SlideShare ist ein Scribd-Unternehmen logo

Trustless Computing Initiative

TRUSTLESS.AI
TRUSTLESS.AI

Trustless Computing Initiative

Internet
1 von 25
Downloaden Sie, um offline zu lesen
TRUSTLESS Trustless socio-technical systems for EU 1st trustworthy computing base, for wide-market civilian and military deployment. Project web page: http://www.openmediacluster.com/user-verifiable-social-telematics-project/ Contacts: Rufo Guerreschi, Exec. Dir. Open Media Cluster rg@openmediacluster.com +393357545620 A computing base and service platform and related open ecosystem and certification body. Initially for basic text/voice mobile/desktop comms of unprecedented trustworthiness, while reliably enabling constitutional lawful access”
2 TRUSTLESS
● Aim: Develop, from existing open components, a complete computing platform, ecosystem & certification body for critical dual-use IT communications, that provides unprecedented and constitutionally-meaningful levels of information assurance, while overall substantially increasing public safety. ● How: (A) Kick-start an extremely open and resilient ecosystem, a certification body, and a complete critical SW/HW stack for an end-2-end computing platform, for basic voice & text communications, that is devoid of the need or assumption of trust in anyone or anything - except in the intrinsic resilience of all socio-technical organizational processes critically involved in the entire lifecycle (from standards setting to fabrication oversight) against decisive attacks of up to tens of M€s, as assessable by an informed and moderately educated citizen. (B) a global event series, Free and Safe in Cyberspace, aimed at new international high-assurance standards and certification bodies for dual-use highest-assurance IT, the Trustless Computing Certification Initiative. ● Key & unique concepts: (1) Complete verifiability, extreme compartmentation and minimization and sufficiently extreme verification relative to complexity of all critical HW&SW; (2) Citizen/peer-witness oversight of all critical service components, including ICs fabrication, and server-room access, including for lawful access requests; (3) Expert and user-accountable certification governance. ● Overcoming Privacy/Safety Dichotomy & Reaching Critical Mass: TRUSTLESS provides unique extreme safeguards for transparently reconciling lawful access and personal confidentiality, which is crucial for legal sustainability of a critical mass of dual-use investments for create a EU-domestic “trustworthy computing base”. 3 TRUSTLESS in 1 slide
About Us: Open Media Cluster ● What: A micro non-profit R&D/innovation center in Rome, Italy, pursuing leading-- edge R&D on dual-use privacy- and security--enhancing ICT technologies for civilian and dual-use markets. ● Single Focus: Together with uniquely-qualified global R&D partners and advisors, attract R&D funding on the TRUSTLESS R&D project, and promote a related certification body through a global event series, Free and Safe in Cyberspace. ● Expertise: Outcome of 15 years of expertise in e-voting, e-participation, free software, and bleeding-edge privacy-enhancing technologies and solutions, through NGO and SME work of exec. dir. and leading staff. World-class advisory boards. ● Mission: Enabling unprecedented and constitutionally-meaningful e-privacy for all, while increasing public safety. ● History: Established in May 2011, to provide the core innovation center and R&D project to provide industrial critical mass of the Open Media Park, a planned 47,000 sq.mts.140M€ ICT/media media/ICT park in Rome, Italy. 4
TRUSTLESS Core Partners (1/2) • Lfoundry. (Italy) Leading EU-located and EU-owned foundry with a 200mm plant, with over 1700 staff, 110nm-capable, and with capacity of 40,000 wafers per month. The only independent and economically-viable EU foundry with in the 60nm and 160nm capabilities, suitable for high-assurance low-performance general-purpose end-user computing. Historical expertise in high-assurance critical hardware components production. EAL5+ certification for smart cards production is in progress. • Kryptus (Brazil) Developed the first secure general-purpose CPU microprocessor in the southern hemisphere, the SCuP, which uniquely provides open and verifiable designs and FLOSS microcode; at the core of TRUSTLESS HW architecture. Designed the 400.000 voting machines of Brazil, fighter-to-fighter communications systems, and the HSM of core Root CA of the main Brazilian PKI. • KernKonzept (Germany). Developers of the World’s most mature Free/Open Source microkernel and runtime environment for high-assurance ICT, the L4Re. Deployed globally by major Telcos and publicly audited for over 8 years. • KU Leuven COSIC. (Belgium) Research group COSIC (Computer Security and Industrial Cryptography) World leading expertise in digital security and strives for innovative security solutions, in a broad range of application domains. It is lead by Prof. Bart Preneel, President of the International Association for Cryptologic Research, arguably EU foremost IT security expert 5
TRUSTLESS Core Partners (2/2) ● GSMK Cryptophone. (Germany) For over a decade the only publicly available cryptophone maker with the full software stack publicly verifiable. Used by diplomats, top executives and investigative journalists, including Laura Poitras and Glenn Greenwald, the filmmaker and journalist primarily delegated by Edward Snowden with the publishing of his revelations. Their CTO is spokesperson of Chaos Computer Club, main EU hacker NGO. ● SCYTL Secure Electronic Voting S.A. (Spain) Global leader in e--voting and high-- assurance remote deliberation technologies. Present in over 20 countries. Has pioneered innovative cryptographic techniques and socio-technical processes. ● Goethe University – DT Chair for Mobile Business and Multilateral Security (Germany). Leads in research on privacy and security in mobile networks, and related social and economical aspects. Lead: ABC4trsut, TresPass, PrivacyOS. Chair is Prof. Rannenberg, member of NIS Platform for individual rights. ● Center for Cyber Intelligence and Information Security (Italy) The leading state cyber-security academic research center in Italy, with ties with state security agencies. ● American Mini Foundry. (USA) US leader in highest_assurance IC foundry oversight). World-class competencies in hardware fabrication assurance processes. Among the team members that will be involved is their President Scadden, and Gerry Etzold, Former Technical Director of NSA Trusted Access Program (2008-2009). ● Other include: ○ ROtechnology. High-availability dual-use IoT systems. ○ Security Brokers. Targeted lawful access and state-grade 0-days. ○ ReaQta. Targeted lawful access and deep endpoint defence. 6
High-assurance IT Security Today ● While unbreakable encryption is everywhere, nearly everything is scalably broken, mostly at birth ○ All or nearly all endpoints, both ordinary commercial systems and high- trustworthiness IT systems, are broken beyond point of encryption, and scalably exploitable by powerful nations and an undefined but relatively large number of other mid- or high-level threat actors. ○ TOR is broken - except for very expert and selective uses - because of attacks through traffic analysis, endpoints and/or other techniques by APTs. ○ If so broken, Why no news of hack of top military and civilian govenmental users?! Often because that’s a state secret or because the whole point of advanced APTs is to stay undetected for years to snoop and alter data. ● State-mandated and state-sanctioned backdoors are nearly everywhere ○ Critical vulnerabilities, that make nearly everything broken, are nearly always either state-mandated or state-sanctioned backdoors, because a few states have either created, acquired or discovered them, while keeping that knowledge hidden, legally or illegally. ○ A few states have all the tools they need to pursue criminals with due legal process, except very few the most skilled and well-financed actors with access to top techs and/ir top OpSec (digital and non-digital) such as top criminals, billionaires, or highest state security officials. A huge asymmetry of power and information superiority, that is self-reinforcing with incalculable consequences. 7
TRUSTLESS Binding Paradigms Certified TRUSTLESS computing services, devices, lifecycles and the certification body would comply with the TRUSTLESS Binding Paradigms (here in full version) 1. assumes that extremely-skilled attackers are willing to devote even tens of millions of Euros to compromise the supply chain or lifecycle, through legal and illegal subversion of all kinds, including economic pressures. 2. provides extremely user-accountable and technically-proficient oversight of all hardware, software and organizational processes critically involved in the entire lifecycle and supply chains; 3. provides extreme levels of auditing intensity relative to system complexity, for all critical components; and includes only publicly verifiable components, and strongly minimizes use of non-Free/Open-source software and firmware. 4. includes only open innovations with clear and low long-term royalties (<15% of end-user cost) from patent and licensing fees, to prevent undue intellectual property right holders’ pressures, lock-ins, patent vetoes and ensure low-cost; 5. includes only highly-redundant hardware and/or software cryptosystems, whose protocols, algorithms and implementations are open, long-standing, extensively- verified and endorsed, and with significant and scalable post-quantum resistance levels. 6. Is continuously certified by an extremely technically-proficient and user- accountable independent standard/certification body. 8
