European Integrated Research Training Network on Advanced Cryptographic Technologies for the Internet of Things and the Cloud. (ECRYPT-NET)

Summary

The goal of this ETN is to develop advanced cryptographic techniques for the Internet of Things and the Cloud and to create implementations that offer a high level of security and increased usability, for a wide range of physical computation platforms. The ITN will equip a group of 15 early stage researchers with a set of interdisciplinary skills combining mathematics, computer science and electrical engineering that will allow them to create advanced cryptographic solutions that will be available for commercial applications. The 8 beneficiaries (including 2 companies) are leading research teams in the area of applied cryptology with a strong track record of collaboration; it is complemented by 7 partner organisations from industry (including 2 SMEs). The training from the fellows will be guided by a personal development plan. A central component is training by research supported by an intensive program of workshops, summer schools, seminars, research visits, and secondments. The training will be complemented with transferable skills that also support the transfer of research to an industrial context. The management structure of the project is built on a pro-active approach with responsibilization of the fellows. The dissemination and outreach of the project activities target a broad range of stakeholders. The ITN contributes to the ERA by helping to overcome the fragmentation in the area of applied cryptology. The research supports the trust and security component of the Digital Agenda for Europe and responds to the growing attention of EU policy makers for societal needs related to privacy and cybersecurity. The societal relevance and timeliness of this research has been emphasized by the revelations made by Snowden, that provide clear evidence of mass surveillance by nation states and of serious weaknesses of our current infrastructure. An essential component of a
response to these revelations consists of a broad deployment of advanced and innovative cryptographic techniques.

Research Area

We are in the midst of an evolutionary change with respect to computing and information technologies. Whereas in the first decades of the IT revolution data was mostly kept in private storage or at most company-level networks, in recent years there is an increasing trend towards outsourcing storage of data to large corporate servers, the cloud. That is, instead of purchasing actual physical devices (servers, storage, network), clients rent these resources from a service provider. Storing data in the cloud has a number of advantages. The data can be accessed anytime, from everywhere, and from different devices. These devices can be a home PC, a modern smart phone, an external service provider performing computations on the data such as an e-commerce application running in the cloud, or even sensors collecting continuously new data. This new computation paradigm leads to a network of servers in the “back-end” which is invisible to the user. By sharing the resources among their clients, the cloud provider can offer a lower per-unit price and hence offer economic benefits compared to single-client solutions as well as an increased elasticity. These new applications bring important security and privacy challenges. While experts have been warning for these risks from the start, the revelations of Snowden starting mid 2013 have brought these issues to the spotlight: cloud environments and the networks interconnecting clouds form an attractive target for mass surveillance. In addition, data stored in the cloud has been abused, either by cloud service providers or by hackers. Users are at the mercy of their storage providers with respect to the continued availability of their data or with respect to where data is processed. For secure outsourcing of computation, users may not have any guarantees that the computation has been performed correctly or that it has not leaked important private information about the data. Hence, a secure cloud environment should provide strong guarantees of the users’ privacy and the integrity of their data and computation. Despite the far-reaching implications that follow from this new IT landscape, cloud security has been studied mostly from a risk management, system and network security perspective; the deployment of strong cryptographic protection in the cloud has been very limited because of their overhead; moreover, in spite of recent progress there is still no practical solution to performing efficient and verifiable computations on encrypted data. Only very recently the potential for the use of cryptographic techniques in the cloud are crystallizing and a number of exciting research challenges have emerged.

While cloud computing increases the scale of our ICT infrastructure, we are in the midst of the development of the Internet of Things (IoT) (which is related to pervasive computing, ubiquitous computing, disappearing computing). It is expected that by 2020 50 billion devices will be connected to the Internet. We are currently experiencing the mobile revolution, powered by sophisticated smart phones that have an increasing number of sensors and communication modes. In the next 5 to 10 years, there will be many more (exciting) pervasive applications with strong need for security that are based on a growing number of small processor or nodes (e.g. RFID tags, sensor nodes), leading to cyberphysical systems. Examples include medical implants that communicate on a permanent basis and are upgradeable, car-to-car communication, smart grids, smart factories and smart buildings. Many of these applications will need innovative security solutions. For example, medical implants will typically need bidirectional communication for relaying of sensor data and for receiving software updates. Obviously strong access control and privacy mechanisms are required. Environmental restrictions such as low- power, low energy and upgradability also have to be taken into account. It is also obvious that the Internet of Things will interact with the clouds, which will create new security and privacy challenges. While there has been extensive work on security protocols and solutions for RFID tags and IoT, there are still major research challenges: there is a need for cryptographic algorithms that improve the energy or power consumption by an order of magnitude compared to current solutions. Moreover, sound and efficient protocols need to be developed that are both privacy-friendly and that can corroborate the location of the device using distance bounding techniques.

Expertise

In order to develop cryptology for cloud and IoT, we also need to develop secure hardware and software implementations of cryptographic components. Many cryptographic primitives, when actually implemented and deployed, fail to achieve satisfactory levels of usability; for many applications, the overhead induced by cryptography is still too large. In addition, scores of vulnerabilities have been identified in implementations of cryptographic algorithms. Finally, over the last decade the insight has grown that there is a big gap between the mathematical model of a cryptographic algorithm and the physical reality – many physical implementations can be attacked by exploiting physical phenomena such as execution time, power consumption, electromagnetic radiation or the response to the injection of faults. By now it is clear that the impact of physical attacks on implementations is much larger than anticipated. There is a strong need for novel algorithms that are easier to protect against such attacks and for implementations that offer a high level of security and increased usability, and that address deployment issues for a wide range of physical computation platforms.

