Deliverable D3.4 Test bed

Version 1.02 Daan Velthausz (editor) October 2015

 

ATTPS Achieving The Trust Paradigm Shift

2  

 

 Table  of  content    1.   Introduction  .....................................................................................................................  3  

2.   Generic  Trust  Architecture  Centre  (GTAC)  .......................................................................  6  

   

 

ATTPS Achieving The Trust Paradigm Shift

3  

 

1. Introduction

This  deliverable  provides  the  description  of  the  realisation  of  the  Test  bed  for  ATTPS.  The  Test  bed  has  been  evolved  from  the  Generic  Trust  Architecture  of  Deliverable  D3.1,  and  the  design  of  Deliverable  D3.3.    The  Test  bed  will  consist  of  the  current  and  future  available  hard  and  software  components  contributed   from   TDL   partners   and   integration   based   upon   the   developed   trust  architecture  principles  of  the  TDL  community.  The  Test  bed  should  support  components  of  the  different   generic   trust   architectures   and  allows  other   TDL  members   to   integrate  and  test  their  state  of  the  art  solutions  regarding  trustworthy  ICT.      The   Test   bed   will   be   based   on   technology   components   and   platforms,   provided   and  composed  by:  

• TDL   members   for   enabling   infrastructure,   i.e.   at   communication   level   (Internet;  Telecom)   and   at   trustworthy   platform   level   such   as   the   e-­‐authentication   framework  architecture  

• TDL  members  providing   trustworthy   ICT   solutions   for   integration   and  deployment  on  the  enabling  infrastructure.  

 An  inventory  of  available  components  is  made  as  well  as  the  practical  operational  aspects  and   practicalities   (provisioning,   usage,   support,   maintenance,   liabilities,   compensation,  support  etc.).      The  ATTPS  project   coordinates   the  establishment  as  well   as   the  usability  of   the  Test  bed  and  provides  access  if  needed  by  the  validation  experiments,  use  cases  and  demonstrators:    

• to   providers   of   trustworthy   components   access   to   the   TDL   test-­‐bed   infrastructure  by  organizing   user   groups   and   ethical   hackers   in   order   to   validate   and   test   modules,  systems,  concepts  and  services,  

• to  support  new  development  of  TDL  members  for  innovative  ICT  concepts,  

• to  a  harmonised-­‐European  e-­‐authentication  architecture,    

• to  support  extended  testing  of   the  generic   trust  architectures  of  Work  Package  3,   i.e.  mobile  service  and  platform  integrity,  trusted  stack  and  data  life  cycle  management.  

 

 

ATTPS Achieving The Trust Paradigm Shift

4  

 

For   the   piloting   and   validation   of   innovative   technology   and   test-­‐bed   parts,   close  collaboration  with   the  TDL  community   is   foreseen,   i.e.   to  support   the  execution  of  sprint  cycles.      The  test-­‐bed  architecture,  as  described  in  Deliverable  D3.3,  illustrated  in  Figure  1,  consists  of  the  following  elements:  

1. Components  2. Applications  3. Experiments    4. Management,  monitoring  and  data  collection  5. Service  level  agreement    

 

Figure  1:  Test  bed  architecture  

 At  the  end  of  the  ATTPS  project,  the  Test  bed  will  be  “handed  over”  to  the  TDL  community  with  the  intention  to  further  continue,  use  and  extend  it.  Also,  the  Test  bed  will  be  adopted  

!!!!!!!!!!!!!!

!!

!!

!!

!

!!

!Interface!layer!Test!bed!building!blocks!

Component!X!

Test!bed!Service!Level!Agreement!!!!!!!!!!!!!!

Experiments!!

!

Management,!monitoring!and!data!collecAon!!

!!

!!!!!!!!!!!!!

ApplicaAons!!

!!Service!element!A! Service!Element!B!

Management!

elements!1,!2,!..!

Monitoring/data!

collecAon!elements!

1,2,..!

Service!Element!C!

TestGbed!components!!

!!

TesAng!elements!!

1,2,!…!

Component!E!

!

!

!

!

Component!F! Component!G!

