Connected “things” – everything from hospital beds, train tracks, cars, buildings and
more – are generating massive amounts of data that can be analyzed to provide
quick, actionable insights. But before this can happen, the data needs to be
collected in the cloud where advanced algorithms can detect patterns to predict,
for example, when the hospital bed will be available or when the train tracks
will require repairs.
security of this data is of the utmost importance, which is why many
organizations are so focused on building trust and security into the cloud.
June, the European Union’s Horizon2020 program
granted €6.4M euros to a consortium called TREDISEC
to improve cryptographic protocols and system security mechanisms for the
research lab in Zurich is one of the TREDISEC partners. I recently sat down with
several of the scientists on the project, including Alessandro
De Caro, Anil Kurmus
Neugschwandtner, to discuss the upcoming challenges of this ambitious
open source project and it’s impact on security and efficiency in tomorrow’s
Please give us an overview of the project.
Sorniotti (AS): The scope of the
project is security in cloud, with a focus on outsourcing. We are taking a
holistic approach, which we hope will allow us to study the problem in its
entirety and discover security gaps that are currently hidden.
For example, if you take a single problem like “I
don’t trust the cloud provider, therefore I need to encrypt my data” or “I
would like to use the storage system as efficiently as possible, so I will compress
and deduplicate data and I do it with the best and fastest algorithms.” Both of
these singular problems are solvable and have been solved. But if you combine
them together, the problem becomes exponentially more difficult because it
becomes the proverbial blanket that doesn’t cover everything.
When we wrote the proposal, we tried to be bold and
consider all of the aspects: to build a system that needs to be used by
multiple users who do not trust one another; to allow for data outsourcing;
and be encrypted to use the storage system in an efficient way.
How hard is it to prevent users from tapping into someone else’s data?
|Sorniotti keeps clouds secure.|
Kurmus (AK): It depends on the
security model, and it depends on the degree of access you give the
If the interface with the server is rather
restrictive, maintaining control is fairly easy. But if you want to give a wider
degree of access, for example, access to the bare metal server like IBM
Softlayer offers, where you outsource not only storage but also computation,
the problem becomes harder. It’s like giving the keys of your house to a
curious stranger and then trusting them to stay in the kitchen all day.
What is the aim of this project considering it’s a European open-source project?
We want to develop the mechanisms and
the protocols, and then see if they can be applied to proprietary as well as
open-source solutions. We also want to help make any system multi-tenant ready
so it can accept requests from different users without any fear of
AS: Another interesting facet of this project is
that it combines different aspects of security. For example, my colleague Angelo De Caro is
a cryptographer, and Matthias
Neugschwandtner is system security researcher (a white-hat hacker). They have complementary skills;
one looks at the cryptographic aspects of the problems, solutions and the
protocols, while the other one looks at the security of its implementation and
|(click to enlarge)|
At the end of the day the system is as strong as
its weakest link, so the problem must be analysed and understood from both
So what’s the first demonstration where this could work? Do you have a
milestone in mind to test this in a data-center with a client?
Neugschwandtner (MN): We’re
working with a good set of use case partners, including cloud service providers
from both Greece and Spain where we will test some of our work. This should
give us a good platform for testing and improving.
At this point we are making good progress and will
have more to report in the coming months.
project has received funding from the European Commission under the Information
and Communication Technologies (ICT) theme of the Horizon 2020 framework
programme (H2020-ICT-2014-1). The project started in April 2015, coordinated by
Atos with partners NEC Europe (United Kingdom), ETH Zurich (Switzerland), IBM Research (Switzerland),
Eurecom (France), Arsys (Spain), GRNET (Greece), SAP (Germany) and Morpho
More information about the project is available at www.tredisec.eu.
Labels: cloud, EU, H2020, IBM Research - Zurich