Trustless Dual-Use Initiative

News: The initiative has been accepted for presentation at the Oct3rd 2018 EDIDP matchmaking event organized by the Austrian Semester Presidency of the European Union, to be held in Vienna. The slide deck that will be presented is linked below.

ABSTRACT

Trustless Dual-Use is an initiative lead by the Trustless Computing Association that aggregates leading public and private partners to submit, over the next 12 months, a set of €15-25M+ EU/national public co-funding proposals in the area of IT security. Such proposals will aim to create a European dual-use IT platform, computing base, ecosystem and certification schema, Trustless Computing Certification Body, that aim to radically exceed the civilian and military state of the art in IT security, while at once solidly preventing criminal abuse and retaining legit cyber-investigation capabilities. Initially aimed at the most confidentiality-critical and integrity-critical societal scenarios in the area of communications and transaction, and then expanded to ultra-high availability scenarios.

FUNDING

Such proposals will be submitted primarily to the 590M€ 2019-2020 European Defence Industrial Development Plan (EDIDP), and EDA Cat-B, ECSEL-JU, H2020 a and national funding programs and private co-funding. EDIDP funding presupposes the participation of at least 3 EU Ministries of Defense and several SMEs.

AMBITION & GOALS

These joint initiative aim to sustainably enable the provisioning of end-2-end IT services – and related life-cycle and supply-chain – that are capable of resisting persistent investments of tens of millions of euros, by largely-unaccountable state and non-state actors, aimed at acquiring access to critical remote vulnerabilities in the life-cycle and supply-chain, through discovery or active subversion of all kinds.  The project aims is to create an open-licensed patent-unencumbered publicly-inspectable set of core critical IT technologies, and a highly resilient ecosystem extending from standard-setting body to fabrication oversight.  It will uniquely enable unprecedented and constitutionally-meaningful assurance levels of confidentiality, integrity, authenticity and non-repudiability for end-2-end IT services, civilian and dual-use applications while avoiding significant risks of malevolent abuse and obstruction to legitimate cyber-investigations.

PARTNERS & PARTNERING ROADMAP

In addition to our longtime public and private partners – too long to list – we have received much and mounting interest so far by Ministries of Defence and Security Agencies of Italy, Germany, and Austria.

Also, we have been engaging with private partners: major banks, defense contractors, national posts or “digital agencies” in Italy, Germany, and Austria: including BV-tech, Leonardo, R&D Cybersecurity, Secunet, Poste Italiane, Post Luxembourg, Deutsche Bank, ENEL, Solaris Bank, EU Digital SME Alliance. We are working on an extension to other EU nations, such as Luxembourg, France, and Switzerland.

On July 23rd 2018, we were invited to present the initiative by the new Undersecretary of the Ministry of Defense of Italy (with the delegation to cybersecurity) Angelo Tofalo. The new Italian Minister of Defense Elisabetta Trenta had agreed to join our event in Berlin on May 4th, – with German Ministry of Interior and Defense and Head of R&D of Deutsche Telekom – albeit had to cancel for delays in Italian government formation process. Before end of September 2018, we’ll be meeting the Head of General Planning of SMD III Department for Military Politics and Planning of the Italian Ministry of Defense, which has expressed “absolute interest” in our initiative, and extended invitation to SMD VI (cyber systems procurement), Italian MoD Cyber Command (CIOC) and Segredifesa (R&D).

On Oct 3rd 2018, we’ve been invited to present the initiative at a EDIDP match-making event in Vienna organized by the Austrian Semester Presidency of the European Union, and the Aerospace and Defense Industries Association of Europe.

INTRO DOCUMENTS

  • A 28-pager slide deck PDF (new Sept 25th 2018 revision)
  • A 60-pager draft Trustless Dual-Use Framework Proposal and a 3-pager Summary can be found here in PDF.

UNIQUE PARADIGMS

(1) The project will achieve previously unimagined levels of trustworthiness by uniquely merging best-of-breed industry-proven blockchain technologies with radically-unprecedented levels of endpoint security – by removing all unverified trust all the way down to CPU, hosting management, fabrication oversight, and standards-setting governance – and therefore essentially reducing cybersecurity to a cyber-social governance problem.

(2) To achieve and maintain such trustworthiness levels, it will involve world-leading partners and scientists to devise radically new ideas and concepts, and extend, merge – and apply to end-user ICT systems – best-of-breed “zero trust” socio-technical paradigms from different scientific fields, including: (a) socio-technical principles of highest-trustworthiness dual-use ICT and civil aviation systems; (b) citizen-witness-based and voting-booth organizational procedures from democratic governance, and; (c) organizational constituent processes, and statutory architectures, aimed at extreme transparency, user/citizen-accountability and technical-proficiency.

