With increasing mobility and Internet usage, the demand for digital services increases and has reached critical and high assurance domains like e-Government, e-Health and e-Business. Those domains have high security and privacy requirements and hence will be harnessed with various novel mechanisms for secure access. Approaches for handling the resulting variety of authentication and authorisation mechanisms include the use of digital identity and access management systems (IAM). Like other technologies IAMs follow the trend of using cloud services. This allows abstracting over used resources and enables ubiquitous access to identity data which is stored and processed in the cloud, but also results in an additional degree of complexity for securely operating IAMs. The goal of CREDENTIAL is to develop, test and showcase innovative cloud based services for storing, managing, and sharing digital identity information and other critical personal data. The security of these services relies on the combination of strong hardware-based multi-factor authentication with end-to-end encryption representing a significant advantage over current password-based authentication schemes. The use of sophisticated proxy cryptography schemes will enable a secure and privacy preserving information sharing network for cloud-based identity information in which even the identity provider cannot access the data in plain-text and hence protect access to identity data. We focus not only on evaluating and applying novel crypto-approaches for IAMs but also on implementing them in an easy-to-use way to motivate secure handling of identity data. In order to also address security, privacy and trust issues related to the used cloud platforms and services we will investigate assurance and resilience approaches for enhancing underlying cloud services. To empirically evaluate our work and to produce outputs of a high technical readiness we will consider use cases from all three domains mentioned above.

EURO-CAS, European eHealth Interoperability Conformity Assessment Scheme aims at maintaining and developing the adoption and take-up of testing the interoperability of ICT solutions against identified eHealth standards and profiles defined in the eHealth European Interoperability Framework (eEIF). The key deliverable is a sustainable Conformity Assessment Scheme (CAS) for Europe. Based on recommendations of the Antilope project and the state-of-art in interoperability testing in eHealth, EURO-CAS is committed to putting in place an operational CAS based on ISO/IEC 17025 that will meet the interoperability requirements of European eHealth projects as well as national and regional eHealth programs. This will allow testing the interoperability capabilities of products and services for a single digital market in eHealth in Europe in line with the Digital Agenda for Europe and based on international profiles and standards. The project will gather a multi-disciplinary consortium of high-level expertise, including organizations focused on implementing international standards as well as industry stakeholders and healthcare providers that will 1) review the state of the art of existing interoperability CAS, 2) collect the requirements and needs from cross border, national/regional levels, 3) establish the CAS for Europe with implementation guidelines and governance, 4) propose business models for the CAS for Europe, 5) validate results and foresee national/regional adoption, 6) inform and educate eHealth stakeholders and motivate industry and projects to participate in a European accreditation process. The CAS for Europe will provide a comprehensive framework completing the eEIF and aligned with the international CAS. Its flexibility will allow better sustainability and harmonization at European, national and regional levels.

With a current volume of over USD 100 billion and annual growth rates of over 10%, the world-wide market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. PRISMACLOUD addresses these challenges and yields a portfolio of novel security enabled cloud services, guaranteeing the required security for sensitive data in the cloud. Techniques for outsourcing computation with verifiable correctness and authenticity-preservation allow to securely delegate computations to cloud providers. A distributed multi-cloud data storage architecture shares data among several cloud providers and improves security and availability. Dynamically updating shares by means of novel techniques avoids vendor lock-in, preserves data authenticity, facilitates long term privacy and promotes a dynamic cloud provider market. Claims about the secure connection and configuration of the virtualized cloud infrastructures and properties of cloud topologies are verifiable by means of cryptographic techniques. User privacy issues are addressed by data minimization and anonymization technologies due to the application of privacy-preserving cryptographic techniques. As feasibility proof, three use cases from the fields of SmartCity, e-Government, and e-Health, will be implemented and evaluated by the project participants. The PRISMACLOUD work program is complemented with activities addressing secure user interfaces, secure service composition, secure implementation in software and hardware, security certification, and an impact analysis from an end-user view. In order to converge with the European Cloud Computing Strategy, a strategy for the dissemination of results into standards is developed.