Secured Embedded Element for Cloud
Project Status: Finished
Start Date: April 2012
End Date: December 2014
Budget (total): 11061.45 K€
Effort: 104.82 PY
Project-ID: CPP2011/2-6
Name: Stéphane Betge-Brezetz
Company: Alcatel-Lucent
Country: France
Alcatel-Lucent Bell Labs France, France
Gemalto SA, France
ENSIB, France
INRIA (Institut National de Recherche en Informatique et en Automatique), France
Wallix, France
Cygate, Finland
Mikkelin Puhelin Oyi, Finland
Nokia Oy, Finland
Finceptum Oy (Novell Suomi), Finland
VTT Technical Research Centre of Finland, Finland
Innovalia Association, Spain
Nextel S.A., Spain
Software Quality Systems (SQS), Spain
Fundación Vicomtech, Spain
Ángel Iglesias, S.A. (IKUSI), Spain
BISCAYTIK, Spain
SOLACIA, Korea
Abstract
From Security in the cloud to security of the cloud. The value proposition of secure elements to protect software execution on a personal computer or on a server is not to be demonstrated. Nowadays, the emergence of cloud computing has led to a growing number of use case scenarios where one has to deal, not with a single computer but rather with a group of connected computers. In this case the challenge is not only to secure the software running on one single machine, but rather to manage and guarantee the security of a group of computers seen as a single entity.
The main idea is to evolve from a security in the cloud (with isolated point of enforcement for security, the state of the art) to security of the cloud (with cooperative point of enforcement for security( the innovation proposed by this project) This project value proposition of cooperative points of enforcement of security is proposed under the concept of Network of Secure elements (NoSES). NoSES are made of individual secure elements attached to computers, user or network appliances and possibly pre-provisioned with initial secret keys. They can establish security associations, communicate together to setup a trusted network of computers and propagate security conditions centrally defined to a group of machines. The range of use cases use cases addressed by this concept is very broad; NoSES can be used to lock the execution of software to a group of specific machines, a particular application of this pertaining to tying virtual machines execution to specific servers. NoSEs can also be used to improve the security of distributed computing, not only by making sure that only trusted nodes can take part of the computing game, but also by certifying the integrity of the results returned by each one of them. Secure elements located in user appliances (such as a mobile handset) featuring a user interface can be part of NOSE and help secure server side operations using 2 factor authentication.
The project will study the impact of NoSES upon the different layers of the architecture, from hardware to service in order to define how the trust can be propagated from the lower layers to the upper ones. At the lower level, the form factor and physical interfaces of secure elements to the host will be studied as well as, the management of their life cycle. At an upper level, the definition and implementation of security and access control and privacy policies involving the secure elements will be specified, as well as the middleware solutions to interface to the corresponding functional blocks. Finally, an important part of the project will focus on specific use cases including those mentioned above, and where the use of NoSEs can provide interesting solutions. One particular aspect will address privacy and identity management