(3) It achieves such trustworthiness levels by uniquely ensuring complete verifiability, adequate verification relative to complexity, and “constituent-witness” oversight, of any and all potentially critical service components, from standard setting to ICs fabrication oversight to server room access procedures. Extreme safeguards for transparently reconciling lawful access and personal confidentiality will be key for its legal sustainability – and radical mitigation of potential malevolent use – and therefore foster a critical mass of EU dual-use investments to create a comprehensive a resilient “EU trustworthy computing base” and ecosystem.

(4) Key to all will be the design of an extremely trustworthy, proficient and accountable international certification body. A key innovation will be the use of peer-witness, for the fabrication phases, and peer-jury procedures, for all server room accesses, to radically reduce the risks of abuse by insiders and 3rd parties; similar in principle to what was enact by the NSA with its 2-man rule after Snowden.

PROPOSAL IN THE CONTEXT OF SIMILAR EU MILITARY CAPABILITY INITIATIVES

TRUSTLESS pursues a scope similar to that of the EDA SoC project, except ours aims initially at communications; has a much higher ecosystems resilience; does not rely on upfront trusted components, providers or fabrication processes. Third parties will be able to utilize the open-licensed results to create systems compliant with “national crypto standards” – for the state and non-state clients  – delivering a much higher assurance that no additional “exceptional access means” or critical vulnerabilities, malicious or accidental, exist in such systems.
Last June 2018 there was a deadline for the System-On-Chip/System-in-Package Call within the Preparatory Action on Defence Research. Although our project ha several similarities, it does not replicate but complements it for the following reasons:

(1) Does not merely rely on current EU STATE SECRET standards, but devotes substantial effort in creating a new certification schema (and its governance) to achieve deeper and more comprehensive certifications, while still aiming to be EU SECRET compliant after an initial go-to-maker in the private consumer and enterprise sectors.

(2) It is conceived as dual-use from the beginning to facilitate very wide economic and public inspection synergies to create a larger critical mass to support the increase of the level of security and features of the resulting technologies and certifications.

(3) Does not attempt to create an ecosystem around fabrication standard of under 28nm. Our deep research has shown that foundries with such capabilities are way too complex to allow the necessary level of security oversight, are located outside EU and/or controlled by global groups with strong current and future pressures from non-EU nations.

FEATURES, DOMAINS & PRJ STAGES

Initially aimed at dual-use strategic communications, its technologies and certification processes are nonetheless designed to be extended at a later stage to high-resiliency systems for military mission use, and “mission-configurable services in a secure cloud”, by supporting systems addressing resiliency and availability at the same level of assurance.
Aimed in its 1st stage (5M€) at very basic mobile and desktop text/voice communications for the most critical scenarios, it is designed to act as a veritable EU Trustworthy Computing Base for a wide variety of high-assurance computing domains, including mass-market business consumers. The initial stage is conceived to enable the 2nd stage (4-14M€) to make the project extensible, adaptable and scalable to:

(1) Communications, cloud and/or e-transactions (such as e-banking, e-government, e-health, e-signatures) end-2-end services and devices, in mobile,, kiosk and governmental POS; including large-scale mass-market business and consumer scenarios with high-user friendliness.

(2) A wide variety highest-assurance communications, cloud and IoT domains that –  in addition, or alternative to confidentiality, integrity, authenticity and non-repudiability – require the highest levels of assurance for availability and resiliency, albeit compatible with the form factor, performance and power consumption of the 1st stage architecture.

POTENTIAL FOR MALEVOLENT USE

Notwithstanding the levels of assurance sought and the public verifiability of the digital designs of all critical hardware and software components, we believe that (after 7 years of research) to have nearly eliminated the potential for malevolent use, through highly innovative mitigation measures to radically reduce the risks of hampering legitimate cyber-investigation. TRUSTLESS will, therefore, have a substantially positive overall impact on public safety and cyber-investigation capabilities, and will avoid or radically reduce potential for malevolent use.  (For more see the Framework Proposal PDF)

COMMUNICATION OPPORTUNITIES

The initiative will be supported by an EU-wide and global public-private-NGO communication campaign, and event series, aimed at new international certifications and certification bodies for dual-use highest-assurance IT – following on the trails of our Free and Safe in Cyberspace, workshop series and its outcome in the form of a Position Paper for an international Trustless Computing Certification Body. (For more see the Framework Proposal PDF)

INTRO DOCUMENTS

  • A 28-pager slide deck PDF (new Sept 25th 2018 revision)
  • A 60-pager draft Trustless Dual-Use Framework Proposal and a 3-pager Summary can be found here in PDF.