Secured Embedded Element for Cloud

Project Seed4C
Project Key Information

Project Status: Finished

Start Date: April 2012

End Date: December 2014

Budget (total): 11061.45 K€

Effort: 104.82 PY

Project-ID: CPP2011/2-6

Project Coordinator

Name: Stéphane Betge-Brezetz

Company: Alcatel-Lucent

Country: France

E-mail: Stephane.Betge-Brezetz(Replace this parenthesis with the @ sign)alcatel-lucent.com

Project Consortium

Alcatel-Lucent Bell Labs France, France

Gemalto SA, France

ENSIB, France

INRIA (Institut National de Recherche en Informatique et en Automatique), France

Wallix, France

Cygate, Finland

Mikkelin Puhelin Oyi, Finland

Nokia Oy, Finland

Finceptum Oy (Novell Suomi), Finland

VTT Technical Research Centre of Finland, Finland

Innovalia Association, Spain

Nextel S.A., Spain

Software Quality Systems (SQS), Spain

Fundación Vicomtech, Spain

Ángel Iglesias, S.A. (IKUSI), Spain

BISCAYTIK, Spain

SOLACIA, Korea

Abstract

From Security in the cloud to security of the cloud. The value proposition of secure elements to protect software execution on a personal computer or on a server is not to be demonstrated. Nowadays, the emergence of cloud computing has led to a growing number of use case scenarios where one has to deal, not with a single computer but rather with a group of connected computers. In this case the challenge is not only to secure the software running on one single machine, but rather to manage and guarantee the security of a group of computers seen as a single entity.

The main idea is to evolve from a security in the cloud (with isolated point of enforcement for security, the state of the art) to security of the cloud (with cooperative point of enforcement for security( the innovation proposed by this project) This project value proposition of cooperative points of enforcement of security is proposed under the concept of Network of Secure elements (NoSES). NoSES are made of individual secure elements attached to computers, user or network appliances and possibly pre-provisioned with initial secret keys. They can establish security associations, communicate together to setup a trusted network of computers and propagate security conditions centrally defined to a group of machines. The range of use cases use cases addressed by this concept is very broad; NoSES can be used to lock the execution of software to a group of specific machines, a particular application of this pertaining to tying virtual machines execution to specific servers. NoSEs can also be used to improve the security of distributed computing, not only by making sure that only trusted nodes can take part of the computing game, but also by certifying the integrity of the results returned by each one of them. Secure elements located in user appliances (such as a mobile handset) featuring a user interface can be part of NOSE and help secure server side operations using 2 factor authentication.

The project will study the impact of NoSES upon the different layers of the architecture, from hardware to service in order to define how the trust can be propagated from the lower layers to the upper ones. At the lower level, the form factor and physical interfaces of secure elements to the host will be studied as well as, the management of their life cycle. At an upper level, the definition and implementation of security and access control and privacy policies involving the secure elements will be specified, as well as the middleware solutions to interface to the corresponding functional blocks. Finally, an important part of the project will focus on specific use cases including those mentioned above, and where the use of NoSEs can provide interesting solutions. One particular aspect will address privacy and identity management

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.