The blurring of the boundaries between different communications networks (.e.g. mobile phone, internet etc.) and the increased networking inside and between companies make information and service mobility imperative. However, access and integration of data must be both reliable and secure.
Companies who outsource their data to software-as-a-service (SaaS) providers, for example, must be sure that the cloud-stored data is not misused. This creates new security requirements which can only be safeguarded through new concepts. On first sight, the protection from use of data on mobile devices and the integration of services in cloud computing are very separate issues. However, closer inspection shows that the concepts for solving both problems are very similar if not identical.
The MimoSecco project is concerned with the conception and development of a complete technical architecture which increases the security of mobile data processing in the cloud. Central to this is the development of a flexible “middleware” solution which guarantees the data management security through different SaaS providers and implements a reliable rights management system. The MimoSecco solution will be conceived in such a way that it is not only optimal for use in SME environments but also strengthens business confidence in using cloud-based services.
Insider attacks represent a significant threat to cloud providers in particular. This problem is further complicated by the fact that a number of new services are the result of bundled multiple third party provider services. MimoSecco will ensure security by providing, for example, remote encrypted connection between a mobile device and an enterprise server (or the communication connection of a service with another within a physical execution environment).
So-called "hardware tokens" available on certified security hardware are used as a "trust anchor." These are special smart cards protected against physical attacks which are available in a number of forms according to end-device usage (e.g. SD cards, USB sticks and PCI cards). They form the basis for role-dependent models for data access control according to a need-to-know principle as well as encrypted rights management.
Inexpensive security solutions for mobile business applications can thus be made available, with remote accessing of data in the company or the cloud from mobile devices and services becoming possible. Project results will be demonstrated according to two applications scenarios ("Consulting" and "Sophisticated Technical Customer Services").