Verification, accountability and automation mechanisms for the NGI

May 09 2018

Supporting safety of EU citizens and their data and ensuring the business and social connectivity is the foremost concern in the NGI initiative. The challenge is to provide efficient accountability and security mechanisms for the operational NGI initiative with tamper-proof technical solutions such as security proofs, risk protection, as well as whistle-blowing options and accountability mechanisms. These solutions should ensure high availability of the NGI, counter issues such as sabotage or surveillance, and provide distributed trust mechanisms to remove single points of failure. Given the inherent vulnerability of any single root of trust, there is a preference for distributing trust mechanisms to remove single points of failure, and finding ways to delegate trust in an auditable and controlled way.

Security solutions should also include mechanisms to encourage automating incident and abuse-handling to further enable safe Internet usage during outage. Streamlining and automating how incidents are handled across the highly connected network is an important part of maintaining high availability. This will make the overall system more secure, because it will allow increased responsiveness to changing operational conditions, particularly in time of emergency. The goal should be to improve the trustworthiness and sustainability of the Internet, enabling innovation. This will reduce future cost of security auditing by creating verifiable trustworthiness that cannot be perverted. It will also lower the overall cost of deployment and maintenance while improving responsiveness. 

While building such solutions, we need to follow the technical baseline for cryptographic functionalities. We need to make sure that the higher level technology aspects are not lost to low level hardware incapabilities, e.g. offer Secure Random Number Generation, Secure Key Storage and Cryptographic Acceleration.