D6.4 - Final Evaluation report

This deliverable evaluates different TREDISEC primitives in the context of six Use Cases and a framework. Each of the Use Cases and the Framework represent a scenario where we describe how different primitives have been evaluated within their test environments and the framework itself, testing new functionalities and security solutions. The overall goal is to check and validate whether requirements that were identified at the beginning of the project are met. So according to D6.3 [1], we describe here how each of the scenarios (6 Use Cases and the framework) have been tested, what methodologies have been used (as of described in D6.2 [2]), how all the works related to the evaluation process were planned and executed (Use Cases processes, test cases, results, etc.), and finally, if the results we obtain are in line with expected results and fulfil all requirements.

Specifically, Use Case 1 evaluates two different primitives (PoW and PerfectDedup) integrated into GRNET's cloud infrastructure, where both address specific threats that exist in the infrastructure without interfering in each other’s functionality and not affecting the storage service in any way. GRNET also tests in Use Case 2 the integration of the Container Isolation primitive, and in all cases success requirements are met and explained, preventing different attacks to secure the resources of the users in the cloud.

Use Case 3 consists of a set of functionalities and security solutions including multitenancy access control, (file based) secure deduplication and secure deletion primitives, and was tested with a cloud storage product too. Together with the primitive owners, Arsys integrated the primitives and tested them against UC3 requirements with dedicated user accounts. Each of the primitives showed the benefits of these solutions and fulfils Use Case requirements. A good opportunity to further develop these primitives was identified to enable them working together, sharing resources and interoperability.

Use Case 4 consists of an authentication protocol where a user authenticates to a service provider by the mean of a biometric comparison delegated by the service provider to a third party. Two primitives were integrated: a verifiable matching of biometric templates and a TPM-based remote attestation. Benchmarks were performed to validate some of the criteria, and functional and security requirements of the Use Case were evaluated. As a conclusion, all the evaluation criteria and all the mandatory requirements were validated. A second Use Case from IDEMIA, Use Case 5, consisting of a biometric database that, for privacy and legal reasons, should be encrypted, so the problematic raised by this Use Case is to be able to apply updates over encrypted data. Due to the primitive's lack of efficiency, another Use Case was fully implemented, namely the classification task of digit images, and it is discussed how the various experiments done with this replacement Use Case can be extrapolated to assess the maturity of the original Use Case and its potential usability in the future.

Use Case 6 concerns the migration of legacy data of an enterprise resource planning (ERP) application into an encryption-enabled database hosted at a cloud service provider. A "TPC-H ERP application" demonstrating a typical ERP scenario was developed for the activities of a wholesale supplier, who manages, sells and distributes products worldwide. To achieve the Use Case goal, the Secure Data Migration Service primitive is used for a convenient and performant migration. Using interviews with experts and quantitative reports, all evaluation criteria were assessed and, besides all mandatory requirements, two optional requirements were fulfilled.

Finally, the framework is the main frontend that TREDISEC stakeholders will use to interact with security primitives and recipes and thus, the validation focused on assessing how stable and easy-to-use the platform is. GRNET and ATOS built five complementary teams that were instructed in the use of the framework features and in its technical implementation details in order to properly answer questionnaires and interviews. The feedback received was analysed by ATOS and GRNET to conclude that all evaluated criteria is assessed above average (over 3, in a 1 to 5 scale). Six evaluation criteria (related to business requirements) have not been validated due to time constraints. We decided to discard these 6 criteria in favour of assessing requirements aiming at achieving a higher quality, adaptable, scalable, interoperable and usable framework.