Title Promoter Affiliations Abstract "European Integrated Research Training Network on Advanced Cryptographic Technologies for the Internet of Things and the Cloud." "Bart Preneel" "Computer Security and Industrial Cryptography (COSIC)" "SummaryThe goal of this ETN is to develop advanced cryptographic techniques for the Internet of Things and the Cloud and to create implementations that offer a high level of security and increased usability, for a wide range of physical computation platforms. The ITN will equip a group of 15 early stage researchers with a set of interdisciplinary skills combining mathematics, computer science and electrical engineering that will allow them to create advanced cryptographic solutions that will be available for commercial applications. The 8 beneficiaries (including 2 companies) are leading research teams in the area of applied cryptology with a strong track record of collaboration; it is complemented by 7 partner organisations from industry (including 2 SMEs). The training from the fellows will be guided by a personal development plan. A central component is training by research supported by an intensive program of workshops, summer schools, seminars, research visits, and secondments. The training will be complemented with transferable skills that also support the transfer of research to an industrial context. The management structure of the project is built on a pro-active approach with responsibilization of the fellows. The dissemination and outreach of the project activities target a broad range of stakeholders. The ITN contributes to the ERA by helping to overcome the fragmentation in the area of applied cryptology. The research supports the trust and security component of the Digital Agenda for Europe and responds to the growing attention of EU policy makers for societal needs related to privacy and cybersecurity. The societal relevance and timeliness of this research has been emphasized by the revelations made by Snowden, that provide clear evidence of mass surveillance by nation states and of serious weaknesses of our current infrastructure. An essential component of aresponse to these revelations consists of a broad deployment of advanced and innovative cryptographic techniques.Research AreaWe are in the midst of an evolutionary change with respect to computing and information technologies. Whereas in the first decades of the IT revolution data was mostly kept in private storage or at most company-level networks, in recent years there is an increasing trend towards outsourcing storage of data to large corporate servers, the cloud. That is, instead of purchasing actual physical devices (servers, storage, network), clients rent these resources from a service provider. Storing data in the cloud has a number of advantages. The data can be accessed anytime, from everywhere, and from different devices. These devices can be a home PC, a modern smart phone, an external service provider performing computations on the data such as an e-commerce application running in the cloud, or even sensors collecting continuously new data. This new computation paradigm leads to a network of servers in the “back-end” which is invisible to the user. By sharing the resources among their clients, the cloud provider can offer a lower per-unit price and hence offer economic benefits compared to single-client solutions as well as an increased elasticity. These new applications bring important security and privacy challenges. While experts have been warning for these risks from the start, the revelations of Snowden starting mid 2013 have brought these issues to the spotlight: cloud environments and the networks interconnecting clouds form an attractive target for mass surveillance. In addition, data stored in the cloud has been abused, either by cloud service providers or by hackers. Users are at the mercy of their storage providers with respect to the continued availability of their data or with respect to where data is processed. For secure outsourcing of computation, users may not have any guarantees that the computation has been performed correctly or that it has not leaked important private information about the data. Hence, a secure cloud environment should provide strong guarantees of the users’ privacy and the integrity of their data and computation. Despite the far-reaching implications that follow from this new IT landscape, cloud security has been studied mostly from a risk management, system and network security perspective; the deployment of strong cryptographic protection in the cloud has been very limited because of their overhead; moreover, in spite of recent progress there is still no practical solution to performing efficient and verifiable computations on encrypted data. Only very recently the potential for the use of cryptographic techniques in the cloud are crystallizing and a number of exciting research challenges have emerged.While cloud computing increases the scale of our ICT infrastructure, we are in the midst of the development of the Internet of Things (IoT) (which is related to pervasive computing, ubiquitous computing, disappearing computing). It is expected that by 2020 50 billion devices will be connected to the Internet. We are currently experiencing the mobile revolution, powered by sophisticated smart phones that have an increasing number of sensors and communication modes. In the next 5 to 10 years, there will be many more (exciting) pervasive applications with strong need for security that are based on a growing number of small processor or nodes (e.g. RFID tags, sensor nodes), leading to cyberphysical systems. Examples include medical implants that communicate on a permanent basis and are upgradeable, car-to-car communication, smart grids, smart factories and smart buildings. Many of these applications will need innovative security solutions. For example, medical implants will typically need bidirectional communication for relaying of sensor data