Dynamic certificates aim to make cloud services more secure

09 February 2018

Professor Helmut Krcmar says his team has developed a dynamic system which can constantly check validity of cloud service certification over a period of time.

Professor Helmut Krcmar says his team has developed a dynamic system which can constantly check validity of cloud service certification over a period of time.

Researchers have come up with a new way of allowing cloud service providers to be checked and certified reliably.

While quality certification issued by accredited bodies already exists to guarantee data security, the researchers say these certificates are often awarded following a one-off examination and provided for just one to three years.

“Certificates lose their relevance to the current situation much quicker than in one to three years and therefore also their security,” says Professor Helmut Krcmar from the Technical University of Munich (TUM).

As part of the Next Generation Certification (NGCert) consortium, Krcmar and his team say they have now developed such a system for cloud services.

The project partners have created geolocation programs as part of the certificates. These constantly check the location of the cloud service provider’s computers, and also test all the paths taken by data packages sent from a company to the provider. According to the researchers, these paths are as characteristic as fingerprints; if they change, it can indicate that the data processing is taking place in a different region, possibly using foreign computers.

Another criterion is checking the legal certainty of the cloud services. Laws on data protection and data security can change frequently, such as the retention period for access data. A certificate issued as a one-off is unable to react to these changes within the legal framework, but Krcmar reckons that his team’s concept of dynamic certificates can also solve this problem. “There are many individual software components which can change independently of one another and after a certificate is initially issued – these are referred to as ‘modules’.”

In order to curb the misuse of invalid or expired quality certificates, the team has also developed initial ideas for models involving checking systems that operate independently from the respective cloud service providers and can be offered as an autonomous, objective system.

In the future, the researchers are aiming to extend their results to include the consumer market in an effort to boost trust in cloud services and similar areas, such as e-commerce and location-based services.