Sealed cloud

from Wikipedia, the free encyclopedia

Sealed Cloud is a patented basic technology with which systems in data centers can be secured in such a way that the data running on them - content such as metadata - are also inaccessible to the operator. This technology was from 2011 by a consortium which among others from the Fraunhofer Institute for Applied and Integrated Security (AISEC), the TÜV Süd consisted companies UNISCON and SecureNet, as part of the Trusted Cloud program of the Federal Ministry of Economy and Energy for use further developed in the industry. Interfaces for cloud applications have existed in various areas since the end of 2014. Further research projects have the task of making the sealed infrastructure usable for further services and applications.

Goal setting

The aim is to create and expand a "sealed" infrastructure for cloud computing , taking into account the principles required by the General Data Protection Regulation (GDPR), privacy by design and privacy by default . “Sealing” means the following: The operator of an infrastructure is fundamentally prevented with technical measures from accessing unencrypted data - content and metadata - even while the user data is being processed.

Demarcation

If personal data is stored or processed in the cloud, a German client on site - i.e. in the data center - must convince himself beforehand and then "regularly traceable" that the requirements of the Federal Data Protection Act are being complied with, because it is risky for users who To outsource data to online services and their data centers. The data is stored there with a third-party provider who can theoretically access it. As of May 2018, national laws must follow the GDPR, which requires European companies to make a number of data protection adaptations to protect personal data. In the case of cloud applications that process data, for example in the context of Software as a Service (SaaS), for the duration of the processing, in particular , those who are secret are aware of the fact that the cloud provider has access to the database on the application servers .

Security- conscious operators of cloud applications use technical and organizational measures to protect themselves against the security risks associated with web applications against attacks from outside and inside. Organizational measures such as the four-eyes principle or role concepts are often used for data that is unencrypted during processing .
Example: De-Mail .

Even with the end-to-end encryption of the content as a technical measure, attempts are being made to make it more difficult to read it according to Section 203 of the Criminal Code.
Example: Threema

There are two ways in which you can prevent content being read.
The situation is different with metadata: Previous unicast systems had to give the operator the recipient addresses so that he can forward the messages correctly. Therefore, the providers of communication services have the connection data. However, this data is considered personal data . They are therefore subject to data protection . According to the current state of research and technology, the protection of this data can be done in three ways:

  • Through carefully implemented organizational measures to protect the metadata.
Example: The IT-Grundschutz Catalogs are based on this method, see also Deutsche Telekom's trust model
Example: The Freenet project. This approach is more suitable for narrowband applications, as it requires a lot of computing power from the network participants and also requires high transmission capacities in the network.
Example: the security software Tor . This approach is also more suitable for narrowband applications because of the high delays.

technology

The concept on which the Sealed Cloud is based is based on three basic requirements:

The signals are exchanged neither according to a multicast scheme nor via a network of mix nodes, but directly with the infrastructure providing the service.
  • Required security
What is meant is that the service must meet legal as well as internal company requirements. With Art. 5 (2) GDPR, the accountability for companies is tightened: Companies must clarify in advance for each processing process whether a detailed risk analysis is required. If the processing could violate fundamental rights (personal data), the companies must also first give an account of whether - from the point of view of proportionality - firstly, the state of the art is used in the processing , secondly, whether it complies with the principles of data protection-compliant technology design (privacy by Design) follows and, thirdly, makes data protection-friendly presettings (privacy by default). In order to take these principles into account, a set of purely technical measures prevents access to content and metadata in Sealed Cloud technology.
The set of technical measures developed to achieve these three objectives is made up as follows:

Measures for the data connection to the data center


So that no special software has to be installed, the connection from the user's device to the Sealed Cloud is made with classic SSL encryption . Only strong ciphers (encryption algorithms, including AES 256) are accepted, i.e. H. those with long keys and without known implementation weaknesses. Since no private keys may be known on the server side, a specially secured import of the private key is used. To protect against man-in-the-middle attacks are a browser extension and, for mobile devices, apps available, if false certificates alert the user. With a one-time password generator or a numeric code via SMS, users can use a second factor to secure authentication .

Measures to protect against access to the data during processing

All components that process unencrypted data are located in the so-called data clean-up area. To this end, mechanical cages are equipped with electro-mechanical locks. All electronic interfaces are also reduced in such a way that only users can access them; direct administrator access is not possible. None of these components have persistent storage . The electronic interfaces as well as the electro-mechanical components of the cages are equipped with a large number of sensors, which immediately alarm if an attempt is made to gain access. In the event of such an alarm, the data clean-up is triggered. That means: The sessions of the users on the affected servers are automatically redirected to unaffected segments and all data in the affected segments are deleted. To secure the deletion, the power supply to the servers is interrupted for 15 seconds. An analogous procedure is used to prepare the technicians for service work.