 

ATTPS Achieving The Trust Paradigm Shift

5  

 

by  the  TDL  community   i.e.  to  speed  up  the  sprints  and  validation  experiments.   It   is  up  to  the   TDL   community   to   keep   the   Test   bed   up   and   running,   extend   it   where   needed   and  replace   or   update   building   blocks   if   their   lifetime   has   expired.   It   is   also   up   to   the   TDL  community  to  determine  if  for  the  usage  of  Test  bed  building  blocks  fees  should  be  charged  to  cover  the  cost  of  keeping  and  extending  the  Test  bed.  The  TDL  community  can  decide  to  manage   and   extend   the   Test   bed   as   a   TDL   asset   or   to   integrate   and   connect   it   to   other  (future)  available  Test  beds,  such  as  FI-­‐Lab  Test  bed.          

 

ATTPS Achieving The Trust Paradigm Shift

6  

 

2. Generic Trust Architecture Centre (GTAC)

To   facilitate   the   testbed,  a  Generic  Trust  Architecture  Centre  capability   is   created  on   the  web  that  will  be  linked  on  ATTPS  and  TDL  websites,  where  TDL  members  can  offer,  use  and  validate   trustworthy   elements   (e.g.   technology   components).   TDL   members   have   the  possibility  to  “play  around”  with  technology  that  is  offered  and  can  provide  feedback  to  the  element  provider  (i.e.,   the  publisher).  The  requirements  for  element  publishers  to  deploy  trust  elements  for  download  are  the  provision  of  a  stand-­‐alone  service  element,  first  level  support,   and   optional   online   questionnaires   to   be   filled   in   by   the   users   to   gain   insights.  Each  element  is  evaluated  by  a  TDL  committee  for  final  deployment  approval.    This   download   capability   is   called   the   ATTPS-­‐GTAC   (Generic   Trust   Architecture   Centre).  Such  a  capability  could  also  be  made  accessible  to  the  European  research  and  innovation  community   via   the   NIS   platform,   to   use   the   available   elements   as   well   as   to   add   new  elements.   This   facilitates   the   uptake   of   research   results   by   providing   an   easy  means   for  experimentation   and   validation   beyond   the   project   scope   in   which   they   have   been  developed.    The   ATTPS-­‐GTAC   is   used   to   orchestrate   the   TDL   trust   innovation   funnel   from   three  complementary  perspectives:  technology;  legal  and  business,  with:  

• Technology  parties  being  invited  to  deploy  their  applications  or  concepts  in  a  regulated  and  trusted   environment   to   receive   (B2B)   feedback   on   different   aspects   of   functionality.   The  ATTPS-­‐GTAC   is   an   instrument   to   have   a   concrete   and   practical   implementation   and  validation  of  the  trust  innovation  funnel.  

• Developers  identifying  bottle  necks  (technical,  legal,  business  models)  hampering  adoption.  It   is   better   to   identify   these   in   this   generic   fashion   in   order   to   improve   their   usability   in  trustworthy  ICT  solutions.  

• Developers   receiving   more   insights   to   support   their   investment   decisions   and   receiving  valuable  feedback  on  user  requirements.  

• Validation  of  the  overall  technology,  concepts  and  generic  architecture  to  provide  input  for  standardisation  bodies  on  a  European   level  such  as   ITU-­‐T  SG  17,   ISO/IEC/JTC1/SC27,  ETSI,  ENISA,  3GPP  SA3  etc.  

       

 

ATTPS Achieving The Trust Paradigm Shift

7  

 

