futureTPM

PROMETHEUS aims to provide post-quantum signature schemes, encryption schemes and privacy-preserving protocols relying on lattice. This requires to explore:
Cryptographic foundations. Provide solid foundations for the design of privacy-preserving cryptographic protocols resisting quantum adversaries. These include:

• clarifying the exact hardness of algorithmic lattice problems in the classical and quantum settings;
• determining the relationships between the diverse lattice problems.

Basic tools related to lattices. Enable the secure and practical applicability of lattice trapdoors, which typically consist of a short basis of some lattice and have been central tools in the design of many lattice- based cryptographic protocols.
Signature and encryption schemes. Design and implement better lattice-based signatures, encryption, commitment schemes and zero-knowledge proof systems that can easily be combined altogether in higher- level protocols, and prove their security even against side-channel attacks.
Privacy-preserving protocols. Provide concrete realisations of advanced privacy-preserving protocols. These include the construction and implementation of:

• anonymous credentials and related mechanisms (group signatures, anonymous attestations, etc.);
• truly anonymous e-cash systems and their generalizations;
• electronic voting and other tools for e-democracy;
• cryptographic tools related to cyber threat intelligence.

[Homepage]

The valuable insights that can be inferred from data analytics generated and collected from a variety of devices and applications are transforming businesses and are therefore one of the key motivations for organisations to adopt such technologies. Nevertheless, the data being analysed and processed are highly sensitive and put the individuals’ privacy at risk. Nowadays, the current European General Data Protection Regulation (GDPR) represents a major challenge for companies (especially small-medium enterprises) as they are required to follow a privacy-by-design) approach into their systems and to adopt Privacy Enhancing Technologies that on the one hand, protect data to ensure their clients’ privacy and on the other allow their processing while keeping them meaningful, useful, and protected at the same time.

The PAPAYA project aims at addressing the privacy concerns when data analytics tasks are performed by untrusted third-party data processors. Since these tasks may be performed obliviously on protected data (i.e. encrypted data), the PAPAYA will design and develop dedicated privacy preserving data analytics modules that will enable data owners to extract valuable information from this protected data, while being cost-effective and accurate.

[Homepage]

The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users. The need for more agility in software development and maintenance has also fostered the transition to micro-services architectures, and the wide adoption of this paradigm has led service developers to protect their applications by including virtualised instances of security appliances in their design. Unfortunately, this often results in security being managed by people without enough skills or specific expertise, it may not be able to cope with threats coming from the virtualization layer itself (e.g., hypervisor bugs), and also exposes security appliances to the same threats as the other application components. It also complicates legal interception and investigation when some applications or services are suspected of illegal activity.

To overcome the above limitations, the ASTRID project aims at shifting the detection and analysis logic outside of the service graph, by leveraging descriptive context models and their usage in ever smarter orchestration logic, hence shifting the responsibility for security, privacy, and trustworthiness from developers or end users to service providers. This approach brings new opportunities for situational awareness in the growing domain of virtualised services: unified access and encryption management, correlation of events and information among different services/applications, support for legal interception and forensics investigation.

ASTRID will develop a common approach easily portable to different virtualisation scenarios. In this respect, the technology developed by the Project will be validated in two relevant domains, i.e., plain cloud applications and Network Function Virtualisation, which typically exploits rather different chaining and orchestration models.

[Homepage]