This TRUSTLESS Extended & Dual-Use R&D proposal is a 9-19M€ extension of our TRUSTLESS Base R&D proposal, to be submitted next May to the 2-phased ECSEL 2016, EU largest public-private R&D funding program, and concurrently as a European Defence Agency (EDA) Cat-B program. In addition to world class partners, the proposal has receive substantial public interest, including from ECSEL, EDA, Italian MoD, Italian Ministry of Economic Development (see below). It will also be submitted, as a smaller 7-9M€ proposal, to the Italian Piano Nazionale della Ricerca Militare.
WHAT: The creation of a dual-use EU trustworthy computing base – standards, certifications processes, and ecosystem – that can enable and sustain unprecedented levels of trustworthiness for IT end-2-end services. Its 1st phase aims at the most critical civilian and military strategic communications, our TRUSTLESS base version – detailed in our 4M€ FET-Open RIA proposal of last Sept 30th 2015 (PartB1-3 pdf, PartB4-5 pdf) – to higher assurance and TRL levels, more features, domains and scalability.
FEATURES & DOMAINS: Aimed in its 1st stage (5M€) at very basic mobile and desktop text/voice communications for the most critical scenarios, it is designed to act as veritable EU Trustworthy Computing Base for a wide variety of high-assurance computing domains, including mass-market consumer. The initial stage is conceived to enable the 2nd stage (4-14M€) to make the project extensible, adaptable and scalable to:
- (A) communications, cloud and/or e-transactions (such as e-banking, e-government, e-health, e-signatures) end-2-end services and devices, in mobile&desktop (as well as mobile/TV, kiosk and POS); including large-scale mass-market consumer scenarios with high-user friendliness and entertainment features.
- (B) A wide variety of domains and user scenarios in highest-assurance communications, cloud and IoT that – while compatible with the form factor, performance and power consumption of the initial architecture ( below) – require highest levels of assurance for availability and resiliency, in addition or alternative to confidentiality, integrity, authenticity and non-repudiability. For example: critical infrastructure, cyber-physical systems, autonomous and semi-autonomous IT systems (fixed and moveable, such as drones, self-driving cars, robots), military command & control, state lawful (and constitutional!) access socio-technical systems.
AIMS/AMBITIONS: These joint initiatives aim to sustainably enable the provisioning of end-2-end IT services – and related life-cycle and supply-chain – that are capable of resisting persistent investments of tens of millions of euros, by largely unaccountable state and non-state actors, aimed to acquire access to critical remote vulnerabilities in the life-cycle and supply-chain, through discovery or active subversion of all kinds. It’s aim is to create a open-licensed patent-unencumbered publicly-verifiable set of core critical technologies, and an highly resilient ecosystem, from standard setting body to fabrication oversight. It will provide a full and world-leading implementation of the requirements set forth at Art. 8.1 of the Italian Piano Nazionale per la Protezione Cibernetica e la Sicurezza Informatica.
MITIGATION OF MALEVOLENT USE: Notwithstanding the unprecedented levels of assurance sought, and the public verifiability of the digital designs of all critical hardware and software components, we believe to have nearly eliminated the potential for malevolent use. We have devised highly innovative mitigation measures at the fabrication and service levels, that radically reduce the risks of hampering legitimate cyber-investigation, while providing unprecedented safeguards against end-user rights abuse. (Section 1.7 of the Proposal Draft)
HOW: Such ambitious goal is pursued through two synergic initiatives (1) A global event series aimed at new international certifications and certification bodies for dual-use highest-assurance IT – named Free and Safe in Cyberspace and related TRUSTLESS Computing Certification Initiative; and (2) A set of R&D proposals, ranging from 4 to 29M€ based on the TRUSTLESS project, together with Italian and global partners, with globally-unique dual-use high-assurance IT expertises spanning the entire IT life-cycle, and world-class advisors.
PUBLIC INSTITUTIONS SUPPORT TO DATE: See Relevant news section in the roadmap
ECSEL FUNDING (See page 4 of the Proposal pdf):