How  can  the  ATTPS-­‐GTAC  be  used?  Software  developers,  providers  can  test  and  experiment  modules,  services  and  concepts  on  four  different  dimensions  that  interact  with  each  other.    Technology  in  the  ATTPS-­‐GTAC  is  available  with  software  applications  from  TDL  members.    This   is  a  result  of  WP2  Validation  &  Awareness  of   the  ATTPS  project.  Applications  can  be  accessed  via  download  or  via  accessing  SaaS  or  cloud  services.  In  the  ATTPS-­‐GTAC  one  can  find   an   overview   of   the   applications   that   are   available.   Applications   can   be  middleware  solutions,  such  as  repudiation  application  or  end  user  applications,  such  as  e-­‐Signature  with  guaranteed   legal   rating.   TDL,   non-­‐TDL  members   and   individual   users   can   sign-­‐up   for   the  ATTPS-­‐GTAC   and   accept   the   terms   and   conditions   from   TDL   and   those   of   the   particular  application  provider.   In   the  ATTPS  project,   the  ATTPS-­‐GTAC   is   constructed  as  well   as   the  process  for  provision  of  applications.  The  terms  and  conditions  highlight  the  service  levels  and   even   applications   that   are   in   a   concept   stage   or   commercially   not   available   can   be  found  in  the  ATTPS-­‐GTAC.  Usability  and  user  experience  is  measured  by  online  feedbacks.  An   online   questionnaire   will   be   made   available   to   collect   feedback   for   analysis.   The  application   owners  will   have   access   to   the   feedback   data.   Feedback   can   be   provided   on  technical  compatibility,  usability  and  service  concept.    As  a  result  of  WP1  –  Trust  Innovation  Funnel  &  Impact  Assessment,  a  professional  portfolio  management  environment   is  made  available   in  order  that  projects,  products  and  services  with  their  business  case  can  be  added  to  the  TDL  portfolio.    The  TDL  portfolio  management  provides   a   framework   with   EU   related   projects   from   early   TRL1   to   TRL9   (Technology  Readiness  Levels)  and  includes  global  trend  analysis.  This  makes  it  possible  for  application  developers  to  benchmark  their  individual  projects  with  the  overall  application  portfolio.    The  economic  impact  of  trustworthy  ICT  is  monitored  with  the  portfolio  management.  The  provider   of   an  ATTPS-­‐GTAC   application   is   obliged   to   add   the   business   case   and   business  model   to   the   TDL   portfolio  management.   By   doing   that   and  with   a   sufficient   number   of  applications,  TDL  is  able  to  measure  the  economic  impact  and  execute  scenario  analysis.  It  provides   insights   to   improve   the   business  model   or   business   case   of   new   innovative   ICT  services.    Compliance   to   new   regulations   such   as   eIDAS,   Data   Protection   and   NIS   directives   are  prerequisites   for   many   internet   application   providers.   In   ATTPS,   there   are   no   dedicated  instruments  available  to  measure   law  compliance.  Providers  of  applications   in  the  ATTPS-­‐

 

ATTPS Achieving The Trust Paradigm Shift

8  

 

GTAC,   however,   can   decide   to   ask   for   explicit   feedback   on   legal   aspects   from   the  application  users.    Components  made  available  in  the  GTAC  Title   Purpose   Owner  Access  Control   Enables   to   manage   specific   permissions   and  

policies   to   resources   allowing  different   access  levels  to  users.  

Thales  (France)  miiCard  (UK)  NEC  (GER)  

Claim  based  authentication   Middleware:   Orchestration;   Easy   to   deploy  azure   directory   platform   for   claim   based  authentication  and  federated  log-­‐on.  

Microsoft  (USA)  

Consent   Explicit   permission   by   the   user   to   a   specific  request   formulated   in   a   clear   and   easy   to  understand   language,   e.g.   to   share   personal  attributes.  

Verizon  (NL)  miiCard  (UK)    

Data  Privacy   Terms  and  conditions  should  be  detailed  to  the  end  user  in  simple  terms  that  they  understand  how   their   privacy   is   safeguarded   and   how   /  where  personal  information  is  used  for.  

Cryptas  (AUS)  miiCard  (UK)    

e-­‐Signature   End   user:   guaranteed   legal   rating   of   the  electronic   signature,   compliant   with   the   new  EC  law  and  regulations  

TrustSeed  (FR)  

Identity  Management   Covers   a   number   of   aspects   involving   users'  access  to  networks,  services  and  applications.  

Verizon  (NL)  

Off  boarding   De-­‐provisioning  of  credentials  and  revoking  of  access   privileges   when   the   user   is   no   longer  part  of  the  system,  e.g.  due  to  change  of  roles,  or  subscription  status.  

