This Trustless Computing Extended & Dual-Use R&D proposal is a 9-19M€ extension of the proposals of the Trustless Computing Consortium, for the creation of a dual-use EU trustworthy computing base – standards, certifications processes, and ecosystem – that can enable and sustain unprecedented levels of trustworthiness for IT end-2-end services.
AIMS/AMBITIONS: These joint initiatives aim to sustainably enable the provisioning of end-2-end IT services – and related life-cycle and supply-chain – that are capable of resisting persistent investments of tens of millions of euros, by largely unaccountable state and non-state actors, aimed to acquire access to critical remote vulnerabilities in the life-cycle and supply-chain, through discovery or active subversion of all kinds. It’s aim is to create a open-licensed patent-unencumbered publicly-verifiable set of core critical technologies, and an highly resilient ecosystem, from standard setting body to fabrication oversight. It will provide a full and world-leading implementation of the requirements set forth at Art. 8.1 of the Italian Piano Nazionale per la Protezione Cibernetica e la Sicurezza Informatica.
ACTION LINES: Such ambitious goal is pursued through 4 synergic activities:
- (1) A global event series aimed at new international certifications and certification bodies for dual-use highest-assurance IT – named Free and Safe in Cyberspace and related Trustless Computing Certification Body Initiative;
- (2) A set of R&D proposals, ranging from 4 to 29M€ based on the Trustless Computing Consortium R&D proposals, together with Italian and global partners, with globally-unique dual-use high-assurance IT expertises spanning the entire IT life-cycle, and world-class advisors.
- (3) Our May 2017 proposal for a EU Trustless Computing Cluster and Campus for Cybersecurity & Artificial Intelligence as a core element of Region economic development and the Open Media Park, a technology park of 47.000 sq.mts., 150m€ in Rome, Italy.
- (4) Our proposal for Cybersecurity and AI safety leadership to the State of Luxembourg.
FUNDING & INSTITUTIONAL SUPPORT: It is planned to be submitted next May to the 2-phased ECSEL JU programs 2018, EU largest public-private semiconductor R&D funding program, and concurrently as a European Defence Agency (EDA) Cat-B program. In addition to world class partners, the proposal has received substantial public interest, including from ECSEL, EDA, Italian MoD, Italian Ministry of Economic Development (List of meetings to date). It will may also be submitted, as a smaller 7-9M€ proposal, to the Italian Piano Nazionale della Ricerca Militare. Its 1st phase aims at the most critical civilian and military strategic communications, our Trustless Computing base version – detailed in our 4M€ H2020 proposal of last Apr 2016 to higher assurance and TRL levels, more features, domains and scalability. As of May 2017 we have major interest from the former Minister of Defense of Luxembourg, and meeting with the head of inteligence there, and major interest from the Defense policy leader of the Italian leading party M5S, Angelo Tofalo, who has repeatedly proposed 2bn euros state investiment, in advanced cybersecurity.
FEATURES & DOMAINS: Aimed in its 1st stage (5M€) at very basic mobile and desktop text/voice communications for the most critical scenarios, it is designed to act as veritable EU Trustworthy Computing Base for a wide variety of high-assurance computing domains, including mass-market consumer. The initial stage is conceived to enable the 2nd stage (4-14M€) to make the project extensible, adaptable and scalable to:
- (A) communications, cloud and/or e-transactions (such as e-banking, e-government, e-health, e-signatures) end-2-end services and devices, in mobile&desktop (as well as mobile/TV, kiosk and POS); including large-scale mass-market consumer scenarios with high-user friendliness and entertainment features.
- (B) A wide variety of domains and user scenarios in highest-assurance communications, cloud and IoT that – while compatible with the form factor, performance and power consumption of the initial architecture ( below) – require highest levels of assurance for availability and resiliency, in addition or alternative to confidentiality, integrity, authenticity and non-repudiability. For example: critical infrastructure, cyber-physical systems, autonomous and semi-autonomous IT systems (fixed and moveable, such as drones, self-driving cars, robots), military command & control, state lawful (and constitutional!) access socio-technical systems.
MITIGATION OF MALEVOLENT USE: Notwithstanding the unprecedented levels of assurance sought, and the public verifiability of the digital designs of all critical hardware and software components, we believe to have nearly eliminated the potential for malevolent use. We have devised highly innovative mitigation measures at the fabrication and service levels, that radically reduce the risks of hampering legitimate cyber-investigation, while providing unprecedented safeguards against end-user rights abuse. (Section 1.7 of the Proposal Draft)