Enabling Arch. & Client form-factor ● The technical architecture, from existing open components, is based on a 300Mhz CPU-based hardware platform which will have power- consumption and form-factor that make it suitable for a new 2.0-2.5mm-- thin handheld end--user device class (or CivicPod) - integrated in or “attached” to any user's ordinary smartphone, and interfaceable a user’s desktop monitor - as well as for server, onion routing mid-points and M2M/IoT devices,- albeit initially with minimal feature and performance. ● In a single highly-portable device, it integrates the features of a display smart-card, a simple handheld device, a smart-card reader, and a barebones desktop PC. Smartphones, now often 4.75-6.5mm thin, are getting too thin to handle, creating a radical portability opportunity. 9
Service Architecture Diagram 10
Service Architecture (1/2) ● CivicPod. A dedicated 2.0-2.5mm-thin touch-screen handheld device, which used attached to the back of any user's mobile phone via a smartphone hard case. Its backface exposes an external smart-card reader, which can be used an alternative hard case that adds a 0.7mm slot for non-RF CivicCards (or smartcards) to use for in EU border points, multiple users, CivicKiosks at public offices; downward-compatibility and interoperability eIDAS and EU/NATO SECRET. ● CivicDongle. Each CivicPod user will optionally receive, at cost, a paired cheap TV-connected Wifi-enabled HDMI-Dongle (or CivicDongle) with capability to act as secure onion routing node in order to create a network of thousands (exit, relay, directory) to ensure metadata privacy, most likely as a “private extension” of the Tor network. 11
Service Architecture (2/2) ● CivicLab & CivicRoom. CivicDevices are all assembled, verified, flashed, and transferred to their users in dedicated custom--built street--facing lab (or CivicLab), that contains a server room (or CivicRoom), where all privacy--sensitive services, if offered, must be hosted, whose access requires 5 randomly-selected peer--witnesses and dedicated servers (or CivicServers). ● CivicFab. Fabrication and design of all critical hardware components will be subject to citizen-witness-based oversight processes (or CivicFab) that will substantially exceed in end--user- trustworthiness those of NSA Trusted Foundry Program, at substantially lower costs. After a short initial exclusivity for a post--R&D TRUSTLESS Consortium, TRUSTLESS services can be extended and commercialized by any willing service provider (or CivicProviders). ● TRUSTLESS Certification Body. Providers are continuously verified by a to--be--established dedicated certification organization, according to TRUSTLESS Paradigms and TRUSTLESS Specifications, updated by the same. 12
Prevention of Malevolent Use ● Mitigations at service level. As per binding agreement among TRUSTLESS R&D participants, all certified TRUSTLESS services must include a voluntary compliance - in addition of what’s required by law - to lawful access requests. These request will be evaluated by a citizen-witness process, that is overseen by an independent certification body, the TRUSTLESS Certification Body, so as to guarantee the rights of users and the legit needs of the public security agency. ● Mitigations at the fabrication level. The public availability of all TRUSTLESS critical SW & HW source designs could enable malevolent users to produce their own CivicPods for malevolent use. Such threat can be reduced extremely by the current inability of malevolent states or groups to fully control a suitable semiconductor foundry. In the rare case in which they may attempt to enter in suitable agreements with suitable foundries, intelligence work can make sure to either prevent it or, better, insert vulnerabilities in their fabrication processes to acquire in the future extremely valuable intelligence. See details at the Malevolent Use section of the 34-pager Draft Proposal 13
The 1st EU Trustworthy Computing Base TRUSTLESS pursues similar scope and ambitions as EDA SoC project, except it: (1) Aims initially at communications; (2) Does not rely on parts, providers or fabrication processes upfront trusted; (3) Aims at much higher ecosystem resiliency and IP openness; (4) Has a solid 12-months 3M€ post-R&D go to market strategy A TRUSTLESS binding MOU (pdf) signed among its core technical participants ensures, sustainably in time, the radical openness of the resulting platform in relation to both the public verifiability of critical components, low and crystal-clear and low overall IP royalties, an open competitive ecosystem. 14
RECENT RELEVANT NEWS ● (June 3rd), European Defence Agency (EDA) Head of Microelectronics, Scheidler has invited us to present the UVST project in a one hour keynote to 22 MoDs at last Spring annual EDA CapTech meeting, as a new project proposal similar in scope to EDA SoC. ● (July 3rd) Met extensively with Italian Dipartimento Informazioni per la Sicurezza DIS Deputy Director Ciocca to discuss the public safety implication of our project and our planned mitigation against malevolent use (Art 1.7.3 of the draft proposal). ● (Sept 16th) Held a 3 hours meeting with Capo Reparto (Head) of VI Reparto Sistemi C4I e Trasformazione of the Italian MoD Adm. Di Biase, and 12 senior officers team, which manages the entire IT procurement and short-term R&D (TRL7-9) of the Italian MoD. ● (Sept 24-25th) Held first event of the global event series Free and Safe in Cyberspace, with world-class speakers including Schenier, Stallman, Preneel the most senior executives of EDPS, ECSEL, DG Connect Trust and Security Unit, EIT Digital Privacy Security and Trust Action Line, and the most recognised US and EU IT security experts; as well as EDA Head of Information Superiority, Michael Sieber. Entirely conceived and coordinated by OMC. The event focused on deepening the quality and widening the consensus on the socio-technical paradigms underlying TRUSTLESS. The 1st Free and Safe in Cyberspace – LatAm Edition, was be held next Oct 16th 2015 in Iguazu, Brazil. Next event are being planned for Rome and New York. 15 Recent Advancements 1
Recent Advancements 2 ● (Sept 30th) Submitted a 4M€ TRUSTLESS proposal to the H2020 FET Open RIA program, together with our core partner, with rare or unique competencies in highest-assurance IT, covering the entire lifecycle. ● (Oct 1st) Met for 4 hours the head of the 2° Office of the Technological Innovation Department of the Secretariat General of the Italian MoD C.V. Cappelletti, and 2 of his team (C.V. Galasso and Ten.Col. Roggi), which handles R&D projects from TRL2-6, including EDA. ● (Oct 14th) Held a LAtAm Version of Free and Safe in Cyberspace, Iguazu, Brazil. ● (Dec 3rd) Presented our 9-19M€ TRUSTLESS Extended & Dual-use R&D proposal, at the European Defence Agency headquarters druing the Annual EDA Cyber Industry days 2015 (agenda pdf). Our project was given the honour of a 30 minute keynote (slides pdf) - as the only R&D project proposal, side by side with the offerings of largest EU dual-use cyber technology heavyweights , including Indra, Finmeccanica, Thales, Atos and Secunet. 16
Funding Roadmap 1 ● (by Jan 2016) Submit a 7-9M€ proposal to the Italian "Piano Nazionale della Ricerca Militare" (PNRM): ○ TRL: 2-6; Funding Rate: variable (50-75% on average); ○ Draft: The proposal webpage TRUSTLESS Extended & Dual-Use described proposals to both PNRM and ECSEL, which described our ECSEL 2016, as described at this gdoc anchor of our 34-pager live Proposal Draft. ○ Slides: Slides were presented at the European Defence Agency. ○ (Only for ECSEL and/or EDA Cat-B) formalize LoI with Italian MISE and/or MoD, or other EU MoD (Germany and Spain). ● (Apr 12th 2016) DS-01-2016: Assurance and Certification for Trustworthy and Secure ICT systems, services and components. Details & Match: See p.58 of Secure Societies (PDF) ○ !!!!!! Type: RIA; TRL: 3-5; Max request: 3-4+M€; Budget: 13.5M€. ○ !!! Type: IA; TRL: 6-7; Max request: 3-4+M€; Budget: 9M€. ○ !!!!!! Type: Coordination; TRL: n/a; Max req.: 1M€; Budget: 1M€ ● (Apr 12th 2016) ICT-12-2016: Net Innovation Initiative. Details & Match: See p.33 of LEIT ICT (PDF) ○ !!!! Type: RIA; TRL: n/a; Max request: €M2-5+; Total Budget: 5M€ ○ Seeking: TBD 17
Funding Roadmap 2 ● (Apr 12th 2016) ICT-35-2016: Enabling responsible ICT-related research and innovation. Details & Match: See p.89 of LEIT ICT (PDF) ○ !! Type: RIA Smaller Short-Term; TRL: n/a; Max request:0.3-0.5+M€; Total Budget: 7M ● (Apr 12th 2016) ICT-03-2016: SSI - Smart System Integration ○ Details & Match: p.11 of LEIT ICT (PDF) ○ ?? Type: RIA; TRL: 2-4; Max request: €M2-4+; Total Budget: 17M€; ● (Apr 12th 2016) ICT-06-2016: Cloud Computing ○ Details & Match: See p.18 of LEIT ICT (PDF) ○ !!! Type: RIA; TRL: n/a; Max request: €M3-5+; Total Budget: 35M€; ● !!!!!! (May 2016) ECSEL-JU 2016 program. Submitted 19-24M€ TRUSTLESS- based Extended & Dual Use R&D proposal to the ECSEL program (and in parallel but offset to European Defence Agency Cat-B). Drafts: Dedicated proposal web page, with link to draft proposal 24-pager and draft slides. Success rate: 35% in 2015; ● (June-July 2016) Free and Safe in Cyberspace - North American Edition ○ Location: New York or Washington; Co-organizers: TBD; Budget: 30-50K€ ● (July-Aug 2016) Pursue alternative funding, such as direct funding through seed funders or large company direct investments, via draft business case analysis, possibly also with SME Instrument Phase 2 and/or Fast Track to innovation. 18
