PACE Privacy-aware Cloud Ecosystems

Date: 
01/01/2018 to 31/12/2021

With increasing take up of externally provisioned and managed services (from government, finance, entertainment), often hosted over Cloud computing infrastructure, there is a realisation that on-line electronic services can involve an interlinked range of providers. Gartner forecasts that cloud computing market will grow at a compound annual growth rate of 32% (2016-2019), with the potential for additional providers to emerge in the market place. Ofcom's "Communication Market Report" indicates total UK telecoms business revenue were 37.5bn in 2015, indicating significant contribution of mobile services to the UK economy. With the availability of additional mobile services and infrastructure, there is interest in new business models that can facilitate additional subscribers to make use of these services. However, from a user's perspective, trust in the use of these services remains limited, as highlighted in the Pew Research Centre report ("The Fate of Online Trust in the Next Decade", August 2017), which surveyed 1,233 respondents - 24% of these respondents predicted that trust in on-line services is likely to diminish over time. The report revealed that although billions of people use "cellphones" and the internet now, many still do not use that connectivity for shopping, banking, and other important transactions due to limited trust in on-line providers. Some of the respondents surveyed indicated that the use of new technology (such as Blockchains) and regulatory compliance (and industry changes) will help increase trust in on-line services. 
 As more people move online globally over the next decade, both opportunities and threats grow. It is now likely that due to the wide adoption of Cloud based provisioning, some of these mobile services will exist at the network edge. Consider, for instance, a coffee chain that initially provided Wifi services to customers, now working in collaboration with data centre providers to offer additional services to users (e.g. edge data storage, multimedia caching, etc). Such scenarios have been proposed by a number of organisations involved in Mobile Edge Computing (e.g. the European ETSI and the NIST "Big Data" Working Group). This project addresses security and privacy requirements of such environments, where multiple Cloud computing providers need to work collaboratively to offer services to a user. Users of these services only interact with a Web interface rather than the larger, distributed service ecosystem, and are often unfamiliar with the "ecosystem" of providers that are involved in offering them a particular capability. Their visibility beyond the first service provider is often missing, requiring them to "trust" the provider in handling and managing their data. This is a significant challenge, and according to a recent report from the Pew Research Centre, often deters the use of on-line services (especially for data providers which are new in the market place). 
 They often entrust their data and identity without realising that the service provider may share their data with several back-end services (Cloud hosted analytics, advertisers). While this has been a problem in the past, it will be greatly exacerbated by the expansion of internet connected devices. In order to address this, the General Data Protection Regulation (GDPR) will be implemented to ensure that non-expert users can make informed decisions about their privacy and thereby give 'informed consent' to the use, sharing and re-purposing of their personal data. There are a number of challenges to facilitating this, both for individuals who need to provide consent and for data controllers who need to obtain it. As a means of addressing this, we propose a technological solution in the form of a mobile software "container" that will ensure that all access instances are securely logged. This will improve transparency, enable an audit trail of providers and facilitate greater trust between users and service providers.

Week: 
Tuesday, 11 December, 2018

Project type:

News

SMESEC project Open Call for SMEs and SME associations
SMESEC has released an open call for SMEs and SME associations in order to validate SMESEC framework and at the same time improve their systems’ security.
 
SMESEC is inviting SMEs to participate in the validation of the SMESEC framework. By participating you not only have influence on the evaluation of the SMESEC framework, but also improve your own company security and get up to €20.000 of funds!

Future Events

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

Where: Scottish Event Campus (SEC), Glasgow
When: 24-25 April 2019
 
CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.