and for receiving software updates. Obviously strong access control and privacy mechanisms are required. Environmental restrictions such as low- power, low energy and upgradability also have to be taken into account. It is also obvious that the Internet of Things will interact with the clouds, which will create new security and privacy challenges. While there has been extensive work on security protocols and solutions for RFID tags and IoT, there are still major research challenges: there is a need for cryptographic algorithms that improve the energy or power consumption by an order of magnitude compared to current solutions. Moreover, sound and efficient protocols need to be developed that are both privacy-friendly and that can corroborate the location of the device using distance bounding techniques.ExpertiseIn order to develop cryptology for cloud and IoT, we also need to develop secure hardware and software implementations of cryptographic components. Many cryptographic primitives, when actually implemented and deployed, fail to achieve satisfactory levels of usability; for many applications, the overhead induced by cryptography is still too large. In addition, scores of vulnerabilities have been identified in implementations of cryptographic algorithms. Finally, over the last decade the insight has grown that there is a big gap between the mathematical model of a cryptographic algorithm and the physical reality – many physical implementations can be attacked by exploiting physical phenomena such as execution time, power consumption, electromagnetic radiation or the response to the injection of faults. By now it is clear that the impact of physical attacks on implementations is much larger than anticipated. There is a strong need for novel algorithms that are easier to protect against such attacks and for implementations that offer a high level of security and increased usability, and that address deployment issues for a wide range of physical computation platforms.A crosscutting concern for all these areas is the development of quantum computers, which promise to offer an exponential growth in computational power with the increase in number of parallel processors. Quantum computers are most efficient when dealing with highly structured algebraic problems such as those used in public-key cryptology. All widely used public-key cryptosystems are based on a small set of problems from algebraic number theory, namely factoring and discrete logarithms. Public-key cryptography as implemented today will become completely insecure in the event that large quantum computers become a reality. While experts remain divided on the time scale, the probability that large quantum computers are available in the next 10 to 20 years is certainly non-negligible.3 As an example, documents leaked by Snowden have shown that NSA has a program with a budget of 80 million US$ to build a quantum computer. As most of our cyber infrastructure relies on public-key cryptography, this could lead to a devastating scenario. In order to avert such a future catastrophe, it is extremely important to design cryptosystems based on new paradigms that can resist quantum-computer attacks such as lattice-based algorithms. This requires a long-term research effort that takes into account industrial requirements. Currently this area is under-researched because it falls beyond the 3-5 year window of industrial research while the academic research community is aware of the problem for 20 years; while some ideas have been developed, at this stage no mature solution is known that would be ready for deployment in the next 5-10 years.ApproachThe research work is structured into three WPs, which deal with cryptography for IoT, cryptography for the Cloud, and Physical Security, Usability, and Deployment. WP1 focuses on the cryptography for IoT. Many of the cryptographic mechanisms proposed in the 1990’s were designed for PCs and server platforms. Moreover, many symmetric-key algorithms were designed with large security margins in the hope that this would strengthen the algorithms against attacks that were not known at design time. Moreover asymmetric-key algorithms of the time were complicated to describe mathematically and are expensive in terms of code size, execution time, etc. In the mid 2000’s, the emphasis switched to lightweight designs. Here, the main design criterion is to minimize the consumption of power or energy per encrypted bit. Consequently, new designs come with a lower security margin. At this moment there is a rather scattered design space, with a lack of a systematic design approach that can offer deeper insights into the trade-offs between area, power, energy and security. This would be essential if one wants to be confident in a design that improves the existing security/performance trade-offs with one order of magnitude. The objectives of this WP are: firstly, to study the security of existing lightweight algorithms, and secondly, to design new lightweight algorithms and protocols. Since implementation cost is an essential concern for lightweight designs, there will be a close interaction with WP3. In addition, we will study how new algorithms can be designed that can afford simple and efficient protection methods against side-channel attacks, rather than designing first the algorithms and then the countermeasures. The usage of cloud storage pleads to new challenges in IT security and privacy that have to be solved before the new technique can be widely adopted, e.g. for personal sensitive data. WP2 (New Challenges in Cloud Computing) has as objectives the study of security of algorithms that provide protection of the users' data (confidentiality) in the cloud as well as their identities (unlinkability), by still allowing them to perform useful operations on the data (remote computation). There exist partial and theoretical solutions to these challenges, but these are non-practical in the sense that they are inefficient