Seeking Partners Although the project is complete with all core technical and socio-technical expertises, we are, nonetheless, substantially benefit, seeking additional partners, in order of priority: 1. One EU-based large global IT/ICT technology company - to add resiliency to the ecosystem, provide IT integration and/or fill expertise gaps - which has: a. wide-ranging high-assurance IT expertises; and/or b. capacity to widely exploit the global commercial military and/or civilian potential. 2. One or more SMEs, with core high-assurance expertises complementary with those of current partners. 3. One or more EU Ministries of Defense (MoDs) to endorse and/or participate in the project, especially from states of current core partner, such as Germany, Belgium, Spain. The Italian MoD has already shown extensive interest in participating as additional partner to the ECSEL 2016 program. 4. National cybersecurity certification labs and authorities (Sogis, EAL, EU SEC) 19
EU Institutions support to date ● On last Dec 2nd, we presented a 30 minute keynote at the “Cyber Defense Industry Day”, organized by the EDA Project Team Cyber Defence (draft agenda pdf). ● On Oct 1st, we’ve met for 4 hours the head of the 2° Office of the Technological Innovation Department of the Secretariat General of the Italian MoD C.V. Cappelletti, and 2 of his team (C.V. Galasso and Ten.Col. Roggi), which handles R&D projects from TRL2-6 and EDA. ● On Sept 30th, we have submitted a 4M€ R&D proposal to H2020 FET-Open RIA with our core technical partners. ● On Sept 24-25th in Brussels, we held the first event of the global event series Free and Safe in Cyberspace, with world-class speakers including EDPS, ECSEL, DG Connect Trust and Security Unit, EIT Digital Privacy Security and Trust Action Line, Richard Stallman, Bruce Schneier, Bart Preneel, and EDA Head of Information Superiority, Michael Sieber. A LatAm Edition was held in Oct 2015 in Iguazu, Brazil. A North American version is planned for 6/7 2016. ● On Sept 16th, we met for 3 hrs with Capo Reparto (Head) of VI Reparto Sistemi C4I e Trasformazione of the Italian MoD Adm. Di Biase, and 12 senior officers team, who manages the entire IT procurement and R&D (TRL7-9) of the Italian MoD. ● On July 3rd, we met extensively Ciocca the Deputy Director of the Italian DIS (Dipartimento Informazioni per la Sicurezza) to discuss the public safety. ● On June 3rd, EDA Head of Microelectronics, Scheidler invited us to present our project in a one hour keynote to 22 MoDs at the annual EDA CapTech meeting. ● We’ve been invited to a meeting at Italian Ministry of Economic Development (MISE) with Lfoundry and STmicroelectronics. 20
Commercial Dual-use Exploitation ● SHORT-TERM: Add 2-3M€ to enable participants to go-to-market with 13K units of world most user-trustworthy computing device. It will cater to the most critical civilian and military strategic communication, and downward-compatible to mainstream military (EU/NATO SECRET) and civilian (eIDAS “high”) standards. ● MEDIUM-TERM: The guaranteed low royalty fees, open ecosystem, and highly- portable client-side form factor will support deployment in the tens of millions in the corporate, e-banking, government. The addition of substantial non-security features (see civicdevices details), and reduction of unit cost at scale to tens of euros, will support wide scale consumer roll out in the tens of millions. Military: Added support for high-availability scenarios will enable to cater to such as: critical infrastructure, cyber-physical systems, autonomous and semi-autonomous IT systems, fixed and moveable, command & control systems for military missions. Help EU/EDA lead within NATO in the development of a strategic and emerging niche of foundational IT capabilities. ● LONG-TERM: Make such new “EU trustworthy computing base” a global standard, with the consequent huge societal and economical benefits.Derivative of the results will spur ever more trustworthy IT systems in numerous domains and wide market applications. AI?! The platform and ecosystem will evolve to constitute a low-level computing base, standard and a governance model that is sufficiently trustworthy for large democratically-accountable advanced narrow and strong AI projects and systems, in critical sectors for the economy and society, to substantially increase their safety, robustness and “value alignment”. 21
Alignment to EU strategies (1/2) EU Cybersecurity Strategy says: ● “The same laws and norms that apply in other areas of our day-to-day lives apply also in the cyber domain.Cybersecurity can only be sound and effective if it is based on fundamental rights and freedoms as enshrined in the Charter of Fundamental Rights of the European Union and EU core values. Reciprocally, individuals' rights cannot be secured without safe networks and systems”. ● “.... promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should advance democratic reform and its promotion worldwide. Increased global connectivity should not be accompanied by censorship or mass surveillance.” ● “The need for requirements for transparency, accountability and security is becoming more and more prominent”. ● “..., as well as possibly establish voluntary EU-wide certification schemes building on existing schemes in the EU and internationally.” ● “The EU will place a renewed emphasis on dialogue with third countries, with a special focus on like-minded partners that share EU values.”. ● “There is a risk that Europe not only becomes excessively dependent on ICT produced elsewhere, but also on security solutions developed outside its frontiers. It is key to ensure that hardware and software components produced in the EU and in third countries that are used in critical services and infrastructure and increasingly in mobile devices are trustworthy, secure and guarantee the protection of personal data.” 22
Alignment to EU strategies (2/2) ● EDA Head of Information Superiority, Michael Sieber, stated (m3.37) at our Free and Safe in Cyberspace: “Among EU member states, it’s hilarious: they claim digital sovereignty but they rely mostly on Chinese hardware, on US American software, and they need a famous Russian to reveal the vulnerabilities" ● EU Cyber Defence Policy Framework states: “The development of strong technological capacities in Europe to mitigate threats and vulnerabilities is essential. Industry will remain the primary driver for cyber defence related technology and innovation. So it will be crucial to maintain close cooperation with the private sector, .... It is also important to foster an assured and competitive European industrial cyber security supply chain by supporting the development of a robust European cybersecurity sector including through involvement with SMEs”. “Contribute to develop further and adapt public sector cyber security and defence organisational and technical standards for use in the defence and security sector. Where necessary, build on the ongoing work of ENISA and EDA”. ● The EU Digital Agenda Commissioner Oettinger recently stated “The debate about technological sovereignty has arisen out of a realization that freedoms and values that we cherish in Europe are at risk. There are some who do not respect privacy of our citizens. Some do not want to play on fair terms with our businesses. We need to safeguard our values and interests. It is in the interest of all citizens that we ensure a prosperous and a secure European digital future. That means that we have to be leaders in these technologies and support international standardization efforts that ensure high levels of security, proven by certification where necessary.” 23
Tripartite TRUSTLESS path to disruption 1. Jump start of TRUSTLESS complete SW/HW platform and ecosystem. With a profitable initial ecosystems that is extremely resilient to economic pressures and determined lifecycle attacks. 2. Establish and widely promoted a Trustless Computing Group international certification body, for both highest-assurance IT service and targeted lawful access schemes. It is extremely technically-proficient & citizen-accountable and primarily non- governmental. It provides voluntary (i.e. beyond law requirements) certification of Highest- assurance IT services and lifecycles for: a. Human IT communications that are suitable for the meaningful exercise of one’s civil rights via IT; b. Lawful and constitutional targeted access, that meaningfully guarantee both the user and the investigating agency against abuse, by satisfying: i. for centralized infrastructure: requirements a. above, plus additional requirements for forensic and other specific requirements ii. for state malware: an extended version of requirements and safeguards set forth by the authoritative “Lawful Hacking“ report. 3. Progressive adoption by EU, UN and/or a few states of such standards -and related certification body - as a voluntary or mandatory standard, by prescribing that: a. Public security agencies must deploy lawful access services/schemes only in compliance to TRUSTLESS certifications b. Grave consequences should follow for illegal cracking, by state and non.state authorities, of the individual use or entire lifecycle, of high-assurance IT providers that offer voluntary lawful access compliance, as certified. 24
TRUSTLESS The 1st EU Trustworthy Computing Base for wide- market civilian and military deployment. Project web page: http://www.openmediacluster.com/user-verifiable-social-telematics-project/ Contacts: Rufo Guerreschi, Exec. Dir. Open Media Cluster rg@openmediacluster.com +393357545620 “World’s most user-trustworthy computing platform, service, certification body and open ecosystem, while reliably enabling constitutional lawful access”

