CloudProtect: Software protection in a hybrid world
Just as the world came to terms with a new age of virtual data and remote work, Wibu-Systems, the encryption and licensing specialists from Karlsruhe, helped put the finishing touches on the CloudProtect project, a collaborative initiative made in Germany aimed at providing more robust protections for machine operating software, configuration data, and digital designs.
Run in cooperation with the Technical University of Darmstadt, Germany, and the Offenburg University of Applied Sciences, CloudProtect was initiated in the summer of 2018 to develop a new way to protect software, digital artifacts, and other IP in the increasingly connected and automated world of commerce and industry. With extensive financial support from the German Ministry of Education and Research and with intensive and dedicated research, a demonstrator system was designed to showcase in practice how the common cloud infrastructure could be bolstered with ingenious security technology to deliver a system with the level of protection, scalability, and availability that the modern economy depends on.
In the digital future envisioned at the outset of the project and made real for many people around the world far sooner than expected as 2020’s events forced the hands of businesses and governments everywhere, software and data have become more mobile and ephemeral than ever before. Office workers moved wholesale into the comforts of the home office. Broken supply chains brought not only empty supermarket shelves, but also a rethinking of conventional manufacturing and logistics practices, giving industry automation and smart industry solutions another boost. Enterprises that had already seized on the potential of the cloud and Internet-driven business models had a marked headstart over their brick-and-mortar rivals.
In this environment, protecting data has become an uphill challenge, and even more so for the invaluable digital assets that have become the backbone of today’s economy: Machine operating systems, configuration data, designs, and confidential business intelligence. Encryption is accepted as the means to keep such data secure, but it comes with its own challenges, as the necessary cryptographic operations have to happen in secure environments, the required keys must be stored and handled securely, and the entire infrastructure has to be set up to ensure that every actor and device involved in the process is genuinely trustworthy.
In the CloudProtect project, the developers at Wibu-Systems and their academic peers in the teams at the Technical University of Darmstadt, led by Professor Ahmad-Reza Sadeghi, and the Offenburg University of Applied Sciences, led by Professor Andreas Schaad, decided to face these challenges by way of a clever technological trick: Using enclaves, specially protected memory areas in the cloud, to handle all the critical encryption work safely distanced from the actual software operations. The enclave technology, Intel’s SGX, was chosen after further enhancement of its security with a unique cache randomization technique that toughens up the system’s weak spot − its susceptibility to certain side-channel attacks.
Wibu-Systems, the industry partner on the project and long-standing pioneer in IT security and encryption in Germany, integrated the teams’ work into a fully-fledged and working cloud-based software protection demonstrator. Finished on schedule in July 2021, the model solution delivered successfully on its promise. It provides tamper-proof software protection capabilities for the unpredictable and ephemeral world of today’s digital economy, in a highly available, highly scalable, and extremely secure package. With technologies like those underpinning the CloudProtect project or Wibu-Systems’ own range of encryption and protection products and services, the new normal of remote work, smart factories, and commerce happening in the cloud has the tools and concepts it needs for a secure and trustworthy future.
Dr. Carmen Kempka, Director Corporate Technology at Wibu-Systems, sees the bigger picture: “Our work life has become quite arbitrary in practice: We work from random workplaces − from home, in the office, on business travel, from anywhere on earth. Applications are outsourced into the cloud or need to be accessible from arbitrary places and devices. With CloudProtect, we have given the world a model for how this can be done better and more securely.”
- Press Release 235 кБ