A crosscutting concern for all these areas is the development of quantum computers, which promise to offer an exponential growth in computational power with the increase in number of parallel processors. Quantum computers are most efficient when dealing with highly structured algebraic problems such as those used in public-key cryptology. All widely used public-key cryptosystems are based on a small set of problems from algebraic number theory, namely factoring and discrete logarithms. Public-key cryptography as implemented today will become completely insecure in the event that large quantum computers become a reality. While experts remain divided on the time scale, the probability that large quantum computers are available in the next 10 to 20 years is certainly non-negligible.3 As an example, documents leaked by Snowden have shown that NSA has a program with a budget of 80 million US$ to build a quantum computer. As most of our cyber infrastructure relies on public-key cryptography, this could lead to a devastating scenario. In order to avert such a future catastrophe, it is extremely important to design cryptosystems based on new paradigms that can resist quantum-computer attacks such as lattice-based algorithms. This requires a long-term research effort that takes into account industrial requirements. Currently this area is under-researched because it falls beyond the 3-5 year window of industrial research while the academic research community is aware of the problem for 20 years; while some ideas have been developed, at this stage no mature solution is known that would be ready for deployment in the next 5-10 years.

Approach

The research work is structured into three WPs, which deal with cryptography for IoT, cryptography for the Cloud, and Physical Security, Usability, and Deployment. WP1 focuses on the cryptography for IoT. Many of the cryptographic mechanisms proposed in the 1990’s were designed for PCs and server platforms. Moreover, many symmetric-key algorithms were designed with large security margins in the hope that this would strengthen the algorithms against attacks that were not known at design time. Moreover asymmetric-key algorithms of the time were complicated to describe mathematically and are expensive in terms of code size, execution time, etc. In the mid 2000’s, the emphasis switched to lightweight designs. Here, the main design criterion is to minimize the consumption of power or energy per encrypted bit. Consequently, new designs come with a lower security margin. At this moment there is a rather scattered design space, with a lack of a systematic design approach that can offer deeper insights into the trade-offs between area, power, energy and security. This would be essential if one wants to be confident in a design that improves the existing security/performance trade-offs with one order of magnitude. The objectives of this WP are: firstly, to study the security of existing lightweight algorithms, and secondly, to design new lightweight algorithms and protocols. Since implementation cost is an essential concern for lightweight designs, there will be a close interaction with WP3. In addition, we will study how new algorithms can be designed that can afford simple and efficient protection methods against side-channel attacks, rather than designing first the algorithms and then the countermeasures. The usage of cloud storage pleads to new challenges in IT security and privacy that have to be solved before the new technique can be widely adopted, e.g. for personal sensitive data. WP2 (New Challenges in Cloud Computing) has as objectives the study of security of algorithms that provide protection of the users' data (confidentiality) in the cloud as well as their identities (unlinkability), by still allowing them to perform useful operations on the data (remote computation). There exist partial and theoretical solutions to these challenges, but these are non-practical in the sense that they are inefficient or provide only limited security. Thus, the research objective is to design more efficient solutions that are directly applicable in real-world cloud settings. Cryptographic primitives that are implemented and deployed and actually used almost always turn out to be breakable by attacks that target the implementations rather than the primitives per se. For example, tens of thousands of Internet public keys that had been generated from bad randomness are broken. AES-CBC in HTTPS is broken using side-channel information leaked by the timing of decryption operations, even when AES is implemented in hardware; an almost correct, but not always correct implementation of ECDH in OpenSSL is broken. Paper after paper at the CHES conference series8, now the largest yearly cryptography conference, has demonstrated ways to break cryptographic systems through side-channel analysis. These side-channel attacks are particularly troublesome for a diverse range of security tokens such as the TFL Oyster card, Barclays PINSentry, and RSA SecurID; security tokens usually carry payloads related to identity or significant monetary value, and are used within uncontrolled physical environments that are easily accessible to attackers. A common theme of the research in WP3 (Physical Security, Usability, and Deployment) is the large, often devastating, gap that separates physical reality from these mathematical models. WP3 will explore cryptographic security, usability, and deployment issues for a wide range of physical computation platforms. These platforms range from busy, centralized, high-end server clusters through much smaller mobile and embedded devices down to the tiniest sensor nodes. WP3 covers not only today's most popular cryptographic primitives and protocols but also post-quantum cryptosystems to protect users in the future. Interactions and collaborations between the research work packages: WP1 and WP2 design new cryptographic primitives respectively for IoT and for the Cloud. WP3 evaluates and selects cryptographic primitives from a real- world perspective, and provides feedback to WP1 and WP2 accordingly. WP3 collaborates with WP1 and WP2 on interactions between design issues and usability issues, especially efficiency. WP1 and WP2 are responsible for building confidence that the mathematical outputs of their cryptographic primitives are incomprehensible to an attacker based on traditional, non-physical, cryptanalysis. WP3 analyzes and defends against the gaps between mathematical outputs and physical outputs. As above, WP3 provides feedback to WP1 and WP2, and collaborates with WP1 and WP2 on interactions between usability and design.