Verizon  (NL)  miiCard  (UK)    

On  boarding   Obtain   correct   user   credentials   to   enroll   into  the   service   in   an   easy   and   secure   manner,  leveraging   the   availability   of   existing   user’s  information.  

Verizon  (NL)  miiCard  (UK)    

Security  monitoring   Active   observation   of   the   security   state   of   an  ICT  system,  detecting  potential  attacks  or  non-­‐authorized   usage   and   react   appropriately   to  protect  “assets”  at  stake.  

Thales  (FR)  

Strong  Authentication   Mechanism   to   confirm   the   truth   of   an  attribute   of   a   single   piece   of   data   using  multiple   factors   from   different   categories   to  enhance  the  security  and  trust.  

Gemalto  (FR)  Cryptas  (AUS)  NEC  (GER)  miiCard  (UK)  

Trustworthy   Cloud   and   Infra-­‐structure  

Additional   set   of   components   on   top   of   the  basic  infrastructure/cloud,  working  together  to  enable   key   features   including   users   trusting  that   their   virtual   machines   are   deployed   on  computing   nodes   that   satisfy   their   integrity  requirements.  

Philips  (NL)  NEC  (GER)  

Trustworthy  data  processing   Guarantees   that   the   used   hardware   and  software  is  in  fact  processing  the  data  in  a  way  

NEC  (UK)  Gemalto  (FR)  

 

ATTPS Achieving The Trust Paradigm Shift

9  

 

it  was  supposed  to  do.  Trustworthy  data  storage   Guarantees   that   the   original   data   is   not  

altered,   it   relies  on  automatic  data  encryption  with  secure  key  management.  

Gemalto  (FR)  

Trustworthy  factory   Focuses   on   processes   offered   to   stakeholders  (designers,   developers,   customers)   to   ensure  that   the   hardware/software   delivered   only  includes  what  is  requested.  

Thales  (FR)  

   The   picture   below   shows   the   homepage   of   the   GTAC.   The   GTAC   is   available   at  http://www.gtac-­‐attps.eu/   login   information   for   testing   (username   =   ‘attps’ ,   password   =  ‘geheim!’).    

 Accessibility  to  the  GTAC  components  After   selecting   a   category,   different   components   can  be   viewed  within   that   category.   As  currently   the   access   to   the   detailed   description   components   is   restricted   to   members,  users   have   to   log   in   to   be   able   to   see   the   terms   and   conditions   for   usage,   additional  technical  requirements  etc.      Current  TDL  members  can  login  using  their  “TDL  office  365”  credentials,  non-­‐TDL  members  can  apply  and  register  for  membership.  This  request  awaits  approval  by  TDL.      The   GTAC   has   single   sign   on   policy   and   once   logged   in,   users   are   able   to   download  components.  However,  before  downloading  any  component  the  user  needs  to  accept  the  specific   terms   and   conditions   for   using   that   component   listed   in   a   pdf   document.   The  acceptance   is   implemented   using   Trustseed’s   Penseal   authentication   and   signature   APIs.  Via  this  e-­‐signing  process  the  component  provider  gets  proof  of  users  accepting  their  terms  and  conditions.    After  agreeing  with  the  terms  and  conditions  by  e-­‐signing,   the  user  will  be  able   to  either  directly   download   the   component   or   be   referred   to   a   different   URL   where   to   find   the  service/component.      Below,  several  screen  shots  illustrate  the  different  aspects  of  the  GTAC  website.        

 

ATTPS Achieving The Trust Paradigm Shift

10  

   

 

 

ATTPS Achieving The Trust Paradigm Shift

11  

 

   

 

ATTPS Achieving The Trust Paradigm Shift

12  

 

   

 

ATTPS Achieving The Trust Paradigm Shift

13  

 

   

   

 

ATTPS Achieving The Trust Paradigm Shift

14  

 

 

 

ATTPS Achieving The Trust Paradigm Shift

15  

 

 

   

