delicate design of the various system components in order to prevent any possible incompatibilities that might arise between them.

By devising and evaluating such primitives, and the framework to orchestrate them we will foster the concepts of "security and privacy by design", which in turn will provide strong incentives for small and medium businesses to securely store and process their outsourced data in the cloud.

Arquitecture

Architectural concept

Figure 1 High-level diagram of the TREDISEC architecture

TREDISEC aims to design, implement and deploy a set of security properties and solutions (in the form of security primitives) related to security and privacy in cloud (e.g. secure storage, access control, secure deletion, etc.). More in particular, the core feature of the proposed security primitives is that they do not only preserve the security and privacy of providers and TREDISEC users but also improve efficiency and cost effectiveness of the cloud systems where they are deployed.

Initially, there were identified three different architectures that we could use for providing security for the Cloud: security-as-a-service, end-to-end security and an hybrid approach as a combination of both. After analysing these approaches we thought end-to-end security is the best strategy in order to increase the security of the systems so they are the basis for the security primitives to be designed and developed in the project and provided by the TREDISEC Framework.

The TREDISEC Architecture has been designed in order to fulfil all the requirements identified in the first stage of the project while providing user-friendly functionalities for the creation, management and use of the security primitives.

The TREDISEC Framework

The TREDISEC Framework is a component that allows the creation, use, management and deployment of security primitives in a target cloud. It provides an online packaging of security primitives to be used by the different roles identified (End-User, Security Expert Engineer, TREDISEC Framework Administrator and the Security Technology Providers) together with tools for specific functionalities (e.g. user interface for managing it, testing and deployment component for testing the security primitives and do their deployment, etc.).

Figure 2 TREDISEC framework: architectural components and users

The framework offers three operational modes: development, maintenance and provisioning. The first covers the design, development and testing of the security primitives along its lifecycle (from security primitive pattern to TREDISEC Recipe), the maintenance mode covers the functionality and lifecycle of the update, refining, extension, etc. of the different artefacts of TREDISEC. Finally, the deployment phase covers the functionality and lifecycle of the TREDISEC Recipes into the target cloud.

Figure 3 TREDISEC framework: operational modes

Security Primitives

Figure 4 Security Primitives architecture

There are different phases associated to the security primitives from their initial design and definition till they are deployed into a cloud system, the so-called Security Primitives Lifecycle depicted in Figure 5. Two roles interact mainly in this lifecycle: the security expert engineer and the security technology provider.

Figure 5 Security Primitives Lifecycle

The initial and basis artefact, the security primitive pattern, is created by the security expert engineer using the TREDISEC Framework, her expertise, knowledge, and security and performance cloud information. This way she creates a security solution for a cloud system (together with performance capacities) and stores it in the repository of the security primitives of the framework.

Following, the security technology provider obtains a security primitive and provides an implementation along with specific information of the implementation (refining information already provided by the security technology provider about the solution but in a more high-level) and also information of the cloud system where this security primitive is targeted to. The result of this process is the security primitive implementation, which is also stored in the repository of the TREDISEC Framework. Next, this artefact is tested in the testing environment, which reproduces the cloud system, characteristics and requirements of the targeted cloud system where the security primitive will be used, and the security technology provider updates and refines it. Also, if necessary, the security technology provider can send feedback to the security expert engineer if an update is necessary at a higher level.

Finally, when the security primitive implementation has been tested it is stored in the TREDISEC Framework as a TREDISEC Recipe, which not only contains the implementation of the security primitive but also information for deployment, requirements, etc. in the targeted cloud.

Official Project Launch Press Release (ENG)

TREDISEC has been present in the Cloud World Forum set 24th / 25th June in London, as a courtesy of CSP Forum

The Cloud World Forum event has been taken place at the Olympia Grand in London between 24-25 June and has this year grown its audience and floor plan by 30%.

Cloud World Forum is EMEA’s largest Cloud expo. Thousands of delegates come from more than 70 countries around the world to meet the industry’s leading solution providers. Now celebrating its seventh year, the show gathers the pivotal payers of the Cloud revolution and features 16 content theatres. More than 300 speakers from multinationals, SMEs, public sector organisations, online players, regulators, telcos and analysts are set to take the floor in engaging, thought-provoking keynotes, hands-on labs, brainstorming sessions and live demos over two days.

TREDISEC has been present in this event by courtesy of CSP forum, that has offered its space to exhibit flyers of the project.

Official Flyer TREDISEC

Several members of the TREDISEC consortium are going to participate in the 1st Workshop on Security and Privacy in the Cloud

From 28th to 30th of September 2015, it will be held the 1st Workshop on Security and Privacy in the Cloud in Florence, Italy, in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015).

The goal of this workshop is to bring together researchers and practitioners who are interested in discussing the security, privacy, and data protection issues emerging in cloud scenarios, and possible solutions to them.

The workshop seeks submissions from academia, industry, and government presenting novel research, as well as experimental studies, on all theoretical and practical aspects of security, privacy, and data protection in cloud scenarios.

Several members of the TREDISEC consortium will attend to this workshop as Program Chair, (Elli Androulaki, IBM Research), and as part of the Program Committee (Ghassan Karame, NEC Labs; Florian Kerschbaum, SAP and Melek Önen, EURECOM).

TREDISEC is a leading project in research, development and innovation in security in the cloud, and has involved some of the leading european experts in this field. NEC Labs, SAP, and EURECOM are recognized researchers, well-positioned in the current state-of-the-art advances that has brought the boost of cloud environment for IT sector.

For more information: http://www.zurich.ibm.com/spc2015/

TREDISEC participates in the e-Democracy 2015 conference

The 6th International Conference on E-Democracy (e-Democracy 2015, http://www.edemocracy2015.eu), will take place in Athens, Greece, 10-11 December 2015, with a special session on research conducted within European R&D projects related to e-Democracy and e-Participation, e-Government, Security, Privacy and Trust, e-Crime, e-Fraud and Digital Forensics.

In this special session, each participating project can present its main research challenges&results in a short presentation and with a poster which will be exhibited in or near the conference room.

Participating projects will also be invited to submit an extended abstract of 2 pages, that will be published in e-Democracy 2015 conference proceedings.

Atos has published "enabling trusted European cloud"

Atos has published "enabling trusted European cloud", a document that aims to clarify those fundamental issues that affects cloud developments in Europe, and reassure potential cloud customer that there are ways of steering through them.

It proposes a roadmap in which all parties, including customers, need to be involved to achieve a vibrant and successful cloud environment that is fit for the European purpose.

Atos throurh ARI (Atos Research&Innovation) has run a number of projects that contribute to the concept of Trusted European Cloud. They have run many projects, many supported by funding from the EC, that span security, privacy and cloud.

TREDISEC appears as one of these projects, mentioned in page 34. TREDISEC is focused on research about securing data access in multi-tenant storage systems.

D1.5. Innovation Strategy and Plan

This document establishes the strategy, processes, milestones and role assignments to ensure an innovation-driven research and development in the TREDISEC project.

D7.1. TREDISEC Public Website

This document accompanies the website to present it, in its current state, and summarises the Web technology that empowers the TREDISEC public website, its design and content structure.

Available the ICT2015 networking session with the collaboration of TREDISEC

Atos Spain will chair a networking session in the event of reference ICT 2015, organized by European Commsion to promote the knowledge of technological research financed with european funds. the selected projects are TREDISEC; WITDOM and PRISMACLOUD, will be discussed the following topic : "Key challenges in end-to-end privacy/security in untrusted environments".

Currently it´s available the networking session schedule with all details int the website of the event:

https://ec.europa.eu/digital-agenda/events/cf/ict2015/item-display.cfm?i...

There will be three talks given by three speakers, one for every project, that will deal with a specific key challenge related to the main topic.
Ghassan Karame, (NEC laboratories), well-known expert on the subject of the debate will attend from TREDISEC and give the talk titled: “Data protection versus storage efficiency and multi-tenancy”

In Ghassan´s words, the talk approach would be: “Implementing existing end-to-end security solutions unfortunately cancels out the advantages of the cloud technology such as cost effective storage. We will talk about the challenges resulting from the combination of security, functional and non- functional requirements such as storage efficiency and multi-tenancy.”

ICT 2015 networking session: “Key challenges in end-to-end privacy/security in untrusted environments”

The H2020 projects WITDOM (www.witdom.eu), TREDISEC (www.tredisec.eu) and PRISMACLOUD (www.prismacloud.eu), addressing to the H2020-ICT-2014-1 call, organize a joint networking session at the ICT 2015 – Innovate, Connect, Transform event, held on October 22nd 2015 at 14:50CET in Room 8 of Centro de Congressos de Lisboa, Lisbon (Portugal). The joint networking session will discuss challenges to both security and end-users´ privacy when outsourcing data to untrusted environments, such as privacy protection, integrity, data storage efficiency or multi-tenancy.

The networking session organized by WITDOM, TREDISEC and PRISMACLOUD is also supported by the project WISER (www.cyberwiser.eu) from the call H2020-DS-2014-1, acting as conductor of the session.
Mr. Nick Ferguson from Trust-IT Services and coordinator of the EC-funded CloudWATCH2 project, will set the stage with a presentation focussing on the key challenges related to the cloud. These challenges will be later presented by recognized researchers in the field to discuss where the trends are moving. Finally, a questions and answers slot is offered to interact with the audience about the proposed topics.

Presentation 1: “Cloud challenges to high-demanding privacy scenarios.” Abstract: “Distributed environments, in particular cloud ones, are generally perceived as being untrusted for storing sensitive personal data. Unless specific data protection measures are implemented, Cloud Providers and malicious parties could gain access to such data and make an unlawful use of them, beyond the specific context of explicitly authorized purposes. In case of scenarios with high-demanding privacy needs (such as eHealth or financial data), moving operations to the cloud requires the provisioning of strict guarantees to all involved parties, in full compliance with the law and according to state-of-the-art technology and best privacy-by-design and cloud security practices. In this talk some of these privacy challenges will be presented, as well as some approaches to overcome them.”
Speaker: Nicolas Notario McDonnell (Atos). Project WITDOM.

Presentation 2: “Verifiability and Authenticity of Data and Beyond” Abstract: “In this talk we discuss aspects related to reliably checking that third party infrastructure (i.e., the cloud) behaves as expected when storing and processing data. The focus is on cryptographic measures that ensure and sometimes even enforce honest behaviour and at least allow cryptographically holding the cloud accountable when it deviates from the expected behaviour.”
Speaker: Mr. Henrich C. Pöhls (Passau University). Project PRISMACLOUD.

Presentation 3: “Data protection versus storage efficiency and multi-tenancy” Abstract: “Implementing existing end-to-end security solutions unfortunately may reduce the advantages of the cloud technology such as cost effective storage. We will talk about the challenges resulting from the combination of security, functional and non- functional requirements such as storage efficiency and multi-tenancy.”
Speaker: Ghassan Karame (NEC). Project TREDISEC.

D7.3. Communication Strategy and Plan

In the framework of the Horizon 2020 Program, the EU proposes and demands that supported research projects reach society, promoting their value and the benefits derived from the technological and scientific activity through public funding returned to society.
In short, communication and dissemination have become a key asset for their strategy research projects. It is necessary to show how European innovation and research projects are contributing to an “innovative European Union”, and at the same time, which type of projects are funded and what the results of such an investment are.
The main purpose of deliverable D7.3 is to describe the Communication Strategy of TREDISEC, to give visibility to the entire process and evolution of the project, as well as to its major achievements.
This report includes a social and economic context about cloud security, and breaks down the pursued objectives, defining a set of indicators to measure the grade of achievement.
Following, the document identifies the target groups, and defines the key messages that will be the foundation and guidelines of each communication action. These key messages are exposed from different points of view. Once our audience and the dedicated key messages are defined the deliverable describes the tools we are going to use to disseminate the selected messages among the audience.
Finally, an action plan is shown, with specific actions for each year of the project defined according to the stated objectives. The proposed schedule is aligned with the Horizon 2020 guidance.

Soon 1st TREDISEC General Assembly

The first project General Assembly will take place at Eurecom's premises in Sophia-Antipolis (France), on the 19th and 20th of November. This face-to-face meeting will gather Tredisec partners to report on the progress of the different work-packages, discuss upcoming tasks and deliverables, and revisit the overall management, innovation and communication strategy of the project.

Logical Partitions on Many-Core Platforms

The paper is related to the work conducted by ETH in work package 4.

Abstract

Cloud platforms that use logical partitions to allocate dedicated resources to VMs can benefit from small and therefore secure hypervisors. Many-core platforms, with their abundant resources, are an attractive basis to create and deploy logical partitions on a large scale. However, many-core platforms are designed for efficient cross-core data sharing rather than isolation, which is a key requirement for logical partitions. Typically, logical partitions leverage hardware virtualization extensions that require complex CPU core enhancements. These extensions are not optimal for many-core platforms, where it is preferable to keep the cores as simple as possible.
In this paper, we show that a simple address-space isolation mechanism, that can be implemented in the Network-on-Chip of the many-core processor, is sufficient to enable logical partitions. We implement the proposed change for the Intel Single-Chip Cloud Computer (SCC). We also design a cloud architecture that relies on a small and disengaged hypervisor for the security-enhanced Intel SCC. Our prototype hypervisor is 3.4K LOC which is comparable to the smallest hypervisors available today. Furthermore, virtual machines execute bare-metal avoiding runtime interaction with the hypervisor and virtualization overhead.

