IBM scientists bring trust and reliability to the cloud with advanced cryptography in EU project

Share this post:


Interview by Katherina Eleftheriou

“Connected ‘things’ – everything from hospital beds, train tracks, cars, buildings and more – are generating massive amounts of data that can be analyzed to provide quick, actionable insights. But before this can happen the data needs to be collected in the cloud where advanced algorithms can detect patterns to predict, for example, when the hospital bed will be available or when the train tracks will require repairs.

The security of this data is of the utmost importance, which is why many organizations are so focused on building trust and security into the cloud.

Last June, the European Union’s Horizon2020 program granted 6.4M euros to a consortium called TREDISECto improve cryptographic protocols and system security mechanisms for the cloud.

IBM’s Zurich Research lab is one of the TREDISEC partners. I recently sat down with one of the lead scientists on the project, Alessandro Sorniotti to discuss the upcoming challenges of this ambitious open source project and it’s impact on security and efficiency in tomorrow’s cloud.

Q. Please give us an overview of the project.

Alessandro Sorniotti (AS): The scope of the project is security in cloud, with a focus on outsourcing. We are taking a holistic approach, which we hope will allow us to study the problem in its entirety and discover security gaps that are currently hidden.

For example, if you take a single problem like “I don’t trust the cloud provider, therefore I need to encrypt my data” or “I would like to use the storage system as efficiently as possible, so I compress and deduplicate data and I do it with the best and fastest algorithms”. Both of these singular problems are solvable and have been solved. But if you combine them together the problem becomes exponentially more difficult because it becomes the proverbial blanket that doesn’t cover everything. 

When we wrote the proposal we tried to be bold and consider all of the aspects, which is a system that needs to be used by multiple users who do not trust one another, to allow for data outsourcing, encrypted to use the storage system in an efficient way.

Sorniotti focuses on keeping clouds secure

Q. How hard is it to prevent users from tapping into somene else’s data?

AS: It depends on the security model and it depends on the degree of access you give to the users. 

If the interface with the server is rather restrictive maintaining control is fairly easy. But if you want to give a wider degree of access, for example, access to the bare metal server like IBM Softlayer offers, where you outsource not only storage but also computation, the problem becomes harder. It’s like giving the keys of your house to a curious stranger and then trusting them to stay in the kitchen all day.

Q. What is the aim of this project considered it’s a European open-source project?

AS: We want to develop the mechanisms and the protocols and then see if they can be applied to proprietary as well as open-source solutions. We also want to help make any system multi-tenant ready so it can accept requests from different users — without any fear of compromise.

(click to enlarge)

Another interesting facet of this project is that it combines different aspects of security. For example, my colleague Angelo De Caro is a cryptographer and Matthias Neugschwandtner is a “White-Hat-Hacker”. They have complementary skills, one looks at the cryptographic aspects of the problems, solutions and the protocols and the other one looks at the security of its implementation and possible vulnerabilities. 

At the end of the day the system is as strong as its weakest link, so the problem must be analysed  and understood from both standpoints.

Q. So what’s the first demonstration that this could work? Do you have a milestone, where you going to test this in a data-center with a client?

AS: We’re working with a good set of use-case partners including cloud service providers from both Greece and Spain where we will test some of our work. This should give us a good platform for testing and improving.

At this point we are making good progress and will have more to report in the coming months.

Follow updates on the project @TREDISECproject

The project has received funding from the European Commission under the Information and Communication Technologies (ICT) theme of the Horizon 2020 framework programme (H2020-ICT-2014-1). The project started in April 2015, coordinated by Atos with partners NEC Europe (United Kingdom), IBM Research (Switzerland), Eurecom (France), Arsys (Spain), GRNET (Greece), SAP (Germany) and Morpho (France). More information about the project is available at


More stories

The remarkable work of women scientists and researchers at IBM Research

During the month of March, IBM Research put the spotlight on a number of women scientists and engineers, and asked them about their professional and personal motivations, journeys and experiences as women — and particularly, as women in STEM. They represent the breadth of career experiences at IBM Research, across disciplines, geographies, ethnicities, tenures and backgrounds, who share a passion for science and tech, as well as a commitment to help all women rise to meet their aspirations.

Continue reading

Hybrid cloud for accelerating discovery workflows

Hybrid cloud could ultimately enable a new era of discovery, using the best resources available at the right times, no matter the size or complexity of the workload, to maximize performance and speed while maintaining security.

Continue reading

IBM AI helps to break down massive code to ease cloud migration

We use AI to automatically break down the overall application by representing application code as graphs. Our AI relies on Graph Representation Learning – a popular method in deep learning. Graphs are a natural representation for software and applications. We translated the application to a graph where the programs become nodes. Their relationships with other programs become edges and determine the boundary to separate the nodes of common business functionality.

Continue reading