Trustless Dual-Use is an initiative lead by the Trustless Computing Association that aggregates leading public and private partners to submit, a set of €15-25M+ EU/national public-private co-funding proposals to to create a European dual-use IT platform, computing base, ecosystem and certification schema, Trustless Computing Certification Body, that aim to radically exceed the civilian and military state of the art in IT security, while at once solidly preventing criminal abuse and retaining legit cyber-investigation capabilities. Initially aimed at the most confidentiality-critical and integrity-critical societal scenarios in the area of communications and transaction, and then expanded to ultra-high availability scenarios.
AMBITION & GOALS
These joint initiative aim to sustainably enable the provisioning of end-2-end IT services – and related life-cycle and supply-chain – that are capable of resisting persistent investments of tens of millions of euros, by largely-unaccountable state and non-state actors, aimed at acquiring access to critical remote vulnerabilities in the life-cycle and supply-chain, through discovery or active subversion of all kinds. The project aims is to create an open-licensed patent-unencumbered publicly-inspectable set of core critical IT technologies, and a highly resilient ecosystem extending from standard-setting body to fabrication oversight. It will uniquely enable unprecedented and constitutionally-meaningful assurance levels of confidentiality, integrity, authenticity and non-repudiability for end-2-end IT services, civilian and dual-use applications while avoiding significant risks of malevolent abuse and obstruction to legitimate cyber-investigations.
UNIQUE SECURITY PARADIGMS
(1) The project will achieve previously unimagined levels of trustworthiness by uniquely merging best-of-breed industry-proven blockchain technologies with radically-unprecedented levels of endpoint security – by removing all unverified trust all the way down to CPU, hosting management, fabrication oversight, and standards-setting governance – and therefore essentially reducing cybersecurity to a cyber-social governance problem.
(2) To achieve and maintain such trustworthiness levels, it will involve world-leading partners and scientists to devise radically new ideas and concepts, and extend, merge – and apply to end-user ICT systems – best-of-breed “zero trust” socio-technical paradigms from different scientific fields, including: (a) socio-technical principles of highest-trustworthiness dual-use ICT and civil aviation systems; (b) citizen-witness-based and voting-booth organizational procedures from democratic governance, and; (c) organizational constituent processes, and statutory architectures, aimed at extreme transparency, user/citizen-accountability and technical-proficiency.
(3) It achieves such trustworthiness levels by uniquely ensuring complete verifiability, adequate verification relative to complexity, and “constituent-witness” oversight, of any and all potentially critical service components, from standard setting to ICs fabrication oversight to server room access procedures. Extreme safeguards for transparently reconciling lawful access and personal confidentiality will be key for its legal sustainability – and radical mitigation of potential malevolent use – and therefore foster a critical mass of EU dual-use investments to create a comprehensive a resilient “EU trustworthy computing base” and ecosystem.
(4) Key to all will be the design of an extremely trustworthy, proficient and accountable international certification body. A key innovation will be the use of peer-witness, for the fabrication phases, and peer-jury procedures, for all server room accesses, to radically reduce the risks of abuse by insiders and 3rd parties; similar in principle to what was enact by the NSA with its 2-man rule after Snowden.
An August 2018 live draft 60-pager draft Trustless Dual-Use Framework Proposal PDF
TRAGET USE CASES & DOMAINS, FEATURES & PRJ STAGES
Initially aimed at dual-use strategic communications, its technologies and certification processes are nonetheless designed to be extended at a later stage to high-resiliency systems for military mission use, and “mission-configurable services in a secure cloud”, by supporting systems addressing resiliency and availability at the same level of assurance.
Aimed in its 1st stage (5M€) at very basic mobile and desktop text/voice communications for the most critical scenarios, it is designed to act as a veritable EU Trustworthy Computing Base for a wide variety of high-assurance computing domains, including mass-market business consumers. The initial stage is conceived to enable the 2nd stage (4-14M€) to make the project extensible, adaptable and scalable to:
(1) Communications, cloud and/or e-transactions (such as e-banking, e-government, e-health, e-signatures) end-2-end services and devices, in mobile,, kiosk and governmental POS; including large-scale mass-market business and consumer scenarios with high-user friendliness.
(2) A wide variety highest-assurance communications, cloud and IoT domains that – in addition or alternative to confidentiality, integrity, authenticity and non-repudiability – require the highest levels of assurance for availability and resiliency, albeit compatible with the form factor, performance and power consumption of the 1st stage architecture.