Some Applications of Verifiable Computation to Biometric Verification

Publication related to WP3

Abstract

Spurred by the advent of cloud computing, the domain of verifiable computations has known significant progress in recent years. Verifiable computation techniques enable a client to safely outsource its computations to a remote server. This server performs the calculations and generates a proof asserting their correctness. The client thereafter simply checks the proof to convince itself of the correctness of the output. In this paper, we study how recent advances in cryptographic techniques in this very domain can be applied to biometric verification.

Use Case 1: Enhance Storage Efficiency Securely

Partner: GRNET
Overview
To provide secure cloud services to its users, a cloud provider needs to cater for both end-to-end security, which covers the transfer of data between the user and the cloud provider, and data-at-rest security, which concerns the security of the data stored in the cloud provider premises. Encryption can provide proven solutions to both. At the same time, storage efficiency in multi-tenancy environments can be enhanced by mechanisms such as deduplication, which reduces the storage cost by allowing users to share same pieces of data, without the users being aware of the underlying mechanisms. Ideally we would like to combine encryption with multi-tenancy; however, well encrypted data will not exhibit any common pieces that can be leveraged by deduplication mechanisms. Therefore, GRNET requires a mechanism which provides data security features while supporting multi-tenancy in the cloud. The process must be simple but also secure enough for the end-user so that cloud use becomes both practical and trustworthy.

Business Context
GRNET operates, at a production level, a fully functional cloud Infrastructure as a Service (IaaS) called ~okeanos. The ~okeanos service offers both computing and storage resources on demand to thousands of users. As the number of users increase, in tandem with their needs, it becomes imperative to handle resources such as storage more efficiently. An obvious solution is to adopt deduplication techniques for all kinds of data. However, this entails computational cost; moreover, it is not yet clear how to couple deduplication with increased security guarantees, such as those offered by strong cryptography, in a multi-tenant environment.

Technology Context
GRNET offers its cloud services via the open source Synnefo cloud management stack, developed by GRNET. Interaction with Synnefo is done through a well-defined, OpenStack-compatible API. Unfortunately, deduplication and encryption are currently beyond the scope of OpenStack. For online file storage (as opposed to block or volume storage), GRNET already offers deduplication for files, using content-addressable storage. However, there is, as of yet, no fully-fledged deduplication solution for all kinds of data; additionally, there is currently no solution offering the combination of deduplication with end-to-end and data-at-rest security.

Expected Outcomes and Contribution of TREDISEC
GRNET would like to achieve stronger data isolation to enforce the access control against unauthorized physical data access in the cloud scenario. As with Use Case 1, GRNET expects to combine its own engineering strengths with the research excellence of the TREDISEC partners so that novel encryption in multi-tenancy solutions can be brought into a production environment.

Use Case 3: Optimised WebDav service for confidential storage

Partner: ARSYS
Overview
As many people share data over the Internet and WebDav is one of the most popular protocols to access shared storage services, the target of this use case is to provide equivalent level of service to those users who would like to store and share the encrypted version of their sensitive data. Thus, sharing access among multiple users to co-browse and co-edit the files (share resources in a multi-tenant setting), and ensuring confidentiality via encryption while keeping performance of the service in terms of storage efficiency by applying technologies such as data deduplication on encrypted files will be the core challenge of this use case.

Business Context
As a differentiator from all the different cloud storage business solutions offered in the international markets, the target of this use case is to provide Arsys cloud storage service with multi-tenancy access control and end-to-end data encryption, without compromising service efficiency and performance. Having these characteristics would provide a clear advantage against the rest of competitor solutions. In this use case, for the shared storage service, Arsys will incorporate TREDISEC multi-tenancy access control, data encryption and storage efficiency to its WebDav access service.

Technology Context
Currently Arsys uses GlusterFS as Cloud Storage, with four nodes constituting a storage cluster. All components of the storage cluster (servers, network connections and files) are redundant in order to avoid any single point of failure and to minimize downtime. Customers access their files through WebDav protocol over HTTPS, thus all information accessed over the Internet is encrypted. However, the storage cluster supports neither data encryption nor deduplication over encrypted data.

Expected Outcomes and Contribution of TREDISEC
The motivation of this use case is built upon three pillars: (i) enabling customers with multiple tenants to manage access control and share resources (this includes tenants with more than one user, where users have different permissions); (ii) enabling encryption to guarantee data confidentiality for the cloud storage; (iii) enhancing cloud storage efficiency over duplicated data. It is challenging to satisfy all three requirements at the same time. ARSYS expects that the outcome of TREDISEC will help to build a complete solution.

Use Case 5: Secure Upgrade of Biometric Systems

Partner: MORPHO
Overview
The use case describes the outsourcing of major updates on biometric databases. This use case is typical of biometric systems. A major accuracy update requires reprocessing the raw images to enable the new algorithms. This process usually takes time (e.g., several months) and requires in-house hardware. Thus, the perspective delegation of such computations to the cloud seems appealing. However, for privacy reasons, outsourced biometric data should be encrypted. Therefore, the use-case raises the issue of applying update algorithms over encrypted biometric data.

Business Context
The storage of biometric data is at the core of biometric systems. Managing big identity databases composed of millions of records is by itself cumbersome, but a lot of technical and privacy concerns are added when databases store biometric data. In particular, privacy concerns often preclude outsourcing computations on biometric data. The current practice is to not outsource the computation over biometric data at all. On the other side, encrypting biometric data supplies data privacy, but precludes the ability to compute over the data. As a result, efficient solutions for delegating processing over encrypted biometric data would supply clear advantages over current solutions.

Technology Context
Algorithms using biometric data regularly evolve, as well as the formats under which the biometric data are stored. As a result, biometric systems sometimes need major upgrades, meaning that the stored biometric data must be processed in order to be compatible with the new formats and algorithms. Biometric data cannot be processed by an external cloud system for privacy reasons. As a result, the current solution prohibits the outsourcing of system upgrades. The use-case introduces a model that allows outsourcing the processing of biometrics data. According to this model, a pre/post-processing entity is deployed in a private cloud environment and a cloud update server is deployed with a public cloud provider. The pre/post-processing entity lies between the biometric database and the cloud, ensuring first the outsourcing of the system upgrades, and then the integration of the result supplied by the cloud.

Expected Outcomes and Contribution of TREDISEC
In order to outsource the computation over sensitive biometric data, MORPHO expects that the outcome of TREDISEC will provide privacy-preserving primitives for processing biometric data. More specifically, the encryption primitives should be compatible (and efficient) with the signal processing operations to be carried out on the raw biometric images. Additionally, if the cloud server were able to prove that the process over encrypted biometric data has been correctly performed, it would ensure that the biometric data are correctly updated once integrated in the biometric system. From a business perspective, such solutions provided, built upon the technologies brought by TREDISEC, would significantly decrease the overall time and cost of biometric systems upgrades.

Welcome to the TREDISEC blog!

Welcome to our Blog!

We are living a fascinating moment in what concerns Security in the Cloud, and we would like to share it with you.

There are plenty of evidence of how Cloud market will grow in 5 years, becoming a very important source of employment and economical benefits for the citizens and businesses across the European Union. But at the same rate that Cloud market grows, the challenges for Security and Privacy increase as well.

TREDISEC is a three years duration project, co-funded by the European Comission as part of the Horizon 2020 EU Research and Innovation programme. The project started on April 2015 and its main purpose is to provide an innovative solution that addresses an ambitious research challenge: let functional Cloud requirements (e.g. efficient storage, multi-tenancy) and non-functional security requirements (confidentiality, integrity, access control) live together in a secure and trustworthy Cloud ecosystem.

From this window to outside, we would like to keep you updated about TREDISEC advances.
But this is not only about us.
We will talk about other research initiatives and FP7/H2020 projects with similar and complementary goals too.
If you are interested in Cloud Security, we aim to be a space to look at as the new advances happen.

We have a long way in front of us... and we invite you to walk alongside us :)

TREDISEC at ICT 2015

Atos organized a networking session in the ICT 2015, supported by H2020 projects: WITDOM, TREDISEC, and PRISMACLOUD.

ICT is one of the most relevant events organized by European Commission to promote projects financed by european funds, that research last technological advances beyond the state-of-the-art.

The session entitled "Key challenges in end-to-end privacy/security in untrusted environments" was chaired by Silvana Muscella, CEO & founder of Trust-IT, with a recognized career in ICT communication & business.

Next, Nicolas Notario, member of WITDOM project, Henrich Pohls (PRISMACLOUD project) and Ghassan Karame (TREDISEC project), took over the session, and each of them showed a specific challenge about cloud security.

The further discussion with the audience unveiled audience concerns. It was remarkable the animated discussions about informed consent, and the ethic conflicts derived from the legal loopholes associated to them.
No doubt that privacy and security in cloud will be fully a main topic of debate next years, due to the growth of cloud services, and resulting consequences in data protection.

For more details, here you have the presentations given by the speakers:

What objectives does TREDISEC pursue?

TREDISEC aims at contributing to enhance the security and privacy of existing cloud technologies, while keeping efficiency and cost levels stable.
Currently, when we introduce an improvement in the security of cloud storage, it comes at the expense of higher costs, and lower efficiency results.

TREDISEC encompasses both functional and non-functional demands, and has the ambition to design mechanisms that satisfy security and functional requirements at comparable level.

What is the budget of the project?

TREDISEC has a budget of around 6,5 million €, out of that the European Commission funds around 4,4 million €. The budget is used mainly to cover personnel costs of the entities that take part in the project, to conduct research, develop new innovative technologies, and test them in realistic evaluation scenarios. But also, to manage the project, foster collaboration and regularly disseminate the achievements, and make a technology transfer assessment that turns into a realistic strategy for the exploitation of results, either individually or jointly, by the members of the consortium.

What is the innovation potential of the security technologies that TREDISEC will develop?

Most existing solutions are not suitable for the market because they either provide security at the expense of the economy of scale and cost effectiveness of the cloud (e.g. data is encrypted before being outsourced, which prevents any computation to be performed in the cloud), or they meet the latter objectives at the expense of security (e.g., data deduplication and compression optimally use the resources of the cloud provider but require the customer to blindly trust its cloud provider).

The main aim of TREDISEC is to bridge this gap by developing tools and systems to address these shortcomings and to enhance the confidentiality and integrity of data outsourced to the cloud without affecting functionality, and storage efficiency.

From a practical standpoint, the ambition of this project is to develop systems and techniques that make the cloud a secure and efficient place to store data. We plan to step away from a myriad of disconnected security protocols or cryptographic algorithms, and to converge instead on a (possibly standardized) single framework where all objectives are met to the highest extent possible.

Which are the major milestones of TREDISEC?

• MS1: Use cases and scenario context definition due at M6 (September 2015).
• MS2: Consolidated requirements and architectural models due at M12 (March 2016).
• MS3: Design of the security primitives and framework due at M20 (November 2016).
• MS4: Implementation of the security primitives and the framework due at M30 (September 2017).
• MS5: Deployment of the Use Cases Evaluation environment due at M33 (December 2017).
• MS6: Final evaluation of TREDISEC due at M36 (March 2018).

TREDISEC at the ICT 2015 event: a newby's experience

The beautiful and sunny city of Lisbon hosted the past 20, 21 and 22 of October , the ICT (Innovate, Connect and Transform) 2015 event, organised by the European Commission, aiming at reaching all representatives of research, politics, industry, start-ups, investors, academia involved in ICT topics.

The event attracted more than 5,700 participants to the Centro de Congressos de Lisboa and TREDISEC was present there too. Our first impression was a really efficiently organised registration process, which facilitated attendants entering the venue with a big smile on face.

Diverse parallel activities were schedulled, structured along the following tracks:

• A main plennary conference presenting the new European Commission’s policies and initiatives on Research & Innovation in ICT (Horizon 2020 Programme); followed by multiple Work Programme 2016-2017 thematic sessions with detailed information on the funding opportunities in ICT sector;
• a huge interactive exhibition showcasing the best results and impact of most recent European ICT Research & Innovation;
• the Startup Europe Forum, featuring EU policy actions for startups and SMEs, innovators, as well as for private and public investors.

Besides these activities, the event facilitated networking opportunities for making Research and Innovation connections, exploiting natural synnergies, and promoting high quality partnership for potential future collaboration.

After two days attending illustrative plennary conferences, panel debates on hot topics, visiting exhibition stands showcasing clearly innovative initiatives and their impressive results, and participating in crowded networking sessions, on the last day of the event TREDISEC had its moment!