       Sustainability  of  the  Test  bed  and  GTAC  The   ATTPS-­‐Generic   Trust   Architecture   Centre   (GTAC)   will   be   embedded   in   the   Trust   in  Digital  Life  Association  (TDL)  as  the  TDL-­‐GTAC.  TDL  will  be  responsible  for  the  continuation,  maintenance   and   expansion   and   to   reach   a   stable   infrastructure   with   sufficient   and  attractive   content   (i.e.,   technology   components).   TDL   actively   initiates   the   execution   of  validation   sprints.   The  outcome  of   these   sprints   can  be  added   to   the  TDL-­‐GTAC  with   the  approval  of  the  publishers  of  the  software  or  service  components.  Under  the  governance  

SMS#verifica+on#

 

ATTPS Achieving The Trust Paradigm Shift

16  

 

principles  developed  in  ATTPS,  TDL  members  and  in  the  future  non-­‐TDL  members  can  get  access  to  the  TDL-­‐GTAC  and  its  content.    All   TDL   members   have   been   invited   to   provide   components   to   the   GTAC.   Microsoft,  Trustseed   and   MiiCard   have   already   indicated   to   provide   components   to   the   GTAC.   In  addition   all   current   security   related   EU   security   projects,   that   had   indicated   to   be  interested  in  contributing  to  the  GTAC,  have  been  approached  to  provide  their  components  to  the  GTAC.  The  table  below  shows  the  projects  that  have  been  invited.  It  is  expected  that  several  projects  will  provide  components  to  the  GTAC.    Project   Email  

ABC4TRUST   contact@abc4trust.eu  ACDC   peter.meyer@eco.de  ANIKETOS   Richard.Sanders@sintef.no  ASPIRE   coordinator@aspire-­‐fp7.eu  AU2EU   t.ignatenko@tue.nl  Coco  Cloud   claudio.caimi@hp.com  CONSEQUENCE   consequence-­‐info@doc.ic.ac.uk  CYSPA   nina.olesen@eos-­‐eu.com  D-­‐MILS   s.hansen@opengroup.org  EURO-­‐MILS   coordination@euromils.eu  FRACTALS   administrative@fractals-­‐fp7.com  eSENS   KlausVilstrup.Pedersen@difi.no  FutureID   bud.bruegger@iao.fraunhofer.de  GINI-­‐SA   info@iked.org  IPaCSO   info@ipacso.com  MUSES   lballester@s2grupo.es  NEMESYS   e.gelenbe@imperial.ac.uk  NESSoS   fabio.martinelli@iit.cnr.it  PCAS   joao.n.silva@inesc-­‐id.pt  PRACTICE   coordination@practice-­‐project.eu  PRISMACLOUD   thomas.loruenser@ait.ac.at  SECURED   dauin.secured@polito.it  SMASH   info@greenspider.eu  SPECS   massimiliano.rak@unina2.it  TREDISEC   beatriz.gallego-­‐nicasio@atos.net  TREsPASS   contact@trespass-­‐project.eu  VIKING   gunnar.bjoerkman@de.abb.com      

 

ATTPS Achieving The Trust Paradigm Shift

17  

 

The   GTAC   website   allows   any   organisation   to   provide   their   components   to   be   made  available.   For   this   a   specific   web   form   is   available.   However,   providers   of   components  willing   to   offer   their   technology   component   via   the   GTAC   to   be   evaluated   and   used   by  others  have  to  fulfil  the  following  requirements.  The  provided  component  should  be:  

• Tested  on  functionality  • Free  of  any  malicious  software  (virus,  malware,  spyware,  Trojan  Horse)  • Not  contain  any  (hidden)  backdoors  

 Additional  functionality  of  the  GTAC  Besides   the   provisioning   of   more   components   additional   functionality   is   foreseen   to   be  implemented  in  the  GTAC:  

• a  BLOG  to  provide  user  feedback  and  comments  on  the  components  • linkage  to  online  Questionnaires  (e.g.  Open  Data  Kit,  Survey  Gizmo,  Survey  Monkey)  • tools  to  support  experiments.    

The   Technical   University   of   Berlin   (TUB)   is   currently   developing   a   Usability   and   User  Experience  Dashboard  to  support  developers  of  trustworthy  ICT  solutions  in  keeping  track  on   their   usability   and   user   experience   studies.   The   figure   below   shows   a   sneak   preview.  When  ready  the  application  will  be  downloadable  from  the  GTAC  website.