UBITECH is participating at the kick-off meeting, in Graz, Austria (January 23-24, 2018), of the FutureTPM Research and Innovation Action, officially started on January 1st, 2018. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 779391) and spans on the period January 2018 – December 2020. The FutureTPM project aims to deliver a Quantum-Resistant (QR) Trusted Platform Module (TPM) providing a new generation of TPM-based solutions, incorporating robust and physically secure Quantum-Resistant cryptographic primitives (formally verified), to ensure long-term security, privacy and operational assurance in the complex domain of future ICT systems and services.
The action’s goal is to enable a smooth transition from current TPM environments, based on traditional cryptography, to systems providing enhanced security through QR cryptographic functions, including secure authentication, encryption and signing functions, thus, turning the host device into a “hardened” security token that may also remain secure long-term against an enhanced threat landscape in quantum computing deployments. By designing an innovative portfolio of high-security QR algorithms for primitives like Key Management, Encryption, Signatures, Hash-Functions, Message Authentication Codes (MACs) and Direct Anonymous Attestation (DAA), FutureTPM will fill the perceived gaps in the current status of cybersecurity and generate a secure root of trust that can be used for e.g., interacting with cloud services, accessing corporate services and performing banking and eCommerce transactions.
UBITECH undertakes the technical integration lead of the project’s R&D activities, while UBITECH R&D team significantly contributes towards the definition and design of the adversary and security models for the whole TPM and leads the specification and implementation of run-time risk assessment and vulnerabilities analysis framework, by defining the threat and vulnerability model and risk assessment methodology for a QR TPM-based system, and by realizing a reactive run-time risk assessment and mitigation environment to ensure security of use cases in the face of emerging threats and vulnerabilities.