Empfohlen

Trustless slides dual-use R&D Proposal
Trustless slides dual-use R&D ProposalTrustless slides dual-use R&D Proposal
Trustless slides dual-use R&D ProposalTRUSTLESS.AI
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014Anita Lösch
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Voice communication security
Voice communication securityVoice communication security
Voice communication securityFabio Pietrosanti
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 

Empfohlen

Trustless slides dual-use R&D Proposal
Trustless slides dual-use R&D ProposalTrustless slides dual-use R&D Proposal
Trustless slides dual-use R&D ProposalTRUSTLESS.AI
 
OmniSpotlight 05-2014
OmniSpotlight 05-2014OmniSpotlight 05-2014
OmniSpotlight 05-2014Anita Lösch
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Voice communication security
Voice communication securityVoice communication security
Voice communication securityFabio Pietrosanti
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns Exosite
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
Nordic IT Security 2014 agenda
Nordic IT Security 2014 agendaNordic IT Security 2014 agenda
Nordic IT Security 2014 agendaCopperberg
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
TRUSTLESS.AI and Trustless Computing Consortium
TRUSTLESS.AI and Trustless Computing ConsortiumTRUSTLESS.AI and Trustless Computing Consortium
TRUSTLESS.AI and Trustless Computing ConsortiumTRUSTLESS.AI
 
Latest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AILatest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AITRUSTLESS.AI
 
OpenCryptoTrust vision deck
OpenCryptoTrust vision deckOpenCryptoTrust vision deck
OpenCryptoTrust vision deckStuart G Hall (stuartgh)
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Open for business
Open for businessOpen for business
Open for businessNicolò Franchi
 

Weitere ähnliche Inhalte

Was ist angesagt?

IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns Exosite
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
Nordic IT Security 2014 agenda
Nordic IT Security 2014 agendaNordic IT Security 2014 agenda
Nordic IT Security 2014 agendaCopperberg
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 

Was ist angesagt? (17)

IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of Things
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 
Nordic IT Security 2014 agenda
Nordic IT Security 2014 agendaNordic IT Security 2014 agenda
Nordic IT Security 2014 agenda
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 

Ähnlich wie Trustless Computing Initiative

TRUSTLESS.AI and Trustless Computing Consortium
TRUSTLESS.AI and Trustless Computing ConsortiumTRUSTLESS.AI and Trustless Computing Consortium
TRUSTLESS.AI and Trustless Computing ConsortiumTRUSTLESS.AI
 
Latest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AILatest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AITRUSTLESS.AI
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...TI Safe
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012Sharmin Ahammad
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 GE코리아
 
SPHER NET full presentation - v1.1 Final
SPHER NET full presentation - v1.1 FinalSPHER NET full presentation - v1.1 Final
SPHER NET full presentation - v1.1 FinalElliot Charles Willcox
 
Blockchain for telcos: The TRUST Layer the future needs.
Blockchain for telcos: The TRUST Layer the future needs.Blockchain for telcos: The TRUST Layer the future needs.
Blockchain for telcos: The TRUST Layer the future needs.José Luis Núñez Díaz
 
PrivateWave - sales presentation_en
PrivateWave - sales presentation_enPrivateWave - sales presentation_en
PrivateWave - sales presentation_enMarco Pissarello
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_finalChristopher Wang
 