The networking session entitled "Key challenges in end-to-end privacy/security in untrusted environments", organised jointly by projects TREDISEC, WITDOM and PRISMACLOUD, was schedulled for the last slot of the last day of the event. That, a priori, was a drawback for us in order to engage as many people as possible. To overcome that, we tried to advertise the session as much as possible during the previous 2 days, distributing flyers of the project and notices with the session agenda and content in every opportunity we had.



Finally, D-Day H-Hour arrived and everything was set for both the chair (Silvana Muscella, CEO & founder of Trust-IT) and the team of presenters:

• Nicolas Notario from Atos, member of WITDOM project;
• Henrich Pöhls from Passau University, representing PRISMACLOUD project;
• and Ghassan Karame from NEC Europe, our partner from TREDISEC project, who presented one of the project's innovative key points: Data protection versus storage efficiency and multi-tenancy.



Despite the bad timeslot allocated for us, during the first 10 minutes we witnessed with great joy how the small room was getting packed and packed :). We had prepared a networking session attendee pack which included one promotional flyer of each of the organizing projects, the agenda and summary of the talks schedulled, and a form for posing questions, including the complete list of means available to contact us. We quickly ran out of them!

The entire session was recorded on video, including the Question and Answer part. Besides the relevant questions made by the chair Silvana to the presenters (e.g. "With WITDOM’s approach, up to what level is necessary the collaboration of the cloud infrastructure provider?", "Why do you think that the model of trusting the cloud service providers is not suitable?" or "What gaps do you plan to fulfil within TREDISEC and where will you make a difference in the innovation?"), the Q/A session turned to be a very dynamic and interesting exchange of positions between the speakers and a really committed audience.



Both the complete video recording and the individual presentations can be downloaded from here.

All in all, the session was a great success and we feel very happy with the results of this activity. It not only served as a way to promote the TREDISEC project in general and its inherent innovative character, but also help us finding more about the approaches adopted by others in dealing with related (even similar) security challenges in the Cloud. In the end, making the Cloud a secure and efficient place to store and process data is a joint effort, and it will surely have an impact in existing businesses and generate new profitable business opportunities.

test

Post in arsys blog about Codemotion, and presentation of TREDISEC project

Arsys, partner belonging to the TREDISEC project consortium, has published in its blog a post talking about CODEMOTION, one of the biggest events for developers, set in Madrid.

TREDISEC project will be presented in this event, introduced by Olof Sandstrom, Arsys Manager Operations, as an EC initiative that has as objective the development of procedures and technological solutions that combine security, efficiency, and technical functionalities, making easier cloud adoption among european enterprises.

Complete Arsys post here (text in spanish): http://www.arsys.info/eventos/codemotion-el-mayor-evento-sobre-programac...

The 1st TREDISEC General Assembly was set in Sophia Antipolis last 19-20 November

On 19th - 20th November TREDISEC consortium got together in order to report on the project status and progress of the managerial/administrative, financial, technical and dissemination/communication activities carried out in the past 8 months.

Attendants presented the work conducted in the different work packages, advances and deliverables submitted.

Besides, next steps were decided according to roadmap designed for the project.

The meeting hosted in Sophia Antipolis by EURECOM.

Collaborations

D2.2. Requirements analysis and consolidation

The objective of the TREDISEC project is to develop tools that enhance the confidentiality and integrity of the data and computations outsourced to the cloud. While a number of solutions already address some cloud security problems, the new TREDISEC framework will be designed to integrate various security primitives into a unified framework without sacrificing the scalable advantages of cloud computing.

The purpose of this deliverable is to explore the various functional and non-functional requirements (including security and privacy requirements) of cloud storage and computation systems and identify not only the most relevant ones but also those which may not be met simultaneously. With this aim, the following methodology has been applied:

• The six representative TREDISEC use cases have been analysed and a complete set of functional requirements is derived: these requirements must basically be fulfilled for the correct operation of the cloud system. On the other hand, the major security and privacy requirements of these use cases are also highlighted targeting the protection (privacy and integrity) of storage and computation operations.

• Since the description of the use cases and the derived security requirements are high-level, the deliverable further focuses on the different primitives the project aims at designing (in WP3, WP4 and WP5): Once the dedicated security and privacy requirements are defined the document explains how these requirements affect the functional requirements and specify the ultimate (and sometimes conflicting) TREDISEC requirements which basically combine one security requirement with one or several functional requirements.

• As the final target of the project is the development of a unified framework (WP6) integrating the different security primitives, this document also outlines the requirements with respect to the architecture of the framework that will help TREDISEC developer and administrators to choose the most convenient architectural approach and specify technical details. These requirements are differentiated with respect to their technical, business, and quality nature.

Thanks to the specification of the requirements combining security and operational aspects, the TREDISEC project is now moving into the design of the various security primitives (WP3, WP4 and WP5) and further into the orchestration of these individual modules.

TREDISEC: Towards Realizing a Truly Secure and Trustworthy Cloud

Article entitled "TREDISEC: Towards Realizing a Truly Secure and Trustworthy Cloud" has been published in issue no. 104 (corresponding to January 2016) of the magazine ERCIM News, in the section devoted to present Research and Innovation initiaves.

The article is a joint work of the project consortium and authored by Beatriz Gallego-Nicasio (ATOS), Melek Önen (EURC) and Ghassan Karame (NEC), and presents an overview of the project, its main research and innovation challenges and an outline of the validation approach that is going to be followed.

The issue is published online at http://ercim-news.ercim.eu/en104 and can be also download as PDF or EPUB formats:
http://ercim-news.ercim.eu/images/stories/EN104/EN104-web.pdf
http://ercim-news.ercim.eu/images/stories/EN104/EN104.epub

TREDISEC: 10 months later

Problem context

End-to-end security comes at odds with current functionality offered by the cloud. Existing state of the art solutions completely give up one requirement for the other. End-to-end security aims to endow the users with full control over their outsourced data, but cloud service providers may not be able to efficiently process clients' data, nor may they be able to take full advantage of cost-effective storage solutions which rely on existing deduplication and compression mechanisms.

Another important point that should not be overlooked when designing security mechanisms for cloud systems is their integration into a single framework. Typically, a security primitive is devised for a single use-case and/or a specific application. Although such a design approach may reduce the complexity of the solution, it may lead to situations where security primitives are incompatible to the point that they cannot be implemented using the same interface or the same framework.

Progress towards the objectives and advance beyond the state of the art

During this reporting period, the TREDISEC consortium partners have been focusing in designing novel end-to-end security solutions for scenarios with conflicting functional and security requirements, using as bases the representative scenarios and use-cases defined by the end-user partners. We first had to identify the functional requirements that are crucial to the cloud business and explore non-functional requirements such as storage efficiency and multi-tenancy. Next, we had to analyse the conflicts between these requirements and security needs in order to develop new solutions that address these shortcomings and enhance security. Moreover, state of the art mechanisms and solutions have been analysed thoroughly in technical work-packages (WP2, WP3, WP4 and WP5). In particular, some partners of the consortium have already achieved the following advances:

• devise new primitives to support data confidentiality and data deduplication, including the analysis of its compatibility with Proof of Ownership (PoW) mechanisms;
• actively analyse the state of the art with respect to searchable encryption, secure biometric computations, and possible parallel computation and migration mechanisms;
• describe mechanisms for an optimized storage of encrypted data based on the analysis of historical or anticipated SQL queries;
• conduct a thorough survey on the state of the art on verifiable storage, verifiable computation and verifiable ownership topics in order to identify the TREDISEC specific requirements have been conducted;
• proposed a new security model for outsourced proof of retrievability;
• propose a study on the possibility of applying verifiable computing techniques to biometric comparison;
• investigating approaches to vulnerability discovery and isolation in file systems that are used to provide storage for cloud services;
• proposed a novel mechanism which enables the emerging many-core processor architectures to provide secure isolation properties for cloud platforms and especially IaaS deployments.

The design of the TREDISEC framework which efficiently integrates the required security primitives, without incurring extra processing and storage cost at the cloud service providers or end-users, has been also a key activity during these last months. The ultimate goal of the TREDISEC framework is to facilitate the orchestration of different security primitives deployed into real cloud systems.

A first architectural model of the framework has been outlined, taking into account business, quality and operational requirements, since it should support a range of stakeholders (e.g. security administrators, developers, or cloud system engineers) and target cloud offerings.

By using the framework, security primitives can be tested in isolation or combined with others, in order to produce pre-packaged security solutions ready to be deployed, which are guaranteed of being free of incompatibilities, but also should permit cloud system engineers and security experts to select, according to their own system needs, the functional and non-functional (security and privacy) requirements they wish TREDISEC to fulfil.

Summary of work performed and main achievements

Since the project kick-off, on the 1st of April, until the 31st of December 2015, which spans from M1-M9 according to the project plan, the activities performed by the TREDISEC consortium can be structured along the following lines of work:

• Launching of the project and setting up the different procedures (quality, reporting, risk management, document/output storage and management, deliverable quality review, etc.), management structure, guidelines and supporting tools to enable a seamless and fruitful collaboration among the consortium partners, in order to achieve the project objectives and develop the work promised in the DoA according to the schedule. This has been described in a deliverable document released by M3, entitled “D1.1 Project Quality Assurance Plan”.
• Definition of the Innovation strategy for the project and agree on a plan to implement and deploy it within the existing project structures. This consisted in identifying the project key innovation points and specifying “innovation-related activities” such as monitoring, emergency plans, or take-up activities, definition of a framework for assessment of the project innovation health level and strategies to identifying and acquiring feedback from different entities and communities to better align the project results with users’ expectations. This has been described in a deliverable document released by M3, entitled “D1.5 Innovation Strategy and Plan”. In the last quarter of the period, a first innovation check has been done by the Innovation Director (from NEC) with the work-package leaders in relation to the identified key innovations of TREDISEC. The result was that, so far, there are no identified threats in the market to the expected TREDISEC innovations.
• Definition of a common project strategy for dissemination and communication of project advances and results, to set the base-line for individual partner’s activities, in order to reach the maximum impact possible. The strategy is accompanied with a plan that establishes a series of activities to promote the project along its entire duration, as well as a complete set of graphical material that supports these activities. The graphical material entails the project branding (i.e. logo, colour code, templates for documents, a poster and a promotional brochure/flyer); the project website (www.tredisec.eu) online since M2, is publicly accessible; this website is considered as the main point of contact from externals and as the first means for dissemination and communication of project advances and regular achievements (the website constitutes a deliverable and is described in the accompanying document “D7.1 TREDISEC public website”); social media accounts (i.e. dedicated LinkedIn group and twitter account); infographics ( within this period, one infographic has been made available through the website); and press releases and campaigns, to promote the project official start and the networking session at the ICT 2015 event, which TREDISEC was co-organised and where there was a scheduled talk about one specific project line of research. The communication and dissemination activities are grouped into phases, each one focusing on the promotion of certain aspects of the project, with customized key messages and targeting different type of audience (i.e. scientific, research, industry, citizens, public administration, policy-makers, etc.), making use of the most appropriate channel in each case. The dissemination and communication strategy and the associated implementation plans have been defined in two deliverable documents “D7.2 Dissemination plan” and “D7.3 Communication strategy and plan” respectively, both released in M6.
• Launching of the technical work-packages devoted to the research and development of the security primitives. Each of these work-packages, namely WP3, WP4 and WP5, focus in analysing first the different conflicts that may arise, when trying to satisfy at the same time cloud functional requirements (e.g. efficiency, reduced costs) while providing security guarantees (e.g. confidentiality, integrity); and second, researching on different schemes and primitives that overcome those conflicts.
• Description of the context scenarios and specification of the use cases that will be used to drive the technical developments and evaluate the project results. Four partners of the project (SAP, GRNET, ARSYS and MORPHO) described their context scenarios and use cases, which will be used in the project with two purposes: (i) to elicit a series of end-user requirements that will influence the design of the TREDISEC framework architecture and the security primitives developed in the technical work-packages (i.e. 3, 4 and 5); and (ii) to set up the context for the evaluation activities that will take place in the last year of the project in the context of WP6. The descriptions have been compiled into a deliverable document released by M6, entitled “D2.1 Description of the context scenarios and use cases definition”, which constitutes the achievement of the first project milestone: “MS1: Use cases and scenario context definition”.
• Specification of the requirements for the TREDISEC framework and the security primitives. As indicated in the previous point, the use case scenarios propose a series of requirements for TREDISEC technical activities from the user point of view. Besides these, the actual technological challenges the project aims to face, that is the lack of practical solutions that enable combining efficiency and security aspects in current cloud solutions, are also a source of requirements for the TREDISEC developments. All these requirements are listed and a trade-off analysis is described in a deliverable document entitled “D2.2 Requirements analysis and consolidation”, released in M9.
• Outline a proposal of architectural model for the TREDISEC framework, taking into account the requirements identified in Task 2.1. This first draft analysed first, various state of the art reference architectures of cloud systems, and second, proposed an approach that permits combinations of security primitives holistically working together in a range of cloud-based settings.
• Conduct an Initial prospect of the market and identification of suitable commercialization options for the TREDISEC outputs (i.e. the framework and the security primitives). In order to evaluate the most appropriate business model for TREDISEC that will influence the framework architecture, the implementation approach and operational model, on the one hand, and the exploitation strategies on the other hand.

