You are here : Home > Projet PRISMACLOUD

Europe


PRISMACLOUD

The PRISMACLOUD project is dedicated to enabling secure, trustworthy cloud-based services by improving and adopting novel tools developed from cryptographic research.The project brings novel cryptographic concepts and methods to practical application and makes them usable for providers and users.



Published on 3 May 2021



Privacy and Security Maintaining Services in the Cloud

The PRISMACLOUD project is dedicated to enabling secure, trustworthy cloud-based services by improving and adopting novel tools developed from cryptographic research.The project brings novel cryptographic concepts and methods to practical application and makes them usable for providers and users.



 

Starting date : Feb. 2015 - Aug. 2018
 

Lifetime: 42 months


Program in support : H2020


 

Status project : complete


CEA-Leti's contact :

Alain Chambron

Bernard Strée


 

Project Coordinator: Austrian Institute of Technology (AT)

Partners:  

  • AT: Austrian Institute of Technology, Graz University of Technology, XiTrust Secure Technologies Gmbh
  • CH: Université de Lausanne
  • DE: MikroPlan Gmgh, Technische Universität Darmstadt, Universität Passau
  • FR: CEA-Leti
  • ES: ATOS Spain, ETRA Investigacion y Desarrollo S.A.
  • IL: IBM Israel Science & Technology Ltd
  • IT: Fondazione Centro San Raffaele, Interoute S.p.a., Lombardia Informatica S.p.a.
  • SE: Karlstad University
  • UK: University of Newcastle upon Tyne

Target market: n/a


Investment:  € 8.4 m.

EC Contribution€ 8.0 m.



Website


Stakes

  • CEA-Leti has performed risk analyses on a number of pilot use cases set-up to showcase the benefit of new cryptographic tools developed within the project.

  • CEA-Leti has evaluated the sensitivity of cryptographic primitives developed in the project to physical attack (side-channel and fault injection). This helps in early identification of critical portions of these algorithms that require special care for a secure implementation. Insertion of appropriate countermeasures may now be considered at the earliest moment, when drafting implementation specifications.

  • CEA-Leti has implemented a redactable signature scheme that is robust to attacks implemented over quantum computers. This redactable scheme will serve as a selective disclosure component that could be used in the e-health or smart-cities use cases. The redactable signature schemes use a conventional signature scheme as a core component but are vulnerable to attacks, based on Shor’s algorithm, implemented over a quantum computer.
    The post-quantum resistance requirement has led to selection of a different technology, specifically lattice-based cryptography. The state of the art regarding implementation of lattice-based signature schemes has therefore been reviewed to choose the most efficient algorithm to be integrated in the project redactable scheme. The Bimodal Lattice Signature Scheme (BLISS) was eventually chosen; this is efficient, sufficiently mature and supported by the SAFECrypto project (ICT-644729, http://www.safecrypto.eu/).

  • The hardware implementation of a redactable signature scheme has targeted provision of tamper resistance and high speed. Even a correct hardware implementation of a strong cryptographic algorithm is not necessarily secure since information about the secret key may leak through physical measurements such as power consumption, electromagnetic radiations or operation timing. This vulnerability has led to many so-called side channel attacks.
    However, countermeasures have also been proposed in the literature to defeat these attacks. CEA-Leti’s hardware specifications must take into account the main attacks and incorporate adequate countermeasures so specific countermeasures dedicated to the main modules of BLISS (e.g. NTT, Gaussian sampler) have been identified.

  • Hardware implementation has been evaluated with respect to side channel attacks using electro-magnetic measurement analysis. A path to secret key recovery has been found and the attack has been successfully demonstrated. In view of this vulnerability, an improved implementation version has been tested and has proved resistant to attack. Finally, the hardware has been used to demonstrate a post-quantum redactable signature scheme.

OBJECTIVES

  • Today, cloud computing is already widely used and is starting to enter every sphere of our lives including both private and business areas. PRISMACLOUD project goals have been identified to address challenges and enable implementation of services with intended security characteristics.

  • These goals include in particular:
    • Development of cryptographic tools to protect security of data during its lifecycle in the cloud
    • Development of cryptographic tools and methods to protect user privacy
    • Creation of enabling technologies for cloud infrastructures
    • Development of a methodology for secure service composition
    • Experimental evaluation and validation of project results.

  • CEA-Leti has focused on developing a hardware crypto accelerator for post-quantic signature algorithms and on evaluating and strengthening this design against side channel attacks. It has achieved and demonstrated a proof of concept for a post-quantum redactable signature scheme using this hardware block.


IMPACT

  • PRISMACLOUD has increased European technical knowhow and more specifically:
    • Verifiability of data and infrastructure use: protecting computation results (maintain authenticity, enable verifiability) and enabling methods for infrastructure attestation
    • User privacy enhancing technologies through data minimization anonymization
    • Securing of data at rest through secure distributed information sharing, long-term security and structured data security.