Cloud computing has changed both business and everyday life, that’s a fact. Its technological capabilities offer numerous opportunities to cut costs, drive business innovation, and enable new consumer services. On the other hand, a successful attack to critical cloud services, which might slow-down or interrupt services as well as leave data in-flight or at-rest completely exposed to non-authorized parties, could derive into contractual obligations or regulatory compliance violation, resulting in reputation, financial loss, and ultimately, even loss of lives in the case of health or defence critical systems. And suffering such an attack is not an unlikely possibility at all. Not anymore.
In recent years, there was an outbreak of data breaches and global surveillance programs, news about security breaches in large enterprises are sadly becoming normal. Some very recent and striking examples are “Year 0” revelations from Wikileaks about CIA and NSA hacking smartphones in March 2017, and the worst outbreak known so far: WannaCry’s global cyberattack happened just a few days ago.
“Year 0” unearthed the details of a massive surveillance program which was neither restricted to one geographical area (the WikiLeaks files have also revealed that the U.S. Consulate in Frankfurt is a major hacker outpost for the most important and sensitive operations), nor mitigated by the various security countermeasures already deployed within the targeted services.
More than 300,000 computers were infected by WannaCry in 150 countries, with special incidence in Russia, Taiwan, Ukraine and India, according to Czech security firm Avast. "Ransomware" has shifted from being a word only known by specialists to start the TV News.
In the TREDISEC project we target these problems, designing and developing technologies that give direct answer to specific and real security challenges. Doing this way, we will certainly create impact in existing businesses and contribute to generating new profitable business opportunities.
Inspired by the recent global surveillance events, we consider an omnipresent attacker, which can compromise the cloud infrastructure and the communication channels between cloud providers and their respective users. TheTREDISEC Security Primitives deals with the security and the privacy issues associated with the storage and processing of data on the cloud, ensuring the confidentiality and integrity of outsourced data in the presence of this powerful attacker who controls the entire network.
In addition, we want to ensure that our proposed security primitives will enable scalable and efficient storage at the cloud, by supporting data compression and data deduplication, and will provide the necessary means for cloud providers to efficiently search and process encrypted data, in settings where such functionality is required.
The complete Catalogue of Security Primitives Implementations developed in TREDISEC is available now in our website.
In June we are starting a series of monthly posts that expand our catalogue of primitives. Each primitive owner will give a glimpse of their primitive standing out its main features. We will kick-off the series with a post about the framework that combines and orchestrate the security primitives.