or provide only limited security. Thus, the research objective is to design more efficient solutions that are directly applicable in real-world cloud settings. Cryptographic primitives that are implemented and deployed and actually used almost always turn out to be breakable by attacks that target the implementations rather than the primitives per se. For example, tens of thousands of Internet public keys that had been generated from bad randomness are broken. AES-CBC in HTTPS is broken using side-channel information leaked by the timing of decryption operations, even when AES is implemented in hardware; an almost correct, but not always correct implementation of ECDH in OpenSSL is broken. Paper after paper at the CHES conference series8, now the largest yearly cryptography conference, has demonstrated ways to break cryptographic systems through side-channel analysis. These side-channel attacks are particularly troublesome for a diverse range of security tokens such as the TFL Oyster card, Barclays PINSentry, and RSA SecurID; security tokens usually carry payloads related to identity or significant monetary value, and are used within uncontrolled physical environments that are easily accessible to attackers. A common theme of the research in WP3 (Physical Security, Usability, and Deployment) is the large, often devastating, gap that separates physical reality from these mathematical models. WP3 will explore cryptographic security, usability, and deployment issues for a wide range of physical computation platforms. These platforms range from busy, centralized, high-end server clusters through much smaller mobile and embedded devices down to the tiniest sensor nodes. WP3 covers not only today's most popular cryptographic primitives and protocols but also post-quantum cryptosystems to protect users in the future. Interactions and collaborations between the research work packages: WP1 and WP2 design new cryptographic primitives respectively for IoT and for the Cloud. WP3 evaluates and selects cryptographic primitives from a real- world perspective, and provides feedback to WP1 and WP2 accordingly. WP3 collaborates with WP1 and WP2 on interactions between design issues and usability issues, especially efficiency. WP1 and WP2 are responsible for building confidence that the mathematical outputs of their cryptographic primitives are incomprehensible to an attacker based on traditional, non-physical, cryptanalysis. WP3 analyzes and defends against the gaps between mathematical outputs and physical outputs. As above, WP3 provides feedback to WP1 and WP2, and collaborates with WP1 and WP2 on interactions between usability and design." "Scaling Up secure Processing, Anonymization and generation of Health Data for EU cross border collaborative research and Innovation" "Anton Vedder" "Research Unit KU Leuven Centre for IT & IP Law (CiTiP)" "The overall goal of the SECURED project is to scale up multiparty computation, data anonymization and synthetic data generation, by increasing efficiency and improving security, with a focus on private and unbiased artificial intelligence and data analytics, health-related data and data hubs, and cross-border cooperation. The project will address the limitations that are currently preventing the widespread use of secure multiparty computation and effective anonymization, namely: the limited practical capabilities of current cryptographic schemes for secure multi-party computation protocols, and their performance; the lack of well understood and standardized data anonymization methods for health data; the absence of dynamic and on demand services for generating synthetic data; the complex and ad-hoc nature of current federation protocols for machine learning and AI-based data analytics; the lack of support for health technology providers to implement privacy enhancing technologies, in particular SMEs.SECURED will tackle these challenges by focusing on scaling up privacy technologies via algorithmic improvements and implementation efficiency (HW and SW), as well as the generalization of primitives and definitions, with the aim of speeding up and facilitating privacy preserving data-driven tools and services for wellbeing, prevention, diagnosis, treatment and follow-up care. SECURED will also analyse the current ethical and legal challenges to data sharing, and is targeted at overcoming current limited adoption of advanced multi-party computation and data anonymization technologies by providing direct support to health technology SMEs through a funding call. To ensure relevance to real-world settings, SECURED will showcase the technologies developed in four health-related use cases provided by partner hospitals and health stakeholders, namely: real-time tumor classification; telemonitoring for children; synthetic data generation for education; access to genomic data." "Security In trusted SCADA and smart-gids" "Mia Hubert" "Statistics and Data Science" "In traditional industrial control systems and critical infrastructures, security was implicitly assumed by the reliance on proprietary technologies (security by obscurity), physical access protection and disconnection from the Internet. The massive move, in the last decade, towards open standards and IP connectivity, the growing integration of Internet of Things technologies, and the disruptiveness of targeted cyber-attacks, calls for novel, designed-in, cyber security means. Taking an holistic approach, SCISSOR designs a new generation SCADA security monitoring framework, comprising four layers:a monitoring layer supporting traffic probes providing programmable traffic analyses up to layer 7, new ultra low cost/energy pervasive sensing technologies, system and software integrity verification, and smart camera surveillance solutions for automatic detection and object classificationa control and coordination layer adaptively orchestrating remote probes/sensors, providing a uniform representation of monitoring data gathered