Efficient Techniques for Publicly Verifiable Delegation of Computation

Abstract

With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we introduce two cryptographic protocols for publicly verifiable computation that allow a lightweight client to securely outsource to a cloud server the evaluation of highdegree univariate polynomials and the multiplication of large matrices. Similarly to existing work, our protocols follow the amortized verifiable computation approach.
Furthermore, by exploiting the mathematical properties of polynomials and matrices, they are more efficient and give way to public delegatability. Finally, besides their efficiency, our protocols are provably secure under well-studied assumptions.

TREDISEC mentioned in Atos Research & Innovation group (ARI) booklet 2015

Atos Research & Innovation group (ARI), hub for research and development in new technologies and a key reference for the whole Atos group has launched the yearly report of Atos Research & Innovation (ARI) activities in 2015.

ARI focus is to investigate emerging technologies and anticipate market demand with innovative solutions.

This year, ARI has proved its success in several projects, providing innovative services to customers.

For instance, ARI has led TREDISEC project, which aims at increasing trust in cloud computing by designing new security
primitives ensuring data security and user privacy and supporting the underlying storage and computation technology at the same time.

In pages 37,38 of the booklet, it is available more details about on-going cybersecurity projects of the group, and more specifically about TREDISEC.

CREDENTIAL - Secure Cloud Identity Wallet

H2020 Innovation action. The project started in October 2015. The main idea of CREDENTIAL is to enable end-to-end security and improved privacy in cloud identity management services for managing secure access control. This is achieved by advancing novel cryptographic technologies and improving strong authentication mechanisms.

WISER - Wide-Impact cyber Security Risk framework

WISER is a European initiative that puts cyber-risk management at the very heart of good business practice, benefitting multiple industries in particular critical infrastructure and process owners, and ICT-intensive SMEs. Kicking off in June 2015, by 2017 WISER will provide a cyber-risk management framework able to assess, monitor and mitigate the risks in real time.

Challenges for trustworthy (multi-)Cloud-based services in the Digital Single Market

The Data Protection Security and Privacy (DPSP) in the Cloud Cluster has published the Whitepaper Challenges for trustworthy (multi-)Cloud-based services in the Digital Single Market.

The future Digital Single Market (DSM) poses a number of research challenges for future years. Particularly, the DSM Initiative #14 on “Free flow of data” directly impacts on a number of security and privacy issues on (multi-)cloud-based services and cloud services. The objective of this White paper is to develop an initial map of challenges identified by the DPSP Cluster projects related to the DSM Initiative #14 topics at the right level of abstraction that could be reused by the EC and policy makers. The map includes collection of the challenges more relevant for the next Horizon 2020 Work Programme 2018-2020.

SECODIC 2016: Secure and Efficient Outsourcing of Storage and computation of Data in the Cloud

The H2020 projects WITDOM and TREDISEC, led by Atos, co-organize the workshop on "Secure and Efficient Outsourcing of Storage and computation of Data in the Cloud" (SECODIC 2016), which will be held in conjunction with the ARES EU Projects Symposium 2016, held at the 11th International Conference on Availability, Reliability and Security (ARES 2016) on August 31-September 2nd in Salzburg, Austria.

During the workshop hot topics related to end-to-end security, privacy, and data protection in the cloud and advances in the field will be discussed. The workshop is expected to give extensive insights into the state-of-the-art in cloud technologies and novel perspectives for ensuring security and privacy in the cloud. The workshop will be an excellent venue for security experts and cloud providers who want to keep up with new research advances in the area of cloud security.

The registration to the SECODIC workshop is handled through the main ARES conference registration system.

• http://www.ares-conference.eu/conference/workshopsares2016/secodic-2016/

• http://www.ares-conference.eu/conference/

TREDISEC: Trust-aware REliable and Distributed Information SEcurity in the Cloud

Paper entitled "TREDISEC: Trust-aware REliable and Distributed Information SEcurity in the Cloud", by TREDISEC's consortium, was accepted by in the International Conference on e-Democracy 2015.
The paper is co-authored by TREDISEC consortium, and is related to the main topic chosen this year for the onference "Citizen rights in the world of the new computing paradigms"

The paper has been published in a book that contains 13 revised full papers presented together with 8 extended abstracts that were selected from 33 submissions.

Abstract

Cloud computing services are increasingly being adopted by individuals and companies thanks to their various advantages such as high storage and computation capacities, reliability and low maintenance costs. Yet, data security and user privacy remain
the major concern for cloud customers since by moving their data and their computing tasks into the cloud they inherently lend the control to cloud service providers. Therefore, customers nowadays call for end-to-end security solutions in order to retain full control over their data.

TREDISEC will participate in Trust in Digital Life event

This year's Trust in the Digital World event is to be held at the New Babylon Centre in The Hague on 15/16 June. This event is a mixture of practical demonstrations, presentations, panel discussions and “un-conference” session covering key challenges, visions and strategies. It is envisioned for those in business, public sector and government who are involved in the policy, security, systems and processes surrounding trust.

TREDISEC will have large representation due to the presence of several members with key roles in the development of the project.

Ghassan Karame, Innovation Manager of TREDISEC, will chair a panel on cloud security. The panel has as topic "Reconciliating Security and Functional Requirements in the Cloud", and will be tentative by 3-4 senior experts in the field including representatives from industry, and academia.

One of the confirmed panellist is Melek Önen, Dissemination Manager of TREDISEC. Melek Önen is a senior researcher at EURECOM. Her current research interests are the design of security and privacy protocols for various communication networks such as ad hoc networks, sensor networks, opportunistic networks and social networks. She has been involved in many European and national French research projects.

The Trust in Digital Life (TDL) community was formed by leading industry partners and knowledge institutes that hold trust and trustworthy services to be an essential ingredient of the digital economy. The TDL community is committed to enabling a trustworthy ecosystem that protects the rights of citizens while creating new business opportunities.

“Trust in the Digital World” event is supported by Gemeente Den Haag (GDH), DG CONNECT (European Commission) and ENISA.” It is Europe’s leading independent, interdisciplinary, unbiased and European focused conference.

Cuestionario

Available Agenda for the ARES Conference Workshop organized by TREDISEC-WITDOM projects

It is already available the agenda forescasted for the next workshop that will be held in Salzburg next 31th August at ARES Conference.

There will be a varied group of speakers from Atos Spain, NEC Germany, IBM Switzerland and EURECOM France.

The initial keynote will be given by N. Asokan, a recognized researcher mainly focused on applying cryptographic techniques to design secure protocols for distributed systems Recently, he has also been investigating the use of Trusted Computing technologies for securing endnodes, and ways to make secure systems usable, especially in the context of mobile devices.

Agenda SECODIC 2016 TREDISEC/ WITDOM Workshop

You can find more details in the following link: https://www.ares-conference.eu/conference/ares-eu-symposium/secodic-2016/

Authenticated Encryption with Variable Stretch

Paper entitled “Authenticated Encryption with Variable Stretch” has been accepted at Asiacrypt 2016.
This work relates to the work developed at TREDISEC project in WP5, addressed to design and evaluate new privacy preserving primitives to assure processing services such as word search, lookup and/or retrieval.
Pending to be published.

Abstract:

In conventional authenticated-encryption (AE) schemes, the ciphertext expansion, a.k.a. stretch or tag length, is a constant or a parameter of the scheme that must be fixed per key. However, using variablelength tags per key can be desirable in practice or may occur as a result of a misuse. The RAE definition by Hoang, Krovetz, and Rogaway (Eurocrypt 2015), aiming at the best-possible AE security, supports variable stretch among other strong features, but achieving the RAE goal incurs a particular inefficiency: neither encryption nor decryption can be online.

The problem of enhancing the well-established nonce-based AE (nAE) model and the standard schemes thereof to support variable tag lengths per key, without sacrificing any desirable functional and efficiency properties such as online encryption, has recently regained interest as evidenced by extensive discussion threads on the CFRG forum and the CAESAR competition. Yet there is a lack of formal definition for this goal.
First, we show that several recently proposed heuristic measures trying to augment the known schemes by inserting the tag length into the nonce and/or associated data fail to deliver any meaningful security in this setting. Second, we provide a formal definition for the notion of nonce-based variable-stretch AE (nvAE) as a natural extension to the traditional nAE model. Then, we
proceed by showing a second modular approach to formalizing the goal by combining the nAE notion and a new property we call key-equivalent separation by stretch (kess). It is proved that (after a mild adjustment to the syntax) any nAE scheme which additionally fulfills the kess property will achieve the nvAE goal.
Finally, we show that the nvAE goal is efficiently and provably achievable; for instance, by simple tweaks to
off-the-shelf schemes such as OCB.

A transparent defense against USB eavesdropping attacks

This paper is related to WP4.

Abstract

Attacks that leverage USB as an attack vector are gaining popularity.
While attention has so far focused on attacks that either exploit the host's USB stack or its unrestricted device privileges, it is not necessary to compromise the host to mount an attack over USB. This paper describes and implements a USB sniffing attack. In this attack a USB device passively eavesdrops on all communications from the host to other devices, without being situated on the physical path between the host and the victim device. To prevent this attack, we present UScramBle, a lightweight encryption solution which can be transparently used, with no setup or intervention from the user. Our prototype implementation of UScramBle for the Linux kernel imposes less than 15% performance overhead in the worst case.

Searchable Encryption for Biometric Identification Revisited

Paper related to WP5 TREDISEC.

Abstract:

Cryptographic primitives for searching and computing over encrypted data have proven useful in many applications. In this paper, we revisit the application of symmetric searchable encryption (SSE) to biometric identification. Our main contribution is two SSE schemes well-suited to be applied to biometric identification over encrypted data. While existing solution uses SSE with single-keyword search and highly sequential design, we use threshold conjunctive queries and parallelizable constructions. As a result, we are able to perform biometric identification over a large amount of encrypted biometric data in reasonable time. Our two SSE schemes achieve a different trade-off between security and efficiency. The first scheme is more efficient, but is proved secure only against non-adaptive adversaries while the second is proved secure against adaptive adversaries.

Study of a verifiable biometric matching

This paper is related to WP3.

Abstract

In this paper, we apply verifiable computing techniques to a biometric matching. The purpose of verifiable computation is to
give the result of a computation along with a proof that the calculations were correctly performed. We adapt a protocol called
sumcheck protocol and present a system that performs verifiable biometric matching in the case of a fast border control. This is a work in progress and we focus on verifying an inner product. We then give some experimental results of its implementation. Verifiable computation here helps to enforce the authentication phase bringing in the process a proof that the biometric verification has been correctly performed.

Initial encryption of large searchable data sets using hadoop

This paper is related to TREDISEC, WP5.

Abstract

With the introduction and the widely use of external hosted infrastructures, secure storage of sensitive data becomes more and more important. There are systems available to store and query encrypted data in a database, but not all applications may start with empty tables rather than having sets of legacy data. Hence, there is a need to transform existing plaintext databases to encrypted form. Usually existing enterprise databases may contain terabytes of data. A single machine would require many months for the initial encryption of a large data set. We propose encrypting data in parallel using a Hadoop cluster which is a simple five step process including the Hadoop set up, target preparation, source data import, encrypting the data, and finally exporting it to the target. We evaluated our solution on real world data and report on performance and data consumption. The results show that encrypting data in parallel can be done in a very scalable manner. Using a parallelized encryption cluster compared to a single server machine reduces the encryption time from months down to days or even hours.

On Information Leakage in Deduplicated Storage Systems

Paper pending to be published.

Encrypting Analytical Web Applications

Abstract

The software-as-a-service (SaaS) market is growing very fast, but still many clients are concerned about the condentiality
of their data in the cloud. Motivated hackers or malicious insiders could try to steal the clients' data. Encryption is a potential solution, but supporting the necessary functionality also in existing applications is dicult. In this paper, we examine encrypting analytical web applications that perform extensive number processing operations in the database. Existing solutions for encrypting data in web applications poorly support such encryption. We employ a proxy that adjusts the encryption to the level necessary for the client's usage and also supports additively homomorphic encryption. This proxy is deployed at the client and all encryption keys are stored and managed there, while the application is running in the cloud. Our proxy is stateless and we only need to modify the database driver of the application.
We evaluate an instantiation of our architecture on an exemplary application. We only slightly increase page load time on average from 3:1 seconds to 4:7. However, roughly 40% of all data columns remain probabilistic encrypted. The client can set the desired security level for each column using our policy mechanism. Hence our proxy architecture oers a solution to increase the condentiality of the data at the cloud provider at a moderate performance penalty.

D2.3. TREDISEC architecture and initial framework design

This deliverable evaluates the architectural models and selects the appropriate one for the project.
This deliverable also provides a first design of the TREDISEC framework.

D3.2. Specification and Preliminary Design of Verifiability mechanisms

This report will introduce initial design of different verifiability primitives.

