Edit ActionCluster: Project GRACE
Jump to navigation
Jump to search
You do not have permission to edit this page, for the following reason:
The action you have requested is limited to users in the group:
Users
.
Image:
Upload file
600px x 200px
Team Members:
Point of Contact:
Imagecaption:
Municipalities:
Status:
Initiative:
Website:
PDF Document:
Upload file
Description:
The present Public Key Infrastructure (PKI) is known to be inadequate for the current scale of the Internet and the situation is exacerbated with the advent of IoT. Project GRACE (Graceful Remediation with Authenticated Certificateless Encryption) implements a security architecture using an advanced form of pairing-based cryptography called Verifiable Identity-based Encryption (VIBE) to provide a simple, scalable and secure key management for the cloud services, the IoT and indeed the Critical Information Infrastructure (CII) which are otherwise vulnerable to the extant and new cyber-physical attacks.
Challenges:
* PKI is costly to operate. Client certificates are rarely used in the applications due to costs. * PKI is difficult to operate. Many implementations are error-prone because of the certificates.
Solutions:
* VIBE as a core key management of the open Internet is nominally 70% less costly, relative to PKI. * VIBE is certificate-less. * Project GRACE integrates the VIBE capabilities directly into the protocol (i.e. TLS) and the systems for greater efficiency.
Requirements:
The Critical Information Infrastructure (CII) requires protection and resiliency against frequent and massive cyber-physical attacks. It is not coincidental that confidentiality, integrity, and availability (cyber space) are closely related to privacy, safety, and reliability (physical space) respectively. * Data at rest. Each node in the network (IoT, VM, etc) is assigned an immutable digital identity in the private key stored in the secure hardware. As there is an efficient key management, all critical data (in the files, directories, databases, etc.) are transparently encrypted. * Data in use. All crypto functions and the private keys are used only within the secure hardware. All main CPUs/memories are attested to be free of malicious processes to run other applications securely. * Data in transit. TLS is GRACE-enabled to provide transport security among devices and virtual machines (VMs).
Kpi:
* Elimination of known vulnerabilities. Vulnerability assessment, penetration testing with cryptanalysis. * Elimination of username/password (except authentication PIN or equivalent) in the secure transactions either in the P2P mode or with a cloud service. * Real-time security audit is possible by system attestation. * The architecture is application-agnostic since the security controls are implemented at the system level and they blend into the existing infrastructure and platforms. This design ensures easy and wide-spread adoption across any domain or industry.
Measurement:
The GRACE system and its operation are certifiable to ISO 27001:2013.
Standards:
Project GRACE adopts the best practices which exceed those in ISO 27002:2013. It implements the platform interfaces (hardware, hypervisor, OS, cloud services, IoT, etc.) and the IETF standard for transport security, i.e. TLS.
Cybersecurity:
Project GRACE contains a complete implementation of the security controls (authentication, authorization, audit - AAA) to achieve the security objectives (Confidentiality, Integrity and Availability - CIA). Privacy is closely related to confidentiality. Both the CIA and AAA triads are rooted in the secrecy of the private keys which bootstrap the protection of the environments against the cyber-physical attacks.
Impacts:
* Provide a simple scheme where it is difficult to commit errors of implementation. * Provide a scalable scheme to address very large networks (centralized, distributed or mesh – billions of entities) at a great reduction in complexity - O(N) over PKI - complexity O(N2). * Provide a secure scheme rooted in hardware with counter-measures against the crippling side-channel attacks.
Demonstration:
Project GRACE provides the end-to-end security architecture. It shall be deployed in a live environment with active user loads to the cloud and within the cloud.
Chapter:
Practical Guide: IoT Cybersecurity & Privacy
Supercluster:
Years Active:
Free text:
Summary:
Save page
Show preview
Show changes
Cancel
Navigation menu
Personal tools
Log in
Request account
Namespaces
Page
Discussion
English
Views
Read
View form
View source
View history
More
Refresh
Search
Navigation
Main page
About
Content
Knowledge Base
Projects
News
Events
Reports
Organizations
Webinars
Municipalities
Best Practices
Contributors
Authors
Mediawiki Help
How to Edit This Site
Add a Project
Add a Organization
Add a Municipality
Add a Webinar
Add a Best Practice
Add a Person
Add a Chapter
Add a Product
Add a Event
Add a News
Add a Document
Tools
What links here
Related changes
Special pages
Page information