Opendata, web and dolomites
  1. home
  2. trasparenza
  3. open h2020
  4. tredisec
  5. reports

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - TREDISEC (Trust-aware, REliable and Distributed Information SEcurity in the Cloud.)

Teaser

Cloud computing services are increasingly being adopted by individuals and companies thanks to their various advantages such as high storage and computation capacities, reliability and low maintenance costs. Yet, data security and user privacy remain the major concern for...

Summary

Cloud computing services are increasingly being adopted by individuals and companies thanks to their various advantages such as high storage and computation capacities, reliability and low maintenance costs. Yet, data security and user privacy remain the major concern for cloud customers since by moving their data and their computing tasks into the cloud they inherently lend the control to cloud service providers. Therefore, customers nowadays call for end-to-end security solutions in order to retain full control over their data. Implementing existing end-to-end security solutions unfortunately cancels out the advantages of the cloud technology such as cost effective storage. For example, cloud storage providers constantly look for techniques aimed to maximize space savings. One of the most popular techniques adopted by many major providers to minimize redundant data is data deduplication. Unfortunately, deduplication and encryption are two conflicting technologies.
In TREDISEC, we aim at designing new security primitives that not only ensure data protection and user privacy but also maintain the cost effectiveness of cloud systems. With this goal, we first identified the functional requirements that are crucial to the cloud business and explore non-functional requirements such as storage efficiency and multi-tenancy. We further analysed the conflicts between these requirements and security needs in order to develop new solutions that address these shortcomings and enhance security.
In the TREDISEC project, we develop systems and techniques which make the cloud a secure and efficient heaven to store data. We plan to step away from a myriad of disconnected security protocols or cryptographic algorithms, and to converge on a unified framework that facilitates meeting these objectives to the higher possible extent. By doing so, TREDISEC aims at creating technology that will impact existing businesses and will generate new profitable business opportunities long after the project is concluded.

Work performed

During this period, the activities performed can be structured along the following lines of work:
• Definition and execution of the project management procedures (quality, reporting, risk management, document/output storage and management, deliverable quality review, etc.), implementation of the management structure, guidelines and supporting tools to enable a seamless and fruitful collaboration among the consortium partners as described in the project handbook deliverable document released by June 2015 (M3), entitled “D1.1 Project Quality Assurance Plan”.
• Definition, consolidation and execution of the Innovation strategy agreed for the project, released in M3 as “D1.5 Innovation Strategy and Plan”. During this period, a continuous innovation monitoring has been done by the Innovation Director (from NEC) with the work-package leaders in relation to the identified key innovations of TREDISEC. The result was that, so far, there are no identified threats in the market to the expected TREDISEC innovations. The details of this monitoring activity, together with the alignment of the project architecture designs and developments to the current technological and market trends, will be released in November 2016 (M20) as “D1.6 Innovation management report“.
• Definition of a common project strategy for dissemination and communication of project advances and results, to set the base-line for individual partner’s activities, in order to reach the maximum impact possible. The strategy is accompanied with a plan that establishes a series of activities to promote the project along its entire duration, as well as a complete set of graphical material that supports these activities. The graphical material entails the project branding (i.e. logo, colour code, templates for documents, a poster and a promotional brochure/flyer); the project website (www.tredisec.eu) online since M2, is publicly accessible; social media accounts (i.e. dedicated LinkedIn group and twitter account); infographics ( within this period, one infographic has been made available through the website); and press releases and campaigns, to promote the project (some examples are the networking session at the ICT 2015 event and the SECODIC16 workshop which were co-organised and where there was a scheduled talks about the project research lines). The TREDISEC website is considered as the main point of contact from externals and as the first means for dissemination and communication of project advances and regular achievements (the website constitutes a deliverable and is described in the accompanying document “D7.1 TREDISEC public website”).
The communication and dissemination activities are grouped into phases, each one focusing on the promotion of certain aspects of the project, with customized key messages and targeting different type of audience (i.e. scientific, research, industry, citizens, public administration, policy-makers, etc.), making use of the most appropriate channel in each case. Implementation of the project strategy for dissemination and communication of project innovations and results defined in two deliverable documents “D7.2 Dissemination plan” and “D7.3 Communication strategy and plan” respectively, both released in September 2015 (M6). After the release, we have followed the above commented strategy for dissemination and communication that establish the base-line of the activities, at a consortium and individual partner’s level, for reaching the maximum impact possible. As a result of this activity, the report “D7.4 First Dissemination and Communication activities reporting” released in March 2016 (M12) collects all the activities developed within the 1st year of the project, using the selected means described in D7.2 and D7.3, and evaluates if the progress reached to achieve dissemination and communication goals is satisfactory.
• Consolidation of the technical work-packages devoted to the research, design and

Final results

End-to-end security comes at odds with current functionality offered by the cloud. Existing state of the art solutions completely give up one requirement for the other. End-to-end security aims to endow the users with full control over their outsourced data, but cloud service providers may not be able to efficiently process clients\' data, nor may they be able to take full advantage of cost-effective storage solutions which rely on existing deduplication and compression mechanisms. This explains the reason for which, none of today’s cloud storage services provide security guarantees in their Service Level Agreements (SLAs), in spite of the plethora of cloud security solutions that populate the literature.
Another important point that should not be overlooked when designing security mechanisms for cloud systems is their integration into a single framework. Typically, a security primitive is devised for a single use-case and/or a specific application. Although such a design approach may reduce the complexity of the solution, it may lead to situations where security primitives are incompatible to the point that they cannot be implemented using the same interface or the same framework.
During this period, the TREDISEC consortium partners have been focusing in identifying the requirements and designing novel end-to-end security solutions for scenarios with conflicting functional and security requirements, using as bases the representative scenarios and use-cases defined by the end-user partners. In order to do that, state of the art mechanisms and solutions have been analysed thoroughly in technical work-packages (WP2, WP3, WP4 and WP5). In particular, some partners of the consortium have already achieved the following advances:
• devise new primitives to support data confidentiality and data deduplication, including the analysis of its compatibility with Proof of Ownership (PoW) mechanisms;
• actively analyse the state of the art with respect to searchable encryption, secure biometric computations, and possible parallel computation and migration mechanisms;
• describe mechanisms for an optimized storage of encrypted data based on the analysis of historical or anticipated SQL queries;
• conduct a thorough survey on the state of the art on verifiable storage, verifiable computation and verifiable ownership topics in order to identify the TREDISEC specific requirements;
• proposed a new security model for outsourced proof of retrievability and an initial design of proof of retrievability solution compatible with secure deduplication;
• propose a study on the possibility of applying verifiable computing techniques to biometric comparison; investigate approaches to vulnerability discovery and isolation in file systems that are used to provide storage for cloud services; proposed a novel mechanism which enables the emerging many-core processor architectures to provide secure isolation properties for cloud platforms and especially IaaS deployments.
The design of a framework which efficiently integrates the required security primitives, without incurring extra processing and storage cost at the cloud service providers or end-users, has been completed with the release of the TREDISEC architecture and initial version of the framework design (D2.3). The ultimate goal of the TREDISEC framework is to facilitate the lifecycle, integration and deployment of different security primitives into real cloud systems. Using these architectural models defined in D2.3, an assessment of the different models for integrating, testing and operating the security primitives inside the TREDISEC framework has been conducted in the context of WP6. Once the integration model has been clarified and agreed, the implementation activities of the TREDISEC framework have started which will conclude with the release of the framework by September 2017(M30).

Website & more info

More info: http://www.tredisec.eu.