D5.2. Optimization of outsourcing activities and initial design of privacy preserving data processing primitives

This deliverable will provide a tool set to optimize the actual outsourcing process, by for example, parallelizing encryption before outsourcing data to the cloud. In this context, we introduce an initial design of privacy preserving primitives for data processing. This deliverable will also comprise the complete design and evaluation of privacy preserving data processing primitives.

SUNFISH

SecUre iNFormatIon SHaring in federated heterogeneous private clouds
EU H2020 project which aims to provide a specific and new solution to face the lack of the necessary infrastructure and technology that would allow the European Public Sector Players to integrate their computing clouds. The SUNFISH project aims to reduce the management cost of private clouds owned by Public Administrations, while maintaining required security levels, and to accelerate the transition to 21st century interoperable and scalable public services, boosting enforcement of the European Digital Single Market.

Securing Cloud Data under Key Exposure

This paper includes a partial acknowledgment of the TREDISEC project, since this paper relates to NEC’s contribution in WP4 of TREDISEC with respect to data confidentiality technologies.

Abstract

Recent news reveal a powerful attacker which breaks data confidentiality by acquiring cryptographic keys, by means of coercion or backdoors in cryptographic software. Once the encryption key is exposed, the only viable measure to preserve data confidentiality is to limit the attacker’s access to the ciphertext. This may be achieved, for example, by spreading ciphertext blocks across servers in multiple administrative domains—thus assuming that the adversary cannot compromise all of them. Nevertheless, if data is encrypted with existing schemes, an adversary equipped with the encryption key, can still compromise a single server and decrypt the ciphertext blocks stored therein. In this paper, we study data confidentiality against an adversary which knows the encryption key and has access to a large fraction of the ciphertext blocks. To this end, we propose Bastion, a novel and efficient scheme that guarantees data confidentiality even if the encryption key is leaked and the adversary has access to almost all ciphertext blocks. We analyze the security of Bastion, and we evaluate its performance by means of a prototype implementation. We also discuss practical insights with respect to the integration of Bastion in commercial dispersed storage systems. Our evaluation results suggest that Bastion is well-suited for integration in existing systems since it incurs less than 5% overhead compared to existing semantically secure encryption modes.

AURA: Recovering from Transient Failures in Cloud Deployments

Paper related to WP6 work of TREDISEC.

Abstract

In this work, we propose AURA, a cloud deployment tool used to deploy applications over providers that tend to present transient failures. The complexity of modern cloud environments imparts an error-prone behavior during the deployment phase of an application, something that hinders automation and magnifies costs both in terms of time and money. To overcome this challenge, we propose AURA, a framework that formulates an application deployment as a Directed Acyclic Graph traversal and re-executes the parts of the graph that failed. AURA achieves to execute any deployment script that updates filesystem related resources in an idempotent manner through the adoption of a layered filesystem technique.
In our demonstration, we allow users to describe, deploy and monitor applications through a comprehensive UI and showcase AURA’s ability to overcome transient failures, even in the most unstable environments.

D1.6. Innovation Management Report

The goal of this document is to outline the current progress of the TREDISEC project from the point of view of Innovation Management activities. Recall that the main purpose of innovation management is to ensure that the project research activities, technological developments, and achievements, are kept well connected to outside technology developments. An additional goal of innovation management here is to maintain low risk level for the project and to prevent the project results from losing relevance given the evolving trends in the market.

Confidentiality with Storage Efficiency

Convergent encryption is a cryptographic primitive introduced by Douceur et al. (Douceur, et al., 2002), attempting to combine data confidentiality with the possibility of data deduplication.

Convergent encryption of a message consists of encrypting the plaintext using a deterministic (symmetric) encryption scheme with a key which is deterministically derived solely from the plaintext. Clearly, when two users independently attempt to encrypt the same file, they will generate the same ciphertext which can be easily deduplicated. Unfortunately, convergent encryption does not provide semantic security as it is vulnerable to content-guessing attacks.

In TREDISEC, we aim at designing solutions for privacy preserving data deduplication that do not rely on fully trusted entities; they will rather leverage novel and innovative mechanisms to ensure that only the data owner can disclose the content of its data.

Confidentiality & Data Processing

Confidentiality of data requires that when users outsource data, the cloud should not learn any information about the data it is storing and the operations performed over it.

Although classical encryption algorithms ensure data confidentiality, they unfortunately prevent the cloud from operating over encrypted data. The obvious approach could be to encrypt all data with a secure encryption algorithm such as AES and store it in the cloud. However, while secure, all data can no longer be processed in the cloud but has to be downloaded and decrypted on the client to execute any query on it. This makes any serious Database as a Service offering questionable and is the way many traditional DBMS like Sybase, Oracle, DB2 or solutions like Dropbox appear to work when they claim to encrypt data and provide cloud storage.

Moreover, both, the queries issued by the user and the result of the queries should remain confidential to the cloud. Existing crypto primitives such as searchable encryption or private information retrieval cannot immediately be adopted by current cloud solutions.

Confidentiality

End-to-end (E2E) security is increasingly being used as a means to maintain data-at-rest and data-in-transit confidentiality. Within the end-to-end security paradigm, data is encrypted very close to its source at the client side, and the client is the only one in possession of the keys used to encrypt; thus no information is revealed to the cloud provider or other cloud provider tenants.

Database management systems are integral components of many systems as they provide a well-established, efficient and scalable way of processing large amounts of data. Under the cloud paradigm, it becomes extremely appealing to preserve the ability to process data after its migration to the cloud. However, on-demand databases outsourced in the cloud are vulnerable to additional attacks compared to on-premise databases. While the cloud provider organization is usually trusted, its employees like database operators may misuse their elevated privileges to access cloud data.

Access control

Securely enforcing data access policies is a challenge of paramount importance in existing clouds. In fact, current clouds do not implement any mechanism to ensure the secure deletion of their data and rely on the cloud to enforce data access decisions between different tenants. This latter limitation becomes especially evident, when the cloud is untrusted to perform such unilateral decisions.

There is no global solution for data deletion in the cloud. TREDISEC will provide architectures and mechanisms to guarantee secure data deletion for cloud storage provider. Given such mechanisms, users will have cryptographic guarantees that their data is timely deleted when they ask the provider to do so. Deletion will account for data available to the user, as well as back-up copies kept by the cloud provider for dependability reasons.

Multi-tenancy

Multi-tenancy refers to the ability of a system to serve multiple administrative entities (called tenants) with a high degree of resource sharing among tenants (e.g. share CPU time, disk space, etc.).

Ideally a multi-tenant cloud storage system serves requests of multiple customers (tenants) in such a way that computing and storage resources are shared among such customers and this sharing of resources does not weaken system security.

In practice, multi-tenancy is a trade-off between security and costs: the wider the subset of resources shared (e.g., same physical machine vs. same OS), the more the cloud system can amortize costs and increase utilization.

Multi-tenancy can be achieved in several different ways. The simplest, most secure but also most expensive way is by leveraging hardware-level isolation; in this case, the requests of distinct tenants are handled by different hardware; a second approach is based on hardware and platform based virtualization techniques to create multiple virtual nodes and storage facilities (e.g. volumes, file systems, containers) for each tenant; process-level isolation hinges on the isolation provided by multi-user operating systems to separate resources belonging to different tenants; finally, within application-level isolation, the application is enhanced with access control enforcement to grant or deny access to otherwise shared resources.

The cloud services provided by TREDISEC should accommodate a multi-tenant environment. That is, an environment in which multiple users share the ownership of outsourced data, or are permitted to operate on the data without being actually owners. This requirement is more relevant to the use-cases pertaining to file sharing services

D6.2. Evaluation criteria

In this deliverable we describe the methodologies that we plan to use in order to evaluate the outcomes of TREDISEC. We present our approach to assess whether the results of the project fulfil the requirements and necessities of the use cases, identified in deliverable D2.1 “Description of the context scenarios and use cases definition”, and to measure to what extent these requirements are met.
TREDISEC has two major technological outcomes: the TREDISEC Framework and the security primitives. In our approach, we perform the assessment of the maturity level of these results by deploying the TREDISEC Framework and security primitives in the use cases of the project and other internal testing environments.
Along the evaluation process we will validate compliance to the requirements identified in WP2 (cf. D2.2 “Requirements Analysis and Consolidation” ), and assess the degree of enhancement brought by the TREDISEC technological outcomes in each use case. On one side, we will evaluate the overall project success by concluding whether the objectives have been achieved. In this case, we refer to the evaluation criteria defined by all the use case owners and the framework owners. On the other side, we evaluate the TREDISEC technological outcomes, i.e. the framework and the security primitives, by deploying them in the use cases and using the corresponding indicators to perform measurements.
In order to homogenise the different evaluations, we have defined two different types of domain-specific indicators to evaluate TREDISEC technologies: use case process indicator, which focuses on the process described in each use case; and technology-related indicators, which focuses on functional and non-functional characteristics of the technologies developed. For each of the objectives a success criterion is defined together with the measurement methodologies.
Notice that for all use cases and the framework, the focus areas to be evaluated along the processes and requirements fulfilment are defined in detail by all use case and framework owners.

D7.7. Business Models for TREDISEC

Under the Horizon 2020 Framework Programme, EC demands that supported research projects reach society, promoting their value and the benefits derived from the technological and scientific activity through public funding so they are returned to society. The European Commission states that businesses and consumers still do not feel confident enough to adopt cross-border cloud services for storing or processing data, because of concerns related to security, compliance with fundamental rights (regulations, etc.), and data protection in general.
In deliverable D1.6 “Innovation management report” we have already performed a review and analysis of the state of the art technologies, and concluded that current solutions lack important features from the customer’s point of view (i.e. simplicity, fast deployment, protection against vulnerabilities, etc.). Moreover, both the European Citizens and Organizations report suffering vulnerabilities with an important cost.
Therefore, improving security and privacy features will contribute to evolve the cloud offerings, placing new services and solutions on the market that are aligned with the European directive and the GDPR regulation for security and privacy.
In the TREDISEC project, we address these problems by creating technologies that will impact existing businesses and will generate new profitable business opportunities. Our value proposition is to develop novel, modular, end-to-end security primitives, which also provide functional capabilities and can be provisioned by a unified framework, covering the entire spectrum of cloud-relevant security, functional, and non-functional requirements.
In order to achieve that, TREDISEC proposes a product portfolio which is built around the following key exploitable project results:
• TREDISEC Security Primitives: Software components that address specific combinations of usually exclusive functional-security requirements, such as: confidentiality with storage efficiency, confidentiality with multi-tenancy, confidentiality with efficient data processing and availability, and integrity with storage efficiency.
• TREDISEC Framework: System that will combine and orchestrate the aforementioned security primitives with the objective of creating a single cloud security framework.
TREDISEC products provide and add value to the existing market solutions, such as SAP HANA and ~okeanos by GRNET being deployed within the project consortium, but also outside, such as to OpenStack and to Amazon EC2. In this way, businesses and organizations will be able to, not only address current customers’ security and privacy concerns, but also comply with corporate security requirements and EU data protection rules, without significant additional computational or storage costs, and with negligible reduction in performance.
In order to generate revenue within the EU economic area, the consortium has identified business models that will sustain the outcome of the TREDISEC project in terms of business benefits and potential triggers for markets. This document describes the relevant customer segments, depending on their needs, focusing on the sectors with a higher risk of attack (and thus, more interested in improving their systems), and the best way to approach them. We have identified two main channels to reach potential customers: an online channel for reaching users with a technical profile and “turn” them into influencers inside their companies; and a field sales force for reaching larger companies that require customization.
The proposed business model advocates the project deliverables via a unified Framework, which is able to integrate (or “glue together”) all the Security Primitives developed by the project partners.
Following this business model proposal, a “freely” available Framework does not imply that there is no benefit from it. There are numerous ways in which TREDISEC can benefit from the Framework; For example, almost certainly, the Framework will need customization for different installations. So, there will be considerable need for consultancy, maintenance and customization work to be done.

This deliverable is Confidential: only for members of the consortium (including the Commission Services)

Perfect Dedup

Offers deduplication over encrypted files. It allows different users to upload client-side encrypted files to the cloud, while deduplication technique can still be applied to those encrypted files.

Verifiable Matrix Multiplication

It is a cryptographic scheme that enables a cloud provider to compute the multiplication of a given vector with the matrix and to prove to a user that the output is actually correct. The goal of the solution is to render the verification of the proof as efficient as possible.

M24: so what?

March 2017 means M24 in our project timeline terminology. We have submitted four new deliverables and the second year of the project is over. So what?

So... many things really!