Wouter Joossen - Security
Wouter Joossen - SecurityWouter Joossen - Security
Wouter Joossen - Securityimec.archive
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overviewElsa Prieto
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Pierre-Jean Verrando
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsMaurice Dawson
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017Riaan Bellingan
 

Ähnlich wie Trustless Computing Initiative (20)

TRUSTLESS.AI and Trustless Computing Consortium
TRUSTLESS.AI and Trustless Computing ConsortiumTRUSTLESS.AI and Trustless Computing Consortium
TRUSTLESS.AI and Trustless Computing Consortium
 
Latest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AILatest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AI
 
OpenCryptoTrust vision deck
OpenCryptoTrust vision deckOpenCryptoTrust vision deck
OpenCryptoTrust vision deck
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
 
Open for business
Open for businessOpen for business
Open for business
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 
OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션 OpShield 운영기술 환경 보안 솔루션
OpShield 운영기술 환경 보안 솔루션
 
SPHER NET full presentation - v1.1 Final
SPHER NET full presentation - v1.1 FinalSPHER NET full presentation - v1.1 Final
SPHER NET full presentation - v1.1 Final
 
Blockchain for telcos: The TRUST Layer the future needs.
Blockchain for telcos: The TRUST Layer the future needs.Blockchain for telcos: The TRUST Layer the future needs.
Blockchain for telcos: The TRUST Layer the future needs.
 
PrivateWave - sales presentation_en
PrivateWave - sales presentation_enPrivateWave - sales presentation_en
PrivateWave - sales presentation_en
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
 
Wouter Joossen - Security
Wouter Joossen - SecurityWouter Joossen - Security
Wouter Joossen - Security
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of Things
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017
 
AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things
 

Mehr von TRUSTLESS.AI

TRUSTLESS Pitch Slide Deck
TRUSTLESS Pitch Slide DeckTRUSTLESS Pitch Slide Deck
TRUSTLESS Pitch Slide DeckTRUSTLESS.AI
 
Open media district slide intro pa
Open media district slide intro paOpen media district slide intro pa
Open media district slide intro paTRUSTLESS.AI
 
SAE Group Studio301 Qantm
SAE Group Studio301 QantmSAE Group Studio301 Qantm
SAE Group Studio301 QantmTRUSTLESS.AI
 
Nasce pta 2010.06.30 02
Nasce pta 2010.06.30 02Nasce pta 2010.06.30 02
Nasce pta 2010.06.30 02TRUSTLESS.AI
 

Mehr von TRUSTLESS.AI (6)

TRUSTLESS
TRUSTLESSTRUSTLESS
TRUSTLESS
 
TRUSTLESS Pitch Slide Deck
TRUSTLESS Pitch Slide DeckTRUSTLESS Pitch Slide Deck
TRUSTLESS Pitch Slide Deck
 
Open media district slide intro pa
Open media district slide intro paOpen media district slide intro pa
Open media district slide intro pa
 
SAE Group Studio301 Qantm
SAE Group Studio301 QantmSAE Group Studio301 Qantm
SAE Group Studio301 Qantm
 
Kit Digital
Kit DigitalKit Digital
Kit Digital
 
Nasce pta 2010.06.30 02
Nasce pta 2010.06.30 02Nasce pta 2010.06.30 02
Nasce pta 2010.06.30 02
 

Kürzlich hochgeladen

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 

Kürzlich hochgeladen (20)

Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 

Trustless Computing Initiative

  • 1. TRUSTLESS Trustless socio-technical systems for EU 1st trustworthy computing base, for wide-market civilian and military deployment. Project web page: http://www.openmediacluster.com/user-verifiable-social-telematics-project/ Contacts: Rufo Guerreschi, Exec. Dir. Open Media Cluster rg@openmediacluster.com +393357545620 A computing base and service platform and related open ecosystem and certification body. Initially for basic text/voice mobile/desktop comms of unprecedented trustworthiness, while reliably enabling constitutional lawful access”
  • 3. ● Aim: Develop, from existing open components, a complete computing platform, ecosystem & certification body for critical dual-use IT communications, that provides unprecedented and constitutionally-meaningful levels of information assurance, while overall substantially increasing public safety. ● How: (A) Kick-start an extremely open and resilient ecosystem, a certification body, and a complete critical SW/HW stack for an end-2-end computing platform, for basic voice & text communications, that is devoid of the need or assumption of trust in anyone or anything - except in the intrinsic resilience of all socio-technical organizational processes critically involved in the entire lifecycle (from standards setting to fabrication oversight) against decisive attacks of up to tens of M€s, as assessable by an informed and moderately educated citizen. (B) a global event series, Free and Safe in Cyberspace, aimed at new international high-assurance standards and certification bodies for dual-use highest-assurance IT, the Trustless Computing Certification Initiative. ● Key & unique concepts: (1) Complete verifiability, extreme compartmentation and minimization and sufficiently extreme verification relative to complexity of all critical HW&SW; (2) Citizen/peer-witness oversight of all critical service components, including ICs fabrication, and server-room access, including for lawful access requests; (3) Expert and user-accountable certification governance. ● Overcoming Privacy/Safety Dichotomy & Reaching Critical Mass: TRUSTLESS provides unique extreme safeguards for transparently reconciling lawful access and personal confidentiality, which is crucial for legal sustainability of a critical mass of dual-use investments for create a EU-domestic “trustworthy computing base”. 3 TRUSTLESS in 1 slide
  • 4. About Us: Open Media Cluster ● What: A micro non-profit R&D/innovation center in Rome, Italy, pursuing leading-- edge R&D on dual-use privacy- and security--enhancing ICT technologies for civilian and dual-use markets. ● Single Focus: Together with uniquely-qualified global R&D partners and advisors, attract R&D funding on the TRUSTLESS R&D project, and promote a related certification body through a global event series, Free and Safe in Cyberspace. ● Expertise: Outcome of 15 years of expertise in e-voting, e-participation, free software, and bleeding-edge privacy-enhancing technologies and solutions, through NGO and SME work of exec. dir. and leading staff. World-class advisory boards. ● Mission: Enabling unprecedented and constitutionally-meaningful e-privacy for all, while increasing public safety. ● History: Established in May 2011, to provide the core innovation center and R&D project to provide industrial critical mass of the Open Media Park, a planned 47,000 sq.mts.140M€ ICT/media media/ICT park in Rome, Italy. 4
  • 5. TRUSTLESS Core Partners (1/2) • Lfoundry. (Italy) Leading EU-located and EU-owned foundry with a 200mm plant, with over 1700 staff, 110nm-capable, and with capacity of 40,000 wafers per month. The only independent and economically-viable EU foundry with in the 60nm and 160nm capabilities, suitable for high-assurance low-performance general-purpose end-user computing. Historical expertise in high-assurance critical hardware components production. EAL5+ certification for smart cards production is in progress. • Kryptus (Brazil) Developed the first secure general-purpose CPU microprocessor in the southern hemisphere, the SCuP, which uniquely provides open and verifiable designs and FLOSS microcode; at the core of TRUSTLESS HW architecture. Designed the 400.000 voting machines of Brazil, fighter-to-fighter communications systems, and the HSM of core Root CA of the main Brazilian PKI. • KernKonzept (Germany). Developers of the World’s most mature Free/Open Source microkernel and runtime environment for high-assurance ICT, the L4Re. Deployed globally by major Telcos and publicly audited for over 8 years. • KU Leuven COSIC. (Belgium) Research group COSIC (Computer Security and Industrial Cryptography) World leading expertise in digital security and strives for innovative security solutions, in a broad range of application domains. It is lead by Prof. Bart Preneel, President of the International Association for Cryptologic Research, arguably EU foremost IT security expert 5
  • 6. TRUSTLESS Core Partners (2/2) ● GSMK Cryptophone. (Germany) For over a decade the only publicly available cryptophone maker with the full software stack publicly verifiable. Used by diplomats, top executives and investigative journalists, including Laura Poitras and Glenn Greenwald, the filmmaker and journalist primarily delegated by Edward Snowden with the publishing of his revelations. Their CTO is spokesperson of Chaos Computer Club, main EU hacker NGO. ● SCYTL Secure Electronic Voting S.A. (Spain) Global leader in e--voting and high-- assurance remote deliberation technologies. Present in over 20 countries. Has pioneered innovative cryptographic techniques and socio-technical processes. ● Goethe University – DT Chair for Mobile Business and Multilateral Security (Germany). Leads in research on privacy and security in mobile networks, and related social and economical aspects. Lead: ABC4trsut, TresPass, PrivacyOS. Chair is Prof. Rannenberg, member of NIS Platform for individual rights. ● Center for Cyber Intelligence and Information Security (Italy) The leading state cyber-security academic research center in Italy, with ties with state security agencies. ● American Mini Foundry. (USA) US leader in highest_assurance IC foundry oversight). World-class competencies in hardware fabrication assurance processes. Among the team members that will be involved is their President Scadden, and Gerry Etzold, Former Technical Director of NSA Trusted Access Program (2008-2009). ● Other include: ○ ROtechnology. High-availability dual-use IoT systems. ○ Security Brokers. Targeted lawful access and state-grade 0-days. ○ ReaQta. Targeted lawful access and deep endpoint defence. 6
  • 7. High-assurance IT Security Today ● While unbreakable encryption is everywhere, nearly everything is scalably broken, mostly at birth ○ All or nearly all endpoints, both ordinary commercial systems and high- trustworthiness IT systems, are broken beyond point of encryption, and scalably exploitable by powerful nations and an undefined but relatively large number of other mid- or high-level threat actors. ○ TOR is broken - except for very expert and selective uses - because of attacks through traffic analysis, endpoints and/or other techniques by APTs. ○ If so broken, Why no news of hack of top military and civilian govenmental users?! Often because that’s a state secret or because the whole point of advanced APTs is to stay undetected for years to snoop and alter data. ● State-mandated and state-sanctioned backdoors are nearly everywhere ○ Critical vulnerabilities, that make nearly everything broken, are nearly always either state-mandated or state-sanctioned backdoors, because a few states have either created, acquired or discovered them, while keeping that knowledge hidden, legally or illegally. ○ A few states have all the tools they need to pursue criminals with due legal process, except very few the most skilled and well-financed actors with access to top techs and/ir top OpSec (digital and non-digital) such as top criminals, billionaires, or highest state security officials. A huge asymmetry of power and information superiority, that is self-reinforcing with incalculable consequences. 7
  • 8. TRUSTLESS Binding Paradigms Certified TRUSTLESS computing services, devices, lifecycles and the certification body would comply with the TRUSTLESS Binding Paradigms (here in full version) 1. assumes that extremely-skilled attackers are willing to devote even tens of millions of Euros to compromise the supply chain or lifecycle, through legal and illegal subversion of all kinds, including economic pressures. 2. provides extremely user-accountable and technically-proficient oversight of all hardware, software and organizational processes critically involved in the entire lifecycle and supply chains; 3. provides extreme levels of auditing intensity relative to system complexity, for all critical components; and includes only publicly verifiable components, and strongly minimizes use of non-Free/Open-source software and firmware. 4. includes only open innovations with clear and low long-term royalties (<15% of end-user cost) from patent and licensing fees, to prevent undue intellectual property right holders’ pressures, lock-ins, patent vetoes and ensure low-cost; 5. includes only highly-redundant hardware and/or software cryptosystems, whose protocols, algorithms and implementations are open, long-standing, extensively- verified and endorsed, and with significant and scalable post-quantum resistance levels. 6. Is continuously certified by an extremely technically-proficient and user- accountable independent standard/certification body. 8
