The FORTIKA Concept in a nutshell
The FORTIKA project aims to provide SMEs with an embedded, smart and robust hardware security layer (FORTIKA accelerator) enhanced with an adaptive security service management ecosystem (FORTIKA marketplace). Security services vary from access-control to real-time data filtering. Thus, providing services exclusively from the cloud may in some use cases fail to meet latency requirements. As a solution, an appliance, based on an innovative custom tailored FPGA hardware accelerator or implemented as a virtual appliance, will be deployed in house to provide adequate resources, thus the platform for local deployment to provide the desired services and provide a high level of QoE. Using the FORTIKA Middleware appliance that operates in the fog area, latency will be minimal since services will provided in close vicinity and only preprocessed data will be sent to the cloud for further processing. Additionally, the appliance will be able to connect and orchestrate all the other systems in the network, in order to enable the delivery of a large number of time-critical security services to the edge of the network, in the premises of the end user.
The FORTIKA middleware will be easily adopted or embedded on existing networks and each user/admin will be able to choose from a number of available security services through FORTIKA trusted security marketplace. The marketplace will enable (third-party) service providers to specify security services (the required software and hardware resources needs) and sell or advertise these through a secure and easy to use interface. For a service to become available in the marketplace certain criteria – specifications should be met in terms of: usability, relevance (to SME needs), operational transparency and security effectiveness.
From their perspective, users (i.e. SMEs) may utilize a variety of services and share profiling information with the service providers in return for tailored security services aligned with their actual needs. The FORTIKA marketplace will also function as a single point of access for the profiling information for each SME; user profiling information will be kept locally at the FORTIKA security accelerator, while homomorphic encryption will be applied so that security services are tailored to each enterprise’s individual profile/needs without sensitive profiling data being known to third-party security service providers. This way, the risk of indirect exposure of such valuable data to non-trusted third parties will be practically eliminated. Different levels of adaptation to digital ICT services will become also feasible: for instance, the introduction of variable security levels according to the position, role and/or responsibility of the individual intra-enterprise user, as well as the sensitivity and value of data handled. In this context, the FORTIKA project adopts an innovative architecture to fulfil the following purposes: (a) scrutable user-side adaptability with dynamic privacy control by exploiting a predefined (by the user) configuration (b) re-usability of the parts of a user model across different services.