Such proposals will be submitted primarily by contribution by private partners and EU/national innovation funding to the 590M€ 2019-2020 European Defence Industrial Development Plan (EDIDP), and EDA Cat-B, ECSEL-JU, H2020 a and national funding programs and private co-funding. EDIDP funding presupposes the participation of at least 3 EU Ministries of Defense and several SMEs.
PARTNERS & PROSPECTS
In addition to our longtime public and private partners – too long to list – we have received much and mounting interest so far by Ministries of Defence and Security Agencies of Italy, Germany and Austria.
In addition, we have been engaging with private partners: major banks, defense contractors, national posts or “digital agencies” in Italy, Germany and Austria: including Engineering, Cybertech, Cybaze, Thales (Cto) BV-tech, Leonardo, R&D Cybersecurity, Secunet, Poste Italiane, Post Luxembourg, Deutsche Bank, ENEL, Solaris Bank, EU Digital SME Alliance. We are working on extension to other EU nations, such as Luxembourg, France and Switzerland.
We have over the last 3 years engaged with:
* Ministriy of Defense of Austria (Head of Reasearch, CIO, Head of A-SIT),
* Ministry of Defense of Germany (Cyber Innvation Hub, Internal IT Dept., During 2015-2-017Met very extensively with German official that was at the timethe former Head of Invformation Superiority of EDA)
* Ministry of Defense of Italy (met the twice Undersecretary of the Ministry of Defense of Italy (with delegation to cybersecurity) on July 23rd 2018. The new Italian Minister of Defense Elisabetta Trenta had agreed to join our event in Berlin on May 4th, – wth German Minsitry of Interior and Defense and Head of R&D of Deutsche Telekom – albeit had to cancel for delays in Italian government formation process. Next September, we’ll be meeting the Head of General Planning of SMD III Department for Military Politics and Planning of the Italian Ministry of Defense, which has expressed “absolute interest” in our initiative, and extended invitation to SMD VI (cyber systems procurement), Italian MoD Cyber Command (CIOC) and Segredifesa (R&D).
RELATION TO SIMILAR EUROPEAN MILITARY CAPABILITY INITIATIVES
TRUSTLESS pursues a scope similar to that of the EDA SoC project, except ours aims initially at communications; has a much higher ecosystems resilience; does not rely on upfront trusted components, providers or fabrication processes. Third parties will be able to utilize the open-licensed results to create systems compliant with “national crypto standards” – for the state and non-state clients – delivering a much higher assurance that no additional “exceptional access means” or critical vulnerabilities, malicious or accidental, exist in such systems.
Last June 2018 there was a deadline for the System-On-Chip/System-in-Package Call within the Preparatory Action on Defence Research. Although our project ha several similarities, it does not replicate but complements it for the following reasons:
(1) Does not merely rely on current EU STATE SECRET standards, but devotes substantial effort in creating a new certification schema (and its governance) to achieve deeper and more comprehensive certifications, while still aiming to be EU SECRET compliant after an initial go-to-maker in the private consumer and enterprise sectors.
(2) It is conceived as dual-use from the beginning to facilitate very wide economic and public inspection synergies to create a larger critical mass to support the increase of the level of security and features of the resulting technologies and certifications.
(3) Does not attempt to create an ecosystem around fabrication standard of under 28nm. Our deep research has shown that foundries with such capabilities are way too complex to allow the necessary level of security oversight, are located outside EU and/or controlled by global groups with strong current and future pressures from non-EU nations.
POTENTIAL FOR MALEVOLENT USE
Notwithstanding the levels of assurance sought and the public verifiability of the digital designs of all critical hardware and software components, we believe that (after 7 years of research) to have nearly eliminated the potential for malevolent use, through highly innovative mitigation measures to radically reduce the risks of hampering legitimate cyber-investigation. TRUSTLESS will therefore have a substantially positive overall impact on public safety and cyber-investigation capabilities, and will avoid or radically reduce potential for malevolent use.
The initiative will be supported by a EU-wide and global public-private-NGO communication campaign, and event series, aimed at new international certifications and certification bodies for dual-use highest-assurance IT – following on the trails of our Free and Safe in Cyberspace, workshop series and its outcome in the form of a Position Paper for an international Trustless Computing Certification Body. (For more see the Framework Proposal PDF),
An August 2018 live draft 60-pager draft Trustless Dual-Use Framework Proposal PDF