One step closer to a truly secure and trustworthy cloud
SMEs have serious concerns about the security and availability of data stored in the cloud. Following a rash of recent data breaches and surveillance scandals, customers are calling for end-to-end security whereby only end users and authorised parties have access to their data. Thanks to EU funding, the TREDISEC (Trust-aware, REliable and Distributed Information SEcurity in the Cloud) project set out to “design new security primitives that not only ensure data protection and user privacy, but also maintain the cost effectiveness of cloud systems,” says coordinator Beatriz Gallego-Nicasio Crespo. “We stepped away from a myriad of disconnected security protocols or cryptographic algorithms to converge on a unified framework where all objectives are met to the highest possible degree.” The project addressed the confidentiality and integrity of outsourced data in the presence of a powerful attacker who controls the entire network. Better data security and solid privacy guarantees Project partners tackled security and privacy issues by analysing, designing and implementing a set of cloud security primitives that are integrated naturally with existing cloud capabilities and functionalities. Specifically, they designed 27 primitives, and implemented and tested 25 of them. The primitives deal with various combinations of security and cloud functional and non-functional requirements. These include data integrity with verifiability and availability, confidentiality and efficiency, and secure and efficient data processing. The primitives make it possible for cloud providers to efficiently search and process encrypted data. Six primitives are protected by patent applications. The project team designed a unified framework to allow for efficient integration of the security primitives without causing cloud service providers and end users to incur any additional processing and storage costs. “Cloud security solutions currently on the market don’t support TREDISEC’s novel functionalities like deduplication and proofs of retrievability,” stresses Gallego-Nicasio. Data deduplication is a specialised technique used for compressing data. Team members integrated a number of compatible primitives within the framework in the form of recipes. These recipes offer a unified software package and the corresponding installation requirements for integrating the entire recipe or collection of primitives within the cloud environment of customers. The developed technology will offer several benefits. It permits security engineers and security solution developers to design, implement and offer their primitives in a standardised, modular and well-documented package that facilitates use and adoption. The various primitives have been organised in self-sufficient modules that provide a rich set of application programming interfaces together with their detailed documentation. Towards large-scale adoption of the cloud by SMEs “The reliance on modularity is not by chance – we designed the framework to allow prospective users to select only those components that meet their needs,” explains Gallego-Nicasio. “It’s also noteworthy that the framework will be open source and readily available to all organisations willing to integrate it into their business life cycle.” This feature will allow business integrators or cloud providers to find the best solution to meet their security concerns, and offer consumers a security-enhanced cloud offering with direct economic and reputational benefits. Consumers of security-enhanced cloud services and solutions will see their security concerns mitigated. Thanks to the end-to-end approach followed by the primitives, they won’t need to put all their trust in cloud providers. “TREDISEC solutions should boost the resilience of existing cloud infrastructures against attacks and vulnerabilities, protect data end-to-end, and make secure and trustworthy cloud systems a reality,” concludes Gallego-Nicasio. “Ultimately, the project will positively shift the public’s perception of outsourced services, empowering users to take control of their data and restore their trust in ICT and online services.”
Keywords
TREDISEC, cloud, data, security primitives, privacy, cloud providers, data security