Storage measures

The principle of sealing also includes a special key distribution . According to the scientific project report, the operator does not have a key for decryption, neither for decrypting the protocols in the database nor the files in the file systems.
The keys for the protocols in the database are generated by hash chains made up of a user name and password. As soon as the hash values ​​are determined, the username and password are discarded again. The hash value is also deleted at the end of a session. A purely volatile meta-mapping server is operated within the data clean-up area so that no conclusions can be drawn about the usage structures of the application from the foreign keys in the database . In this, the application can map data structures without the operator of the infrastructure or the provider of the application having access to them. If someone tries to gain access, the described data clean-up would be triggered automatically. Since this server is operated in a purely volatile manner, firstly, a redundant design in a cluster is necessary for high availability , secondly, in a situation after a failure of the entire infrastructure, it must be possible to gradually rebuild the data structures through active user sessions.

Additional measures to protect the metadata

So that no conclusions can be drawn about the metadata by observing the traffic volume, notifications about this traffic are “randomly delayed” depending on the volume. In addition, the size of the files transferred is artificially expanded to the next larger standard size, so that metadata cannot be derived from either time or size correlations.

auditing

Independent auditors carry out an audit so that the scope of the technical measures required for sealing can be verified in accordance with the specification. An integrity check is installed in every server by means of a complete chain of trust so that software that is not intended cannot be executed. In addition, the implementation is modular so that the complexity of the system can be checked at all.

research

The following further research projects are currently running, funded by the EU , the Federal Ministry of Education and Research (BMFB) and BMWi:

Federal Ministry of Education and Research

  • SENDATE-SECURE-DCI aims to clarify how the use of optical technologies can increase the data throughput tenfold within and between data centers, while at the same time reducing energy consumption.
  • PARADISE - Privacy-enhancing and Reliable Anti-Doping Integrated Service Environment: The project was completed in 2018 and had the aim of making the handling of personal and location-related data of competitive athletes more functional. The results of the project can be viewed online .
  • Verif-eID: The project, which was completed in June 2017, tried to develop a solution that would enable users to reliably and legally secure identification on the Internet.

Federal Ministry for Economic Affairs and Energy

  • CAR-BITS.de: The project is developing a service platform that will enable vehicle data to be used for new services in accordance with data protection regulations. Uniscon presented the research results at the IoT Security Congress at the end of 2018.

European Union

  • Privacy & Us: The network has set itself the task of training thirteen young researchers. You should discuss, design and develop novel solutions to questions related to the protection of the privacy of citizens.

Bavarian State Government

  • e-Freedom: The project aims to show that video surveillance in accordance with fundamental rights with automatic face recognition is technically feasible in public spaces. In addition to the TÜV SÜD subsidiary Uniscon GmbH, associated partners are TÜV SÜD Digital Service GmbH, Axis Communication GmbH and the chair for human-machine communication at the Technical University of Munich .
  • Privacy BlackBox: An IoT system with high end-to-end security for future digital applications. The focus is initially on data recorders in automobiles and industry. Partners are Uniscon GmbH, the University of Passau and the Fraunhofer Institute AISEC .

Scientific publications

In addition to the scientific publications of the consortium members as part of the Trusted Cloud program, the following academic institutions have so far been concerned with sealed cloud technology:

Research was carried out to determine whether the Sealed Cloud meets the data protection requirements for secure and permissible data processing.
  1. Analysis of the particularities in the design of web interfaces (API), in contrast to traditional software APIs.
  2. Investigation of data storage in the cloud taking privacy into account.
  3. Treatise on a search engine with a focus on privacy
As part of a master's thesis on privacy in cloud computing
Analysis of the sealed cloud technology

Application examples

  • The IDGARD online storage and communication service
  • Deutsche Telekom's “Sealed Cloud” cloud product is based on Sealed Cloud technology and offers the same functionality as iDGARD.
  • The Aachen-based telecommunications provider regio iT offers iDGARD under the name uCloud.
  • The Delegate pilot application manages access data to online services, but is still under development.
  • The Sealed Platform is a cloud platform that is designed for the legal and data protection compliant operation of business applications (SaaS, IoT and M2M ). It is based on Sealed Cloud technology and relies on the same server infrastructure and the same protective measures.

Prizes and awards

  • German Data Center Award 2019 With the Sealed Cloud Platform , Uniscon GmbH took 1st place in the “Innovations in Whitespace” category at the German Data Center Award 2019 .
  • Deloitte Technology Fast 50 Uniscon GmbH was honored with the Deloitte Technology Fast 50 Award in both 2017 and 2018 thanks to its Sealed Cloud technology. The prize is awarded annually to the fastest growing technology companies in Germany.
  • Eurocloud Germany For the innovation potential of the sealed cloud service iDGARD, Uniscon GmbH received the EuroCloud Award Germany from the eco association in 2014.
  • Experton 2014 The analysts of the Experton Group named the sealed cloud service iDGARD 2014 the leader in the field of cloud encryption.