  • 9. Enabling Arch. & Client form-factor ● The technical architecture, from existing open components, is based on a 300Mhz CPU-based hardware platform which will have power- consumption and form-factor that make it suitable for a new 2.0-2.5mm-- thin handheld end--user device class (or CivicPod) - integrated in or “attached” to any user's ordinary smartphone, and interfaceable a user’s desktop monitor - as well as for server, onion routing mid-points and M2M/IoT devices,- albeit initially with minimal feature and performance. ● In a single highly-portable device, it integrates the features of a display smart-card, a simple handheld device, a smart-card reader, and a barebones desktop PC. Smartphones, now often 4.75-6.5mm thin, are getting too thin to handle, creating a radical portability opportunity. 9
  • 11. Service Architecture (1/2) ● CivicPod. A dedicated 2.0-2.5mm-thin touch-screen handheld device, which used attached to the back of any user's mobile phone via a smartphone hard case. Its backface exposes an external smart-card reader, which can be used an alternative hard case that adds a 0.7mm slot for non-RF CivicCards (or smartcards) to use for in EU border points, multiple users, CivicKiosks at public offices; downward-compatibility and interoperability eIDAS and EU/NATO SECRET. ● CivicDongle. Each CivicPod user will optionally receive, at cost, a paired cheap TV-connected Wifi-enabled HDMI-Dongle (or CivicDongle) with capability to act as secure onion routing node in order to create a network of thousands (exit, relay, directory) to ensure metadata privacy, most likely as a “private extension” of the Tor network. 11
  • 12. Service Architecture (2/2) ● CivicLab & CivicRoom. CivicDevices are all assembled, verified, flashed, and transferred to their users in dedicated custom--built street--facing lab (or CivicLab), that contains a server room (or CivicRoom), where all privacy--sensitive services, if offered, must be hosted, whose access requires 5 randomly-selected peer--witnesses and dedicated servers (or CivicServers). ● CivicFab. Fabrication and design of all critical hardware components will be subject to citizen-witness-based oversight processes (or CivicFab) that will substantially exceed in end--user- trustworthiness those of NSA Trusted Foundry Program, at substantially lower costs. After a short initial exclusivity for a post--R&D TRUSTLESS Consortium, TRUSTLESS services can be extended and commercialized by any willing service provider (or CivicProviders). ● TRUSTLESS Certification Body. Providers are continuously verified by a to--be--established dedicated certification organization, according to TRUSTLESS Paradigms and TRUSTLESS Specifications, updated by the same. 12
  • 13. Prevention of Malevolent Use ● Mitigations at service level. As per binding agreement among TRUSTLESS R&D participants, all certified TRUSTLESS services must include a voluntary compliance - in addition of what’s required by law - to lawful access requests. These request will be evaluated by a citizen-witness process, that is overseen by an independent certification body, the TRUSTLESS Certification Body, so as to guarantee the rights of users and the legit needs of the public security agency. ● Mitigations at the fabrication level. The public availability of all TRUSTLESS critical SW & HW source designs could enable malevolent users to produce their own CivicPods for malevolent use. Such threat can be reduced extremely by the current inability of malevolent states or groups to fully control a suitable semiconductor foundry. In the rare case in which they may attempt to enter in suitable agreements with suitable foundries, intelligence work can make sure to either prevent it or, better, insert vulnerabilities in their fabrication processes to acquire in the future extremely valuable intelligence. See details at the Malevolent Use section of the 34-pager Draft Proposal 13
  • 14. The 1st EU Trustworthy Computing Base TRUSTLESS pursues similar scope and ambitions as EDA SoC project, except it: (1) Aims initially at communications; (2) Does not rely on parts, providers or fabrication processes upfront trusted; (3) Aims at much higher ecosystem resiliency and IP openness; (4) Has a solid 12-months 3M€ post-R&D go to market strategy A TRUSTLESS binding MOU (pdf) signed among its core technical participants ensures, sustainably in time, the radical openness of the resulting platform in relation to both the public verifiability of critical components, low and crystal-clear and low overall IP royalties, an open competitive ecosystem. 14
  • 15. RECENT RELEVANT NEWS ● (June 3rd), European Defence Agency (EDA) Head of Microelectronics, Scheidler has invited us to present the UVST project in a one hour keynote to 22 MoDs at last Spring annual EDA CapTech meeting, as a new project proposal similar in scope to EDA SoC. ● (July 3rd) Met extensively with Italian Dipartimento Informazioni per la Sicurezza DIS Deputy Director Ciocca to discuss the public safety implication of our project and our planned mitigation against malevolent use (Art 1.7.3 of the draft proposal). ● (Sept 16th) Held a 3 hours meeting with Capo Reparto (Head) of VI Reparto Sistemi C4I e Trasformazione of the Italian MoD Adm. Di Biase, and 12 senior officers team, which manages the entire IT procurement and short-term R&D (TRL7-9) of the Italian MoD. ● (Sept 24-25th) Held first event of the global event series Free and Safe in Cyberspace, with world-class speakers including Schenier, Stallman, Preneel the most senior executives of EDPS, ECSEL, DG Connect Trust and Security Unit, EIT Digital Privacy Security and Trust Action Line, and the most recognised US and EU IT security experts; as well as EDA Head of Information Superiority, Michael Sieber. Entirely conceived and coordinated by OMC. The event focused on deepening the quality and widening the consensus on the socio-technical paradigms underlying TRUSTLESS. The 1st Free and Safe in Cyberspace – LatAm Edition, was be held next Oct 16th 2015 in Iguazu, Brazil. Next event are being planned for Rome and New York. 15 Recent Advancements 1
  • 16. Recent Advancements 2 ● (Sept 30th) Submitted a 4M€ TRUSTLESS proposal to the H2020 FET Open RIA program, together with our core partner, with rare or unique competencies in highest-assurance IT, covering the entire lifecycle. ● (Oct 1st) Met for 4 hours the head of the 2° Office of the Technological Innovation Department of the Secretariat General of the Italian MoD C.V. Cappelletti, and 2 of his team (C.V. Galasso and Ten.Col. Roggi), which handles R&D projects from TRL2-6, including EDA. ● (Oct 14th) Held a LAtAm Version of Free and Safe in Cyberspace, Iguazu, Brazil. ● (Dec 3rd) Presented our 9-19M€ TRUSTLESS Extended & Dual-use R&D proposal, at the European Defence Agency headquarters druing the Annual EDA Cyber Industry days 2015 (agenda pdf). Our project was given the honour of a 30 minute keynote (slides pdf) - as the only R&D project proposal, side by side with the offerings of largest EU dual-use cyber technology heavyweights , including Indra, Finmeccanica, Thales, Atos and Secunet. 16
  • 17. Funding Roadmap 1 ● (by Jan 2016) Submit a 7-9M€ proposal to the Italian "Piano Nazionale della Ricerca Militare" (PNRM): ○ TRL: 2-6; Funding Rate: variable (50-75% on average); ○ Draft: The proposal webpage TRUSTLESS Extended & Dual-Use described proposals to both PNRM and ECSEL, which described our ECSEL 2016, as described at this gdoc anchor of our 34-pager live Proposal Draft. ○ Slides: Slides were presented at the European Defence Agency. ○ (Only for ECSEL and/or EDA Cat-B) formalize LoI with Italian MISE and/or MoD, or other EU MoD (Germany and Spain). ● (Apr 12th 2016) DS-01-2016: Assurance and Certification for Trustworthy and Secure ICT systems, services and components. Details & Match: See p.58 of Secure Societies (PDF) ○ !!!!!! Type: RIA; TRL: 3-5; Max request: 3-4+M€; Budget: 13.5M€. ○ !!! Type: IA; TRL: 6-7; Max request: 3-4+M€; Budget: 9M€. ○ !!!!!! Type: Coordination; TRL: n/a; Max req.: 1M€; Budget: 1M€ ● (Apr 12th 2016) ICT-12-2016: Net Innovation Initiative. Details & Match: See p.33 of LEIT ICT (PDF) ○ !!!! Type: RIA; TRL: n/a; Max request: €M2-5+; Total Budget: 5M€ ○ Seeking: TBD 17
  • 18. Funding Roadmap 2 ● (Apr 12th 2016) ICT-35-2016: Enabling responsible ICT-related research and innovation. Details & Match: See p.89 of LEIT ICT (PDF) ○ !! Type: RIA Smaller Short-Term; TRL: n/a; Max request:0.3-0.5+M€; Total Budget: 7M ● (Apr 12th 2016) ICT-03-2016: SSI - Smart System Integration ○ Details & Match: p.11 of LEIT ICT (PDF) ○ ?? Type: RIA; TRL: 2-4; Max request: €M2-4+; Total Budget: 17M€; ● (Apr 12th 2016) ICT-06-2016: Cloud Computing ○ Details & Match: See p.18 of LEIT ICT (PDF) ○ !!! Type: RIA; TRL: n/a; Max request: €M3-5+; Total Budget: 35M€; ● !!!!!! (May 2016) ECSEL-JU 2016 program. Submitted 19-24M€ TRUSTLESS- based Extended & Dual Use R&D proposal to the ECSEL program (and in parallel but offset to European Defence Agency Cat-B). Drafts: Dedicated proposal web page, with link to draft proposal 24-pager and draft slides. Success rate: 35% in 2015; ● (June-July 2016) Free and Safe in Cyberspace - North American Edition ○ Location: New York or Washington; Co-organizers: TBD; Budget: 30-50K€ ● (July-Aug 2016) Pursue alternative funding, such as direct funding through seed funders or large company direct investments, via draft business case analysis, possibly also with SME Instrument Phase 2 and/or Fast Track to innovation. 18