If you have been disconnected from latest project news, here's a few of them that you must become acquainted with:

• Three General Assembly meetings were organised: one at Heidelberg (thanks to NEC for hosting it!) in March 2016, another one at Salzburg in September 2016, and in February of 2017 we met at Berlin by courtesy of SAP, (great host too!). These meetings always are great opportunities for the consortium to meet, keep updated on the progress achieved in the different work-packages, discuss on hot research topics and plan for the upcoming steps. And have a delicious business dinner in such a good company, of course!
• The SECODIC workshop, held during the ARES 2016 Conference in Salzburg, took place on the 31st of August 2016. The workshop was co-organised with project WITDOM, allowing us to present our current progress and achievements, learn from others' feedback and views and share thoughts with other researchers on the topic Secure and Efficient Outsourcing of Storage and Computation of Data in the Cloud. We are already planning to repeat the experience... more information will be revealed very soon!
• Work-package 2 on "Requirements and architecture for a Secure, Trusted and Efficient Cloud" finished in November 2016. Awwwww... We will miss you! The main outputs of this WP are the Use Cases descriptions, the Consolidated set of Requirements and the final TREDISEC Framework architecture.
• 2nd Project Review took place on October 27th 2016, and we successfully passed it. All deliverables reviewed were accepted so we could safely keep moving on! Some minor recommendations were made too, and we are dutifully following them... promise!
• A first Innovation Management report has been delivered in November 2016. The conclusions of the report show that, after one and a half years of work, the project's innovation health level is thriving, and the risk that the project goals lose relevance over time is negligible. Good job!
• A Business Development Plan workshop was held in Madrid in November 2016. Thanks to the Common Exploitation Booster support services coordinated by the H2020 Common Support Center of the European Commission, we counted with the guidance of an expert who helped the consortium to clarify a lot of open points regarding how to design a realistic and adecquate Business Model to better approach the exploitation strategy of the project results. The outcomes of this workshop served as input for deliverable D7.7 Business models for TREDISEC.
• Work-package 6 on "Development, delivery and evaluation of the TREDISEC framework" has started. That means the framework architecture and primitives designed during the first half of the project will become tangible very soon. The evaluation criteria to validate the project results in the context of the Use Cases has been defined too.

Many milestones achieved, but quite a few to accomplish too. The third year of the project will see how the implementation of the security primitives perform in evaluation scenarios reproducing real world conditions, and how these indeed are able to meet the identified cloud security and functional requirements we committed to. The framework will be made available to ease primitive developers' and cloud providers' lifes. And the strategy for exploitation of project results and their sustainability's game plan will see the light.

We'll keep you posted!

Biometric Features Extraction in the Encrypted Domain

This primitive could be used to prove the user/citizen/customer that some processing (like the liveness detection) has indeed been computed on the authentication data, thus enabling to check the conformance to (e.g. governmental) rules/standards.

Secure Data Migration Service

This tool allows cloud customers to migrate relational SQL databases into the cloud such that confidentiality is provided against the service provider but the database can still be queried.

PoR

Proofs of Retrievability (PoR) are cryptographic proofs that enable a cloud provider to prove that the tenant can retrieve his file in its entirety. A tenant can ask the cloud provider to provide such proofs of a requested file without the need to download the file The aim of providing the PoR primitive is to provide strong assurance of storage integrity to the tenants.

Secure De-duplications

Files are encrypted on the client side before being uploaded to the cloud, and will be decrypted on the client side after being downloaded to local. The encryption key is kept by the clients. The encryption keys are acquired by the clients from some remote entity, in a privacy-preserving way that the remote entity is not able to infer or distinguish the file content from the requests from all clients, but this remote entity will ensure that the same file content will derive the same encryption key. Thanks to this feature, files across multiple clients can be de-duplicated. Only one copy of a file with unique content (in its encrypted form) will be stored in the cloud server. When duplicated files are deleted, only the links of the ownership will be removed. The file copy in the cloud will be removed only when the file is unique across all clients.

Vulnerability Discovery

This tool behaves like a classic fuzz tester, by supplying mutated input to a program and observing its behaviour. Often, mutated input leads to crashes, and the crashes reveal ways of exploiting the program. Standard fuzzers however do not take into account the distributed nature of some of the software that powers the cloud. The distributed fuzzer will be optimized for distributed programs and components. The output is a series of crash reports including back-traces and the developer/tester can manually intervene to fix the bug and harden the code.

Key Management for Secure Deduplication (OOPRF)

This scheme is intended to be used in a scenario where multiple users are using a storage system to store data.

TPM-based Remote Attestation (TRAVIS)

Remote Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network. The Remote Attestation generates the evidence of whether or not the untrusted cloud platform is running in the expected state, and therefore, the result of the service, application or VM image outsourced to the cloud is trustworthy.

Logical Partitioning Hypervisor

Provides light-weight isolation on many-core platforms. Allows management of encrypted and integrity-protected virtual machine images.

ML-POR with MLKeygen

Message Locked PoR and Message locked key generation. This primitive enables clients to verify the retrievability of their files while also allowing file-based deduplication based on a dedicated message-locked key generation. Since all keying material are depending on the file itself the encryption and encoding of the files remain the same if the file is the same.

MIRROR

Proofs of retrievability for data replications. It allows the data replication be handled by the cloud provider, who will then generate proofs of retrievability of these replicas upon user attestation.

Authenticated Encryption

Authenticated encryption with new security model and construction. StoA authenticated encryption with variable stretch is vulnerable to some attacks that misuse the variable stretch. A new security definition is proposed and followed by a new construction.

Computation Integrity

Verifiable Computation

While storage integrity requirements address the integrity of outsourced data, computation integrity requirements address the correctness of outsourced computation.

Requirements

• WP32-R1: Computation integrity
• WP32-R2: Public verifiability
• WP32-R3: Public delegatability
• WP32-R4: Managing big databases

Content extracted from deliverable document D2.2 Requirements Analysis and Consolidation

Computation Privacy

Privacy preserving data outsourcing

Within TREDISEC, the original data of the data owner should be protected against unintended and unauthorized access, and data confidentiality should be enforced by means of encryption. The encryption of large data sets with one or multiple encryption schemes should be executed in a performance-optimised manner. At the same time, end-user application downtime needs to be minimised during the migration process in order to allow daily business operations to continue.

Requirements

• WP5-R1: Big Data confidentiality
• WP51-R1: Efficient initial encryption
• WP52-R1: Privacy preserving migration with minimum downtime

Privacy preserving processing

Privacy preserving processing deals with the design of mechanisms that enable the cloud to process encrypted data. Ideally, cloud providers should be able to conduct any complex operations on the outsourced data. While advances in fully homomorphic encryption are promising, they are still too computationally intensive to represent a viable solution for privacy preserving processing. This is why, in TREDISEC, we focus on a different line of research that aims at designing dedicated privacy preserving mechanisms for specific applications. More specifically, we address the problem of privacy preserving data processing for biometric data and privacy preserving word search:One of the most demanding operation for cloud application is word search. A data owner or another authorized third party should be able to search for some words over the data that has already been outsourced encrypted. The idea is to exploit the properties of the outsourced data and the functions we are interested in to come up with efficient security solutions that do not negatively impact the performances of cloud computing..

Requirements

• WP51-R2: Query analysis for optimised SQL statement execution over remotely stored encrypted data
• WP53-R1: Privacy preserving data processing
• WP53-R2: Search pattern privacy for word search
• WP53-R3: Access pattern privacy for word search
• WP53-R4: Performance / Efficiency at the client
• WP53-R5: Query expressiveness for word search

Content extracted from deliverable document D2.2 Requirements Analysis and Consolidation

Data Access

The owner of outsourced data should be given the possibility to control who accesses her data and how. More specifically, the data owner should be allowed to share the ownership of her data, give read/write rights to users of her choice and finally revoke such rights at any point in time. Therefore, we envisage in TREDISEC to develop mechanisms for access policy enforcement. Given the multi-tenant nature of file sharing use-cases, they require solution that control and regulate data access.

Dynamicity

Most of the data outsourced to the cloud is prone to changes. Such changes include appending new data, modifying chunks of existing data, or deleting parts of the outsourced data. Besides the classical challenge of synchronization that cloud service providers should solve when multiple users update outsource concurrently, we should also ensure in TREDISEC that our security mechanisms work seamlessly in the presence of dynamic data. Namely, a cloud customer should not be impelled to download her (entire) data to perform a small change. Ideally, this requirement should be met in all the TREDISEC use-cases. However, in TREDISEC we prioritise the file sharing use-cases.

Infographic #2: TREDISEC framework

Whitepaper on Cloud technology options towards Free Flow of Data

The Data Protection, Security and Privacy Cluster of EU-funded research projects working in those areas has released the Whitepaper on Cloud technology options towards Free Flow of Data

The document is the result of the collaborative effort of the clustered projects, and it collects the technology outcomes from the projects that help to solve some of the issues raised by the Free Flow of Data (FFD) initiative of the Digital Single Market

The Whitepaper briefly describes and provides references to the technologies, methodologies, models, and tools researched and developed by the projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe

Currently 28 projects participate in the DPSP Cluster with a total EU funding of approximately €86M, corresponding to 19 projects funded in H2020 (€64M), 6 projects in FP7 (€17M), 2 projects in CIP (€5M). Among the, the MUSA (MUlti-cloud Secure Applications) project coordintated by Tecnalia and OPERANDO (Online privacy enforcement, rights assurance and optimization) project in which participate have contributed to the report

Secure Deletion Primitive

We start this series of articles about the primitives developed in TREDISEC project with Secure Deletion.

The key feature of the Secure Deletion primitive is to allow users to retain more control over their data. Once a user decides to securely delete data, it is irrecoverably deleted. Thereby, secure deletion provides privacy and compliance with existing data retention laws. We provide a new multi-user secure deletion solution.

Previous work has already studied secure deletion for different media and in different scenarios. Initially, secure deletion was studied for local storage media, such as classical hard drives. Later, due to the advances in technology, the focus shifted to flash-based storage media and as cloud storage became more popular, appropriate secure deletion solutions were devised. However, to the best of our knowledge all of these solutions are single-user or single-device solutions. Our solution provides secure deletion on collaborative cloud storage for one or more users using one or more devices.

In this diagram we can see how our solution has been depicted.

The group members want to collaboratively use the cloud storage, i.e. they want to upload, download, modify and delete files. In our solution we assume that the group members trust each other and are therefore not malicious. Each member uses its client app, that was previously configured by the administrator. The client app then translates the basic users commands into appropriate actions. If a user uploads a file, the client app securely encrypts it, stores the encrypted file on the cloud storage and informs the other members about the encryption key so that the cloud does not learn anything about the encryption key. Through a careful handling of the key over the file’s lifetime, secure deletion can be achieved.

Today, many companies use cloud storage for different tasks, as it allows fast and efficient collaboration between employees. Based on our solution, more advanced cloud applications can be developed that provide secure deletion. Note, that due to data privacy regulation, such a secure deletion solution is a necessity for many companies, if they want to leverage the cloud advantages.

5th General Assembly meeting of TREDISEC

The project consortium will meet for 2 days at Morpho's premises in Paris for the 5th General Assembly.

The first day, Oct. 5th, will host a plennary session to report on the status of the different work packages and to discuss the strategy to undertake the last 6 months of the project.

On the second day, Oct. 6th, two parallel workshops will run devoted to WP6 and WP7 each. WP6 workshop will discuss on the status of the use case validation scenarios. WP7 workshop will focus on the exploitation and sustainability strategy of the project.

ISSE The Future of Digital Security and Trust

TREDISEC will present EPICA at the Second Joint Workshop of the DPSP Cluster

TREDISEC will present by first time a demo of results at the Second Joint Workshop of DPSP Cluster that will be held in Armsterdam, next 19th of September. Javier García, from Atos, will present a demo of the Multi-tenancy Access Control primitive together with other projects belonging to the cluster as SWITCH, PASSWORD, UNICORN, RESTASSURED, PRISMACLOUD and MUSA.

The aim of the primitive is to provide an enforcement component for distributed attribute-based access control (ABAC) policies that ensures that authorized users always get access to the selected cloud resource (either data or service) whilst the access is refused to malicious parties, in the context of a multi-tenant cloud infrastructure (more information here: http://www.tredisec.eu/content/multi-tenancy-access-control-epica).

The Second Workshop of DPSP is scheduled within the workshop organized by CloudWATCH2 for SMEs, industry leaders and policy experts to think how the European cloud computing market will be shaped in Europe over the next 3 years. (http://www.cloudwatchhub.eu/cloudwatch-summit-agenda-now-online).

The dates scheduled are the following if you are interested in attending to this appointment:

1. DPSP Cluster Workshop . 19th Sep (13:30-17:15).

2. CLOUDWATCH2 MTRL Workshop. 19th Sep (17:30-19:00).

3. CLOUDWATCH2 Final Workshop. 20th Sep (10:00-16:30).

EPICA

EPICA (Efficient and Privacy-respectful Interoperable Cloud-based Authorization) is a software implementation that controls access to resources (either services or data) in multi-tenant cloud environments. EPICA supports an ABAC-based model that extends XACML policies to represent trust relationships between tenants (so called “tenant-aware XACML policies”) in order to govern cross-tenant access to shared cloud resources.

The advances introduced by the primitive implementation, with regards to the current state of the art in the domain of Access Control for Cloud-based environments, are two-fold:

1) EPICA provides specific support for cloud requirements such as multi-tenancy, and is compatible with storage efficiency techniques (i.e. file-based deduplication and compression);

2) EPICA advances the existing implementations of XACML v3, building upon an existing Open Source implementation of the standard, extends it with new functionalities and improves existing ones for a full coverage of the XACML reference architecture.