Certificates

  • The TÜViT has certified iDGARD with the Trusted Cloud Data Protection Profile (TCDP) in the highest protection class (class III). The catalog of requirements of this certificate is based on recognized standards (ISO 27018 and others).
  • iDGARD has been awarded the Trusted Cloud Label for trustworthy cloud services. The Trusted Cloud project is funded by the BMWi.

See also

literature

  • W. Streitberger, A. Ruppel: Study: Cloud Computing Security. Protection goals. Taxonomy. Market overview. AISEC Fraunhofer 2009.
  • Sabrina Landes: incognito on the net. In: Culture & Technology. The magazine from the Deutsches Museum 1/2013 pp. 36–37.
  • Hubert Jäger: Compliance through a sealed cloud. In: Industriemanagement 29/2013 pp. 27–30.
  • Steffen Kroschwald: Encrypted cloud computing. In: Zeitschrift für Datenschutz (ZD) 2014, pp. 75–80

Web links

Individual evidence

  1. EP 2389641 and others
  2. ^ Claudia Linnhoff-Popien, Michael Zaddach, Andreas Grahl: Marketplaces in Transition: Digital Strategies for Services in the Mobile Internet . Springer-Verlag, 2015, ISBN 978-3-662-43782-7 ( google.de [accessed on January 5, 2018]).
  3. What does Privacy by Design / Privacy by Default really mean? In: Data Protection Officer . October 17, 2017 ( datenschutzbeauftragter-info.de [accessed January 8, 2018]).
  4. Steffen Kroschwald, Magda Wicker: Law firms and practices in the cloud - criminal liability according to § 203 StGB. CR 2012, 758-764
  5. End-to-end encryption: what is it? Easily explained. Retrieved January 8, 2018 .
  6. BSI basic protection catalogs: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html
  7. The German Microsoft Cloud: data trust as a means of defense against surveillance? - computerwoche.de. Retrieved January 5, 2018 .
  8. ^ Christiane Schulzki-Haddouti: Citizens' rights in the network . Springer-Verlag, 2013, ISBN 978-3-322-92400-1 ( google.de [accessed on January 5, 2018]).
  9. Steffen Kroschwald: Informational Self-Determination in the Cloud: Data Protection Assessment and Design of Cloud Computing from the Perspective of SMEs . Springer-Verlag, 2015, ISBN 978-3-658-11448-0 ( google.de [accessed on January 5, 2018]).
  10. A cloud in a cage. In: computerwoche.de , March 6, 2013, accessed on April 3, 2014
  11. ^ Hubert Jäger et al .: A Novel Set of Measures against Insider Attacks - Sealed Cloud. In: Detlef Hühnlein, Heiko Roÿnagel (Ed.): Proceedings of Open Identity Summit 2013, Lecture Notes in Informatics , Volume 223.
  12. SENDATE-SECURE-DCI - KIS website. Retrieved January 5, 2018 .
  13. PARADISE - Fraunhofer FIT. Retrieved January 5, 2018 .
  14. Ralf Ladner: Legally compliant evaluation of car data. Retrieved on August 12, 2019 (German).
  15. PrivacyUs. Retrieved January 5, 2018 (American English).
  16. https://www.uni-kassel.de/fb07/institute/iwr/personen-fachgebiete/rossnagel-prof-dr/forschung/provet/sealed-cloud.html
  17. Steffen Kroschwald: Informational self-determination in the cloud. Springer Vieweg, 2016, ISBN 978-3-658-11447-3 . ( limited preview in Google Book search)
  18. Vesko Georgiev: Service APIs in Heterogeneous Desktop and Mobile Client Environments. Technical University of Munich 2014.
  19. Sibi Anthony: Privacy-compliant encrypted data storage in the cloud. Technical University of Munich 2013.
  20. Irfan Basha: Privacy Crawler. Technical University of Munich 2012.
  21. http://media.itm.uni-luebeck.de/teaching/ws2013/sem-cloud-computing/Cloud_computing_privacy_aspects.pdf
  22. Archived copy ( memento of the original dated February 23, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / winfwiki.wi-fom.de
  23. Trustworthy backend. Retrieved August 12, 2019 .
  24. ^ Deutsche Telekom AG: Cloud with lock and key. Retrieved August 12, 2019 .
  25. Home. Retrieved August 12, 2019 .
  26. http://www.securenet.de/?id=120
  27. Uniscon: Uniscon presents highly secure sealed cloud platform. Retrieved on August 12, 2019 (German).
  28. Overview of the Technology Fast 50 winners. Retrieved August 12, 2019 .
  29. Trusted Digital Competence Platform. Retrieved August 12, 2019 .
  30. ^ Research. Retrieved August 12, 2019 .
  31. Home - TCDP. Retrieved August 12, 2019 .
  32. Federal Ministry for Economic Affairs and Energy: Trusted Cloud. Retrieved August 12, 2019 .