IBM Scientists Bring Trust and Reliability to the Cloud with AdvancedCryptography in EU Project

Editor's note: this interview is by Katherina Eleftheriou, IBM Research-Zurich media relations.

Connected “things” – everything from hospital beds, train tracks, cars, buildings and more – are generating massive amounts of data that can be analyzed to provide quick, actionable insights. But before this can happen, the data needs to be collected in the cloud where advanced algorithms can detect patterns to predict, for example, when the hospital bed will be available or when the train tracks will require repairs.

The security of this data is of the utmost importance, which is why many organizations are so focused on building trust and security into the cloud.

Last June, the European Union’s Horizon2020 program granted €6.4M euros to a consortium called TREDISEC to improve cryptographic protocols and system security mechanisms for the cloud. IBM’s research lab in Zurich is one of the TREDISEC partners. I recently sat down with several of the scientists on the project, including Alessandro Sorniotti, Angelo De Caro, Anil Kurmus and Matthias Neugschwandtner, to discuss the upcoming challenges of this ambitious open source project and it’s impact on security and efficiency in tomorrow’s cloud.

Q. Please give us an overview of the project.

Alessandro Sorniotti (AS): The scope of the project is security in cloud, with a focus on outsourcing. We are taking a holistic approach, which we hope will allow us to study the problem in its entirety and discover security gaps that are currently hidden.

For example, if you take a single problem like “I don’t trust the cloud provider, therefore I need to encrypt my data” or “I would like to use the storage system as efficiently as possible, so I will compress and deduplicate data and I do it with the best and fastest algorithms.” Both of these singular problems are solvable and have been solved. But if you combine them together, the problem becomes exponentially more difficult because it becomes the proverbial blanket that doesn’t cover everything.

When we wrote the proposal, we tried to be bold and consider all of the aspects: to build a system that needs to be used by multiple users who do not trust one another; to allow for data outsourcing; and be encrypted to use the storage system in an efficient way.

Sorniotti keeps clouds secure.

Q. How hard is it to prevent users from tapping into someone else’s data?

Anil Kurmus (AK): It depends on the security model, and it depends on the degree of access you give the users. 

If the interface with the server is rather restrictive, maintaining control is fairly easy. But if you want to give a wider degree of access, for example, access to the bare metal server like IBM Softlayer offers, where you outsource not only storage but also computation, the problem becomes harder. It’s like giving the keys of your house to a curious stranger and then trusting them to stay in the kitchen all day.

Q. What is the aim of this project considering it’s a European open-source project?

AK: We want to develop the mechanisms and the protocols, and then see if they can be applied to proprietary as well as open-source solutions. We also want to help make any system multi-tenant ready so it can accept requests from different users without any fear of compromise.

(click to enlarge)

AS: Another interesting facet of this project is that it combines different aspects of security. For example, my colleague Angelo De Caro is a cryptographer, and Matthias Neugschwandtner is system security researcher (a white-hat hacker). They have complementary skills; one looks at the cryptographic aspects of the problems, solutions and the protocols, while the other one looks at the security of its implementation and possible vulnerabilities. 

At the end of the day the system is as strong as its weakest link, so the problem must be analysed and understood from both standpoints.

Q. So what’s the first demonstration where this could work? Do you have a milestone in mind to test this in a data-center with a client?

Matthias Neugschwandtner (MN): We’re working with a good set of use case partners, including cloud service providers from both Greece and Spain where we will test some of our work. This should give us a good platform for testing and improving. 

At this point we are making good progress and will have more to report in the coming months.

Follow updates on the project @TREDISECproject.

The project has received funding from the European Commission under the Information and Communication Technologies (ICT) theme of the Horizon 2020 framework programme (H2020-ICT-2014-1). The project started in April 2015, coordinated by Atos with partners NEC Europe (United Kingdom), ETH Zurich (Switzerland), IBM Research (Switzerland), Eurecom (France), Arsys (Spain), GRNET (Greece), SAP (Germany) and Morpho (France). 

More information about the project is available at www.tredisec.eu.