  • 19. Seeking Partners Although the project is complete with all core technical and socio-technical expertises, we are, nonetheless, substantially benefit, seeking additional partners, in order of priority: 1. One EU-based large global IT/ICT technology company - to add resiliency to the ecosystem, provide IT integration and/or fill expertise gaps - which has: a. wide-ranging high-assurance IT expertises; and/or b. capacity to widely exploit the global commercial military and/or civilian potential. 2. One or more SMEs, with core high-assurance expertises complementary with those of current partners. 3. One or more EU Ministries of Defense (MoDs) to endorse and/or participate in the project, especially from states of current core partner, such as Germany, Belgium, Spain. The Italian MoD has already shown extensive interest in participating as additional partner to the ECSEL 2016 program. 4. National cybersecurity certification labs and authorities (Sogis, EAL, EU SEC) 19
  • 20. EU Institutions support to date ● On last Dec 2nd, we presented a 30 minute keynote at the “Cyber Defense Industry Day”, organized by the EDA Project Team Cyber Defence (draft agenda pdf). ● On Oct 1st, we’ve met for 4 hours the head of the 2° Office of the Technological Innovation Department of the Secretariat General of the Italian MoD C.V. Cappelletti, and 2 of his team (C.V. Galasso and Ten.Col. Roggi), which handles R&D projects from TRL2-6 and EDA. ● On Sept 30th, we have submitted a 4M€ R&D proposal to H2020 FET-Open RIA with our core technical partners. ● On Sept 24-25th in Brussels, we held the first event of the global event series Free and Safe in Cyberspace, with world-class speakers including EDPS, ECSEL, DG Connect Trust and Security Unit, EIT Digital Privacy Security and Trust Action Line, Richard Stallman, Bruce Schneier, Bart Preneel, and EDA Head of Information Superiority, Michael Sieber. A LatAm Edition was held in Oct 2015 in Iguazu, Brazil. A North American version is planned for 6/7 2016. ● On Sept 16th, we met for 3 hrs with Capo Reparto (Head) of VI Reparto Sistemi C4I e Trasformazione of the Italian MoD Adm. Di Biase, and 12 senior officers team, who manages the entire IT procurement and R&D (TRL7-9) of the Italian MoD. ● On July 3rd, we met extensively Ciocca the Deputy Director of the Italian DIS (Dipartimento Informazioni per la Sicurezza) to discuss the public safety. ● On June 3rd, EDA Head of Microelectronics, Scheidler invited us to present our project in a one hour keynote to 22 MoDs at the annual EDA CapTech meeting. ● We’ve been invited to a meeting at Italian Ministry of Economic Development (MISE) with Lfoundry and STmicroelectronics. 20
  • 21. Commercial Dual-use Exploitation ● SHORT-TERM: Add 2-3M€ to enable participants to go-to-market with 13K units of world most user-trustworthy computing device. It will cater to the most critical civilian and military strategic communication, and downward-compatible to mainstream military (EU/NATO SECRET) and civilian (eIDAS “high”) standards. ● MEDIUM-TERM: The guaranteed low royalty fees, open ecosystem, and highly- portable client-side form factor will support deployment in the tens of millions in the corporate, e-banking, government. The addition of substantial non-security features (see civicdevices details), and reduction of unit cost at scale to tens of euros, will support wide scale consumer roll out in the tens of millions. Military: Added support for high-availability scenarios will enable to cater to such as: critical infrastructure, cyber-physical systems, autonomous and semi-autonomous IT systems, fixed and moveable, command & control systems for military missions. Help EU/EDA lead within NATO in the development of a strategic and emerging niche of foundational IT capabilities. ● LONG-TERM: Make such new “EU trustworthy computing base” a global standard, with the consequent huge societal and economical benefits.Derivative of the results will spur ever more trustworthy IT systems in numerous domains and wide market applications. AI?! The platform and ecosystem will evolve to constitute a low-level computing base, standard and a governance model that is sufficiently trustworthy for large democratically-accountable advanced narrow and strong AI projects and systems, in critical sectors for the economy and society, to substantially increase their safety, robustness and “value alignment”. 21
  • 22. Alignment to EU strategies (1/2) EU Cybersecurity Strategy says: ● “The same laws and norms that apply in other areas of our day-to-day lives apply also in the cyber domain.Cybersecurity can only be sound and effective if it is based on fundamental rights and freedoms as enshrined in the Charter of Fundamental Rights of the European Union and EU core values. Reciprocally, individuals' rights cannot be secured without safe networks and systems”. ● “.... promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should advance democratic reform and its promotion worldwide. Increased global connectivity should not be accompanied by censorship or mass surveillance.” ● “The need for requirements for transparency, accountability and security is becoming more and more prominent”. ● “..., as well as possibly establish voluntary EU-wide certification schemes building on existing schemes in the EU and internationally.” ● “The EU will place a renewed emphasis on dialogue with third countries, with a special focus on like-minded partners that share EU values.”. ● “There is a risk that Europe not only becomes excessively dependent on ICT produced elsewhere, but also on security solutions developed outside its frontiers. It is key to ensure that hardware and software components produced in the EU and in third countries that are used in critical services and infrastructure and increasingly in mobile devices are trustworthy, secure and guarantee the protection of personal data.” 22
  • 23. Alignment to EU strategies (2/2) ● EDA Head of Information Superiority, Michael Sieber, stated (m3.37) at our Free and Safe in Cyberspace: “Among EU member states, it’s hilarious: they claim digital sovereignty but they rely mostly on Chinese hardware, on US American software, and they need a famous Russian to reveal the vulnerabilities" ● EU Cyber Defence Policy Framework states: “The development of strong technological capacities in Europe to mitigate threats and vulnerabilities is essential. Industry will remain the primary driver for cyber defence related technology and innovation. So it will be crucial to maintain close cooperation with the private sector, .... It is also important to foster an assured and competitive European industrial cyber security supply chain by supporting the development of a robust European cybersecurity sector including through involvement with SMEs”. “Contribute to develop further and adapt public sector cyber security and defence organisational and technical standards for use in the defence and security sector. Where necessary, build on the ongoing work of ENISA and EDA”. ● The EU Digital Agenda Commissioner Oettinger recently stated “The debate about technological sovereignty has arisen out of a realization that freedoms and values that we cherish in Europe are at risk. There are some who do not respect privacy of our citizens. Some do not want to play on fair terms with our businesses. We need to safeguard our values and interests. It is in the interest of all citizens that we ensure a prosperous and a secure European digital future. That means that we have to be leaders in these technologies and support international standardization efforts that ensure high levels of security, proven by certification where necessary.” 23
  • 24. Tripartite TRUSTLESS path to disruption 1. Jump start of TRUSTLESS complete SW/HW platform and ecosystem. With a profitable initial ecosystems that is extremely resilient to economic pressures and determined lifecycle attacks. 2. Establish and widely promoted a Trustless Computing Group international certification body, for both highest-assurance IT service and targeted lawful access schemes. It is extremely technically-proficient & citizen-accountable and primarily non- governmental. It provides voluntary (i.e. beyond law requirements) certification of Highest- assurance IT services and lifecycles for: a. Human IT communications that are suitable for the meaningful exercise of one’s civil rights via IT; b. Lawful and constitutional targeted access, that meaningfully guarantee both the user and the investigating agency against abuse, by satisfying: i. for centralized infrastructure: requirements a. above, plus additional requirements for forensic and other specific requirements ii. for state malware: an extended version of requirements and safeguards set forth by the authoritative “Lawful Hacking“ report. 3. Progressive adoption by EU, UN and/or a few states of such standards -and related certification body - as a voluntary or mandatory standard, by prescribing that: a. Public security agencies must deploy lawful access services/schemes only in compliance to TRUSTLESS certifications b. Grave consequences should follow for illegal cracking, by state and non.state authorities, of the individual use or entire lifecycle, of high-assurance IT providers that offer voluntary lawful access compliance, as certified. 24
  • 25. TRUSTLESS The 1st EU Trustworthy Computing Base for wide- market civilian and military deployment. Project web page: http://www.openmediacluster.com/user-verifiable-social-telematics-project/ Contacts: Rufo Guerreschi, Exec. Dir. Open Media Cluster rg@openmediacluster.com +393357545620 “World’s most user-trustworthy computing platform, service, certification body and open ecosystem, while reliably enabling constitutional lawful access”