from heterogeneous sources, and enforcing cryptographic data protection, including certificate-less identity/attribute-based encryption schemesa decision and analysis layer in the form of an innovative SIEM fed by both highly heterogeneous monitoring events as well as the native control processes’ signals, and supporting advanced correlation and detection methodologiesa human-machine layer devised to present in real time the system behavior to the human end user in a simple and usable manner.SCISSOR’s framework will leverage easy-to-deploy cloud-based development and integration, and will be designed with resilience and reliability in mind (no single point of failure). SCISSOR will be assessed via i) an off-field SCADA platform, to highlight its ability to detect and thwart targeted threats, and ii) an on-field, real world deployment within a running operational smart grid, to showcase usability, viability and deployability." "European Coordination and Support Action in Cryptology" "Bart Preneel" "Computer Security and Industrial Cryptography (COSIC)" "This CSA intends to strengthen European excellence in the area of cryptology and to achieve a durable integration and structuring of the European cryptography community, involving academia, industry, government stakeholders and defence agencies. The project will coordinate ongoing research, develop a joint research agenda and foresight study, identify technology gaps and market and innovation opportunities and coordinate and strengthen standardization efforts; it will also address governance of security standards at a European level. The project will tackle through advanced training initiatives the skill shortage of academia and industry. The CSA responds to the growing attention of EU policy makers for societal needs related to privacy and cybersecurity and more in particular the trust and security component of the Digital Agenda for Europe and the European Cyber Security Strategy. The project will help to bridge the gap between academic research on the one hand and standards and industry innovations on the other hand, hereby strengthening the European industrial landscape in a strategic area. The project will result in the availability of more trustworthy security and privacy solutions `made in Europe’, resulting in an increased user trust in ICT and online services and empowerment of users to take control over their data and trust relations. The work will also result in more resilient critical infrastructures and services. The project intends to reach out beyond its constituency to the broader public and to policy makers. The ECYPT-CSA consortium consists of five leading players in cryptographic research, including one SME. In order to ensure the involvement of the broader community, the project will build on a Research Advisory Board consisting of leading European researchers and a Strategic Advisory Board with leading experts from the security industry and relevant government actors." "Privacy-Preserving Computation in the Cloud" "Bart Preneel" "ESAT - COSIC, Computer Security and Industrial Cryptography" "The traditional computing paradigm is experiencing a fundamental shift: organizations no longer completely control their own data, but instead hand it to external untrusted parties - cloud service providers, for processing and storage. There currently exist no satisfactory approach to protect data during computation from cloud providers and from other users of the cloud.PRACTICE has assembled the key experts throughout Europe and will provide privacy and confidentiality for computations in the cloud. PRACTICE will create a secure cloud framework that allows the realization of advanced and practical cryptographic technologies providing sophisticated security and privacy guarantees for all parties in cloud-computing scenarios. With PRACTICE users no longer need to trust their cloud providers for data confidentiality and integrity: Due to its computation on encrypted data, even insiders can no longer disclose secrets or disrupt the service. This opens new markets, increases their market share, and may allow conquering foreign markets where reach has been limited due to confidentiality and privacy concerns. PRACTICE enables European customers to safe cost by globally outsourcing to the cheapest providers while still maintaining guaranteed security and legal compliance.PRACTICE will deliver a Secure Platform for Enterprise Applications and Services (SPEAR) providing application servers and automatic tools enabling privacy-sensitive applications on the cloud. SPEAR protects user data from cloud providers and other users, supporting cloud-aided secure computations by mutually distrusting parties and will support the entire software product lifecycle. One goal of SPEAR is to support users in selecting the right approach and mechanisms to address their specific security needs. Our flexible architecture and tools that allow seamless migration from execution on unchanged clouds today towards new platforms while gradually adding levels of protection.PRACTICE is strongly industry-driven and will demonstrate its results on two end-user defined use cases in statistics and collaborative supply chain management. PRACTICE is based on real-life use cases underpinning the business interest of the partners. Our focus is on near-term and large-scale commercial exploitation of cutting-edge technology where project results are quickly transferred into novel products. PRACTICE is the first project to mitigate insider threats and data leakage for computations in the cloud while maintaining economies of scale. This goes beyond current approaches that can only protect data at rest within storage clouds once insiders may misbehave. Moreover, it will investigate economical and legal frameworks, quantify the economic aspects and return on security investment for SMC deployment as well as evaluate its legal aspects regarding private data processing and outsourcing."