Innovative cloud based services for storing, managing, and sharing digital identity information and other personal data. Security of services relies on combination of strong hardware-based multi-factor authentication with end-to-end encryption.
With increasing mobility and Internet usage, the demand for digital services increases and has reached critical and high
assurance domains like e-Government, e-Health and e-Business. Those domains have high security and privacy
requirements and hence will be harnessed with various novel mechanisms for secure access. Approaches for handling the
resulting variety of authentication and authorisation mechanisms include the use of digital identity and access management
systems (IAM). Like other technologies IAMs follow the trend of using cloud services. This allows abstracting over used
resources and enables ubiquitous access to identity data which is stored and processed in the cloud, but also results in an
additional degree of complexity for securely operating IAMs.
The goal of CREDENTIAL is to develop, test and showcase innovative cloud based services for storing, managing, and
sharing digital identity information and other critical personal data. The security of these services relies on the combination of
strong hardware-based multi-factor authentication with end-to-end encryption representing a significant advantage over
current password-based authentication schemes. The use of sophisticated proxy cryptography schemes will enable a secure
and privacy preserving information sharing network for cloud-based identity information in which even the identity provider
cannot access the data in plain-text and hence protect access to identity data. We focus not only on evaluating and applying
novel crypto-approaches for IAMs but also on implementing them in an easy-to-use way to motivate secure handling of
In order to also address security, privacy and trust issues related to the used cloud platforms and services we will investigate
assurance and resilience approaches for enhancing underlying cloud services. To empirically evaluate our work and to
produce outputs of a high technical readiness we will consider use cases from all three domains mentioned above.