Besides, EPICA supports high availability and performance deployments, implementing an efficient policy retrieval approach with scalable policy stores.

The architecture of EPICA has been designed taking into account interoperability and privacy concerns, so the information exchanged between the cloud provider and the user, required to perform authorization, remains minimal.

As can be seen in Figure 1 the security primitive has several different components. Some of them have been created from scratch while others have been extended from the original Open Source reference implementation.

EPICA adapts to existing cloud management systems by (a) enabling configuration of different options to adapt to a specific scenario: type of policy store, multi-tenancy model, high-performance mode, policy generation mechanism and distributed attributes mode; (b) the Policy Administration process is supported by a set of operations offered as a REST-full API (c.f. Figure 2); (c) the Policy Enforcement component (PEP) is offered in two forms (.jar file and web service) to facilitate deployment in different cloud environments; the primitive allows for a distributed deployment of the authorization engine and policy store following a pubSub architectural pattern.

EPICA fulfils end-to-end security requirements while preserving critical functional requirements of cloud computing, such as scalability, availability and high performance. Besides, the approach is applicable to Authentication and Authorization for Constrained Environments (ACE), such as IoT or 5G scenarios, where strong fine-grained mutual authentication and authorization schemes are critical to protect frequency and radio/communication resources, to deliver 5G networks services on demand and comply with different regulation constraints.

Keywords:: Security Requirements: Confidentiality; Cloud Functional Requirements: Multi-Tenancy; Cloud Non-Functional Requirements: High Performance, Usability, High Availability

Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy

MOST RELEVANT DISSEMINATION PUBLICATIONS OF TREDISEC

• ROTE: Rollback Protection for Trusted Execution

  Conference: USENIX Security 2017

• Securing Cloud Data under Key Exposure

  Conference: IEEE Transactions on Cloud Computing

• A Leakage-abuse Attack Against ult-User Searchable Encryption

  Conference: The 17th Privacy Enhancing Technologies Symposium

• Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud

  Conference: USENIX Security 2016

• Transparent Data Deduplication in the Cloud

  Conference:ACM CCS 2015

• Efficient Techniques for Publicly Verifiable Delegation of Computation
  

  Conference: ASIACCS´16

• "Towards Shared Ownership in the Cloud" paper.

  Has been accepted to IEEE transactions on Information Forensics and Data Security (TIFS)

SECODIC 2016 - PRESS RELEASE

TREDISEC workshop @ISSE 2017 event: "How to reconcile cloud efficiency with security & privacy"

Project TREDISEC (www.tredisec.eu), which receives funding from the European Union’s Horizon 2020 (H2020) has organized a workshop session at ISSE 2017 – The Future of Digital Security and Trust event.

The TREDISEC workshop will be held in Deloitte premises, close to the Brussels Airport (Belgium), on November 15th 2017 at 11:30 The workshop will promote the results obtained by the project so far, present the next steps towards reaching the market and most importantly, gather feedback from the audience by fostering a dynamic discussion on hot research topics, most promising innovations and market trends in the Cloud Security field.

The ISSE 2017 event hosts many international, non-profit industry organizations which combine their resources, knowledge and information to create a two-days conference focusing on European public and private trust related to cybersecurity, privacy, identity and Cloud. The TREDISEC workshop is aimed to attract a diverse audience who are interested in these topics, but also on related emerging areas, such as new generation clouds, IoT and 5G.

Ms. Elena González, Communication Manager of the project, will chair the Workshop EU Projects 2 strand of the second day programme of the event. She will launch the workshop with a talk entitled “Key challenges in cloud security and how TREDISEC fits in”, followed by a project specific presentation of “TREDISEC project innovations and results”.

An interactive demo session will follow. First, Jose Fran Ruiz, who works in the project as Technical Project Manager, will present the TREDISEC Framework, which provides functionalities for managing, testing and using the security and functional solutions (the so-called security primitives) developed in the project. Second, Andreas Fischer, Senior Researcher SAP, will present one of the project use case scenarios, “Database Migration into a Secure Cloud”, and show how the TREDISEC contribute to enhance Cloud Services with a Secure Data Migration primitive.

To conclude the workshop, David Vallejo, Project Manager at Arsys Internet S.L., will explain the strategy to go to market with TREDISEC results and describe a sustainability strategy to keep alive the project beyond its official end date.

For more information about the workshop session and how to participate, please contact the workshop coordinator, Ms. Elena González at elena.gonzalez@atos.net

Also, find information at the ISSE event online space:

https://www.isse.eu.com/2017-isse-conference-programme-day-1/

New infographic: What TREDISEC offers you?

Infographic which illustrates the main results of the project:

• Framework
• Primitives
• Recipes

And what are the specific functionalities offered to each target of customers:

• Security engineer
• Developers of security solutions
• Integrators
• Cloud service providers

Infographic #3: What TREDISEC offers you?

Infographic #4: Benefits

Message-Locked Proof of Retrievability (ML-PoR)

ML-PoR is a proof of retrievability scheme that enables a cloud user to verify the correct storage of her outsourced data while allowing the cloud to perform secure deduplication whenever there is redundancy.

As opposed to existing PoR mechanisms, ML-PoRis compatible with cloud functional operations namely data reduction through secure deduplication. Therefore, the PoR encoding of a given file does not prevent the cloud from deduplicating redundant data. At the same time, the user is always able to verify the retrievability of her file even if this one is deduplicated.

ML-PoR aims at consolidating PoR with file-level deduplication by devising a generic technique to make a PoR scheme compatible with secure deduplication. In particular, the secret key used by the underlying PoR is derived from the file content thanks to a server-aided message-locked key generation protocol named ML-KeyGen, so that users owning identical files get the same keying material without any interaction among users. Moreover, in order to ensure deduplication, in addition to the same keying material the client should also use of the same parameters for all the operations performed during the PoR pre-processing stage, (eg. ECC parameters, the encryption algorithm, etc.). As there is no modification with respect to the underlying PoR protocol, we only illustrate the newly proposed ML-Keygen in the following diagram.

ML-PoR can help any cloud storage application to offer some means to guarantee the correct storage of users’ data while still being able to take advantage of data reduction technology.

MUSE: Multi-User Searchable Encryption

MUSE is a searchable encryption scheme that enables cloud users to upload their encrypted data and authorize other users to perform lookup queries over these data. The main privacy guarantee that MUSE offers is that it does not disclose the content of the data and the queries to the cloud.

MUSE is one of the first solutions that is suitable to the multi-user context. Furthermore, compared to existing multi-user searchable encryption solutions, this new primitive does not leak sensitive information and takes into account user-cloud collustions. Furthermore, MUSE remains scalable with respect to the number of users querying documents.

This new MUSE protocol makes use of new building blocks such as Oblivious Transfer or Garbled-Bloom Filters and is the first to ensure a high level of privacy in presence of users colluding with the CSP. Thanks to the use of an additional third party called Query Mutiplexer, whenever a user named as reader is able to efficiently search a large number of indexes, while each of these indexes is encrypted with the secret key of a different user named as writer. The new protocol is illustrated in the following figure. Writers send encrypted indexes to DH and authorizations to QM, and readers send trapdoors to QM. When QM receives a trapdoor t_(r,s) from reader r, QM multiplexes this query into several ones each of them destined to one encrypted index. DH further processes each of these queries and send the (encrypted) results to QM who further filters out negative results and send the set of indices the search query actually matched.

MUSE could be very useful in a scenario whereby individuals outsource their data to a cloud server and allow some third party services (such as recommendation systems) to perform a search over their data in order to increase their quality of service for example. Meanwhile the cloud storage server does not discover any information about the processed data.

Feature Extraction Over Encrypted Data

CLEARBOX

The End

March 2018. It has been three years since we officially launched the TREDISEC Project.

In our backpack, more than 25 security primitives, 9 recipes and a Framework to support the development, integration, use and adoption of these solutions by different stakeholders of the Cloud Security market.

But these are just the visible face of the seven breakthrough innovations in Cloud Security developed in the project. The valuable knowledge shared, the expertise gained and the opportunities created provide an extraordinary feeling of a job well done.

Have a quick insight into primitives looking at the dedicated Blog posts series .

Get acquainted with our Framework through presentations, videos and the various infographics available at the specific web space. You can even have a first person experience with a demo running framework instance, just follow the link provided and sign up. Additionally, and because the TREDISEC framework is released Open Source under Apache 2.0 license, you can see and even download the code to explore it at your own pace.

We would be very happy to hear you make use of it for your own purposes!

But we know you, and you do not simply content yourself with seeing the surface. So please, help yourself and deep dive into the details of a high quality research work, described in deliverables and multiple scientific publications accepted at top-ranked conferences such as USENIX Security, IEEE Transactions on Cloud Computing, ACM CCS or ASIACCS .

But, wait a minute… Is this really the end?

If you are still not satisfied and would like to know about our plans for the future. If you wish to explore any collaboration and continue the work that will take all these results to the next logical step, please contact us!

Recipe - Verifiable Integrity of Virtual Systems

This recipe includes a packaged version of the TRAVIS primitive, which makes use of a well-known TPM function to make a claim about certain properties of a target system by supplying evidence to an appraiser over a network.

In our specific case, the client (appraiser) outsourced the execution of a business service or application to a Cloud Service Provider (CSP) and needs to verify that the state of the Cloud Provider platform (target) where the business service/application is running remains the same as expected, at any point in time. Moreover, the client demands an evidence of such unchanged state, i.e. an evidence of the integrity of the remote virtual platform, and expects to be able to verify it without the CSP’s meddling.

The primitive provides the following functionalities:

• continuous verification of the integrity of the outsourced business services/applications and the underlying infrastructure,
• monitoring and reporting about Integrity aspects in Cloud Services Agreements.

The TRAVIS Recipe provides detailed instructions and scripts to support its correct deployment and configuration in a virtual environment. Additionally, the Recipe includes a testing infrastructure that leverages Vagrant, to automatically deploy and configure test VMs equipped with TRAVIS agents. This testing infrastructure permits configuration of several parameters, allowing for a complete performance evaluation.

Recipe - Container Isolation

Containers are constantly gaining ground in the virtualization landscape as a lightweight and efficient alternative to hypervisor-based Virtual Machines. Most of them and particularly Docker rely on union-capable file systems, where any action performed to a base image is captured as a new file system layer. This strategy allows developers to easily pack applications into Docker image layers and distribute them via public registries. Nevertheless, this image creation and distribution strategy does not protect sensitive data from malicious privileged users (e.g., registry administrator, cloud provider), because encryption is not natively supported.

This recipe secures Docker image manipulation throughout its life cycle: The creation, storage and usage of a Docker image is backed by a data-at-rest mechanism, which maintains sensitive data encrypted on disk and encrypts/decrypts them on-the-fly in order to preserve their confidentiality at all times, while the distribution and migration of images is enhanced with a mechanism that encrypts only specific layers of the file system that need to remain confidential and ensures that only legitimate key holders can decrypt them and reconstruct the original image.

Through a rich interaction with recipe the audience will experience first-hand how sensitive image data can be safely distributed and remain encrypted at the storage device throughout the container’s lifetime, bearing only a marginal performance overhead.

Recipe - Robust Cloud Platform

Since modern crypto schemes are highly effective, attackers use methods of cyber exploitation to compromise the involved software stack and obtain either cleartext data or sensitive key material directly at the source, essentially bypassing the strong security guarantees provided by using encryption.

This recipe consists of primitives designed to tackle the issue from three angles: vulnerability discovery, attack surface reduction and software hardening.

Complementing each other, they mitigate the risk of compromise significantly, leading to cloud platforms that are robust against cyber exploitation.

Recipe - Secure Storage and Deletion

Data storage has been studied for decades.

Traditional techniques like encryption and backups address availability and confidentiality concerns but lack transparency on resource usage and assurance that data is made inaccessible when its owner so wishes.

Secure Storage and Deletion recipe enables such improved transparency and control for data owners.

Recipe - Verifiable Computations

This recipe provides some means to cloud users to verify the correctness of operations executed (outsourced) at the cloud server's side.

Thanks to this recipe, cloud service providers can provide improved transparency and integrity guarantees and hence increase the trust level of their customers on their services.

framework

recipes-catalogue

Verifiable Document Redacting

D3.3 - Complete Design and Evaluation of Verifiability mechanisms

This deliverable overviews the complete specification and evaluation of nine different TREDISEC primitives that enable a cloud customer to remotely verify the correctness of cloud operations including storage, processing. Thanks to these primitives, cloud users acquire more confidence to outsource their storage and processing operations to the cloud. On the other hand, thanks to their compatibility with cloud functional operations such as file deduplication or data replication, cloud servers can maintain the cost efficiency of current infrastructures and offer these new security guarantees at the same time. The proposed primitives are the following:

• Two verifiable storage primitives, namely ML-PoR and SPORT that enable a cloud server to guarantee the correct storage of customers’ data while being able to perform file deduplication to achieve storage savings. ML-PoR basically is a generic solution that extends traditional PoR (proof of retrievability) schemes to make them compatible with file-level deduplication. It leverages a key server in order for all cloud users generating the same PoR parameters to encode the to-be-outsourced PoR encoded data. This way, cloud servers will still be able to perform deduplication. On the other hand, SPORT is a new PoR that transparently supports multi-tenancy with deduplication by enabling different cloud users to share the same PoR tags in order to verify the integrity of the same file. SPORT introduces a stronger adversary model.
• One primitive, Mirror that provides the cloud customers the guarantee that the cloud correctly keeps multiple replicas of their data in addition to the retrievability guarantee for the original data and its replicas. Unlike previous schemes, Mirror outsources the replica generation function to the cloud server and makes use of cryptographic puzzles to prevent a malicious cloud from meeting the replication guarantee while not actually storing these replicas.
• A proof of ownership primitive that allows a cloud server to verify that a user actually owns a file without the need for transferring it over the network. This immediately enables a secure client-side deduplication and thus achieves bandwidth savings for the storage of redundant data. The proposed primitive, OOPRF, makes use of an oblivious pseudo-random function in order for the user not to reveal any information about the file but still prove its ownership. An open-source implementation of two existing PoW solutions has been provided.
• Three verifiable computation primitives that help customers efficiently verify the correctness of some outsourced operations, namely: polynomial evaluation, matrix multiplication, and biometric matching. While the first two primitives make use of some simple algebraic properties of the original operations, the verifiable biometric matching operation optimizes an existing verifiable computation protocol to be compatible with the inner product operation.
• A verifiable document redacting primitive that empowers cloud users to easily remove some part of their already signed document without having an impact on the validity of the signature. Thanks to this new primitive, users will not disclose private information of the document that does not need to be shared with the destined party.
• A system integrity verification primitive, TRAVIS, which makes use of a Trusted Platform Module technology to achieve remote attestation of virtual cloud systems.

D4.3 - A Proposal for Data Confidentiality and Deduplication

Cloud storage services have become an integral part of our daily lives. With more and more people operating multiple devices, cloud storage promises a convenient means for users to store, access, and seamlessly synchronize their data from multiple devices. With the ever increasing amount of data produced worldwide, the cloud offers a cheaper and more reliable alternative to local storage. Existing cloud service providers such as Amazon S3, Microsoft Azure, or Dropbox guarantee a good trade-off between quality of service and cost effectiveness. Most existing cloud storage providers rely on data deduplication in order to significantly save storage costs by storing duplicate data only once — thus saving storage costs. The cloud has also gained many clients among SMEs and large businesses that are mainly interested in storing large amount of data while minimizing the costs of both storage and infrastructure management/maintenance.

While benefits of cloud storage are clear, there are many issues that have not been fully solved. The first problem is to ensure data confidentiality when it is outsourced on the cloud. Even though cloud services relied on encryption mechanisms to guarantee data confidentiality, the necessary keying material was acquired by means of backdoors, bribe, or coercion lead to data compromise. Existing solutions are not performance efficient and cause overhead, especially to large files. The second problem is about securing data deduplication (over encrypted data). The third problem is about information leakage associated with data deduplication on a storage server. Even if the underlying client-side encryption is secure we can show that the storage provider can still acquire considerable information about the stored files without knowledge of the encryption key.

This deliverable presents our novel solutions to address the above problems. Summaries of contributions are follows. More details can be found in sections included in the deliverable and in our publications.

To provide confidentiality of data stored in the cloud, we study data confidentiality against an adversary which knows the encryption key and has access to a large fraction of the ciphertext blocks. To this end, we propose Bastion, a novel and efficient scheme that guarantees data confidentiality even if the encryption key is leaked and the adversary has access to almost all ciphertext blocks. We analyse the security of Bastion, and we evaluate its performance by means of a prototype implementation. We also discuss practical insights with respect to the integration of Bastion in commercial dispersed storage systems. Our evaluation results suggest that Bastion is well-suited for integration in existing systems since it incurs less than 5% overhead compared to existing semantically secure encryption modes.

Regarding transparent data deduplication in the cloud, we propose two novel solutions: ClearBox and PerfectDedup. ClearBox enables cloud users to verify the effective storage space that their data is occupying in the cloud, and consequently to check whether they qualify for benefits such as price reductions ClearBox is secure against malicious users and a rational storage provider, and ensures that files can only be accessed by their legitimate owners. We evaluate a prototype implementation of ClearBox using both Amazon S3 and Dropbox as back-end cloud storage. Our findings show that our solution works with the APIs provided by existing service providers without any modifications and achieves comparable performance to existing solutions. On the other hand, PerfectDedup enables the cloud to securely detect and deduplicate redundant data blocks while these are encrypted. PerfectDedup implements different encryption techniques based on the popularity of the data. Popular data are assumed to be less sensitive and shared among a large number of users and are therefore protected under convergent encryption only, whereas unpopular data segments which are likely to remain personal and unique are encrypted with semantically-secure symmetric encryption. We have implemented a prototype of this new mechanism and evaluated its performance. We show that compared to existing solutions, PerfectDedup incurs less storage and communication overhead. Additionally, we also devise a new key generation protocol that enables cloud users to encrypt redundant data with the same encryption key. This new message-locked key generation protocol provides better security guarantees compared to existing protocols.

With respect to information leakage in deduplicated storage systems, we address this problem and analyse information leakage associated with data deduplication with respect to a curious storageserver. We show that even if the data is encrypted using a key not known by the storage server, the latter can still acquire considerable information about the stored files and even determine which files are stored. We validate our results both analytically and experimentally using a number of real storage datasets.

D6.1 - TREDISEC framework implementation

The TREDISEC project has two main objectives:

• Design and develop solutions that fulfil both security and functional requirements of cloud-based systems
• Develop a framework that supports users in designing, managing and using such solutions.

The solutions are offered through the framework in the form of security primitive patterns, security primitive implementations and TREDISEC Recipes. Deliverables D2.3 and D2.4 described the architecture design of the TREDISEC framework, and detailed the lifecycle of security primitives, in their three flavours, and how the framework supports that, providing different functionalities and specific features to the four user roles identified, namely: TREDISEC Security Admin, TREDISEC end-user, Security Expert engineer, Security Technology Provider.

Deliverable D6.1 is a software implementation of the TREDISEC framework architecture design, as it is described in its final version in D2.4. The present document is a description of the actual software, which is available, as a stable version at M30, from the following sources:

• GitLab repository of source code: hosted by Atos. The framework software source code can be obtained from URL: https://gitlab.atosresearch.eu/ari/tredisec_wp6/tags/tredisec_framework_.... Access must be requested in advance, by contacting TREDISEC project coordinator: beatriz.gallego-nicasio@atos.net
• TREDISEC Framework instance running at the Test environment: hosted by GRNET. The framework software is deployed, up and running, publicly available at the following URL: https://tredisec.dev.grnet.gr/. Credentials to access and use the framework can be requested by contacting TREDISEC project coordinator: beatriz.gallego-nicasio@atos.net

Following, we describe in detail the TREDISEC Framework software implementation, starting with the roles we support and how they should use the framework, the functionalities offered , making especial emphasis in three processes: packaging (critical for the creation of actionable security primitive patterns, security primitive implementations and TREDISEC Recipes), primitives testing and deployment.

The testing of security primitive implementations and TREDISEC Recipes, which can either focus in functional requirements (e.g. correct functionality of the solution, etc.) or performance (e.g. increase or reduction of time of processing after deploying the solution) is supported by the framework by making available the so-called TREDISEC Testing Environments (TTEs). These TTEs are basically virtual environments (VMs) that users of the framework can use to test the capabilities of the primitives before actually downloading/using them in their own Cloud environments. These TTEs can be also used for deploying TREDISEC recipes and play around with them, e.g. by connecting via ssh.

Additionally we provide technical information of the software implementation building blocks, technologies used, communication channels and interfaces exposed, and procedures to build, install and configure your own instance of the TREDISEC Framework.

Finally, we include the conclusions and future work we will perform in the latest stage of the project together with the initial status and expected functionality.

D6.4 - Final Evaluation report

This deliverable evaluates different TREDISEC primitives in the context of six Use Cases and a framework. Each of the Use Cases and the Framework represent a scenario where we describe how different primitives have been evaluated within their test environments and the framework itself, testing new functionalities and security solutions. The overall goal is to check and validate whether requirements that were identified at the beginning of the project are met. So according to D6.3 [1], we describe here how each of the scenarios (6 Use Cases and the framework) have been tested, what methodologies have been used (as of described in D6.2 [2]), how all the works related to the evaluation process were planned and executed (Use Cases processes, test cases, results, etc.), and finally, if the results we obtain are in line with expected results and fulfil all requirements.

Specifically, Use Case 1 evaluates two different primitives (PoW and PerfectDedup) integrated into GRNET's cloud infrastructure, where both address specific threats that exist in the infrastructure without interfering in each other’s functionality and not affecting the storage service in any way. GRNET also tests in Use Case 2 the integration of the Container Isolation primitive, and in all cases success requirements are met and explained, preventing different attacks to secure the resources of the users in the cloud.

Use Case 3 consists of a set of functionalities and security solutions including multitenancy access control, (file based) secure deduplication and secure deletion primitives, and was tested with a cloud storage product too. Together with the primitive owners, Arsys integrated the primitives and tested them against UC3 requirements with dedicated user accounts. Each of the primitives showed the benefits of these solutions and fulfils Use Case requirements. A good opportunity to further develop these primitives was identified to enable them working together, sharing resources and interoperability.

Use Case 4 consists of an authentication protocol where a user authenticates to a service provider by the mean of a biometric comparison delegated by the service provider to a third party. Two primitives were integrated: a verifiable matching of biometric templates and a TPM-based remote attestation. Benchmarks were performed to validate some of the criteria, and functional and security requirements of the Use Case were evaluated. As a conclusion, all the evaluation criteria and all the mandatory requirements were validated. A second Use Case from IDEMIA, Use Case 5, consisting of a biometric database that, for privacy and legal reasons, should be encrypted, so the problematic raised by this Use Case is to be able to apply updates over encrypted data. Due to the primitive's lack of efficiency, another Use Case was fully implemented, namely the classification task of digit images, and it is discussed how the various experiments done with this replacement Use Case can be extrapolated to assess the maturity of the original Use Case and its potential usability in the future.

Use Case 6 concerns the migration of legacy data of an enterprise resource planning (ERP) application into an encryption-enabled database hosted at a cloud service provider. A "TPC-H ERP application" demonstrating a typical ERP scenario was developed for the activities of a wholesale supplier, who manages, sells and distributes products worldwide. To achieve the Use Case goal, the Secure Data Migration Service primitive is used for a convenient and performant migration. Using interviews with experts and quantitative reports, all evaluation criteria were assessed and, besides all mandatory requirements, two optional requirements were fulfilled.

Finally, the framework is the main frontend that TREDISEC stakeholders will use to interact with security primitives and recipes and thus, the validation focused on assessing how stable and easy-to-use the platform is. GRNET and ATOS built five complementary teams that were instructed in the use of the framework features and in its technical implementation details in order to properly answer questionnaires and interviews. The feedback received was analysed by ATOS and GRNET to conclude that all evaluated criteria is assessed above average (over 3, in a 1 to 5 scale). Six evaluation criteria (related to business requirements) have not been validated due to time constraints. We decided to discard these 6 criteria in favour of assessing requirements aiming at achieving a higher quality, adaptable, scalable, interoperable and usable framework.

D7.6 - Final Dissemination and Communication activities reporting

This deliverable D7.6 Final Dissemination and Communication Activities Reporting aims to provide an overview of the communication and dissemination activities carried out by TREDISEC during the third project year, starting on April 1st 2017 to March 31st 2018 (from M25 to M36).

Besides, due to the fact that it is the final communication and dissemination report of the project, it includes a balance about the work performed along its three years duration, and a list of KPIs to assess if this work is aligned with the initial objectives outlined in D7.3Communication Plan.

Both reports of activities are separated distinguishing between communication and dissemination due to the different nature of their objectives. Meanwhile communication is more focused to promote the project itself, dissemination is addressed to make known the project results within the scientific community.

The activities reported in communication have been classified in the following groups:

• Graphic identity and Branding: use of graphic elements which comprises the visual identity of the project.
• Web Platform: project website and social networks metrics (LinkedIn and Twitter)
• Press and campaigns: press releases launched by the projects, articles for specialized publications and mentions in other media.
• Events: conferences, workshops, or meetings where the project has been promoted.
• Collaborations with other R&D projects/ Platforms, Forums: specific collaborations to share knowledge and look for synergies with other projects and platforms.

The activities reported in dissemination are mainly:

• Publications in refereed conferences, workshops and journals.
• Keynotes speeches & Workshops organization
• Whitepapers

The most remarkable KPIs after three years are the following ones:

New publication: “Towards Shared Ownership in the Cloud”