Interview: Meet SCoP – Secure-by-design Communication Protocols

The usage of emails has been massively widespread by both individuals and companies. But how secure are our data? This is where SCoP project comes into play. Find out more in this interview with Romain Calascibetta, one of the members behind this team.

Can you briefly introduce yourself?

My name is Romain Calascibetta. I’m 28 years old and I work at Tarides, a company that builds open source, functional systems and libraries in OCaml. I started programming with PHP, at the age of twelve, and I continue to develop software, mainly in OCaml. Over the past five years, I have specialised in developing protocols and have developed alternative technologies for more secure communications.

I also like to travel and play the guitar. I’ve previously lived in the UK, where I worked at the University of Cambridge as a research assistant for a year.

 

What is your motivation to work in the data portability field?

The internet exists only because many people achieve consensus around specific protocols and formats. The result of this agreement is data portability: the ability to share data and to communicate without any constraints. My goals are to implement these protocols/formats and strengthen data portability, in order to continue, at least, to maintain this ecosystem and improve portability with more data security and privacy. These mechanisms are important as they help us to share our knowledge, globally, and to learn from each other.

 

How did you hear about DAPSI and what drove you to apply?

The network of companies and organisations that I work in has previously participated in similar programs, such as NGI, for example. They alerted me to the DAPSI program, and we decided to apply because the goals of the program are aligned with our own goals.

 

In simple words, what challenge does your project address?

My project re-implements existing protocols but with a new perspective. It’s easy to never question the tools we use, nor evaluate them. But my task is archaeological in the sense of researching these protocols and formats, critically, to develop and improve them so that they address the new issues we face, and so that they provide us with the security and privacy that data porting now needs, and will need, in the future.

My new email protocol will also become part of a secure communications architecture that is implemented as an interspatial infrastructure within a building. This architecture is based on a new operating system, OSMOSE, which, together with e-ink, display wallpaper, parametric audio speakers, gesture recognition, and smart lighting, replaces smart-phones, watches, and laptops, and allows people to communicate securely, with extremely low latency and high bandwidth, using local-area computation capabilities.

 

What solution are you developing?

We are mainly focused on two areas: abstraction and security. Abstraction allows us to re-use what we do in new contexts. An example of one such abstraction is our implementation of the TLS protocol which can be used over a Unix socket or with Tarides’ TCP/IP stack. It can also be used in a unikernel or a simple Unix executable, using the kernel’s TCP/IP stack.

Security is equally important to us, and we are focused on developing security measures in order to reduce the risk of exposing private data. Our approach is based on reducing the components of communication protocols and formats to the essential minimum, so that intermediary organisations and technologies are not needed and, more importantly, are unable to intercept during a communicative event. The most secure application is the one that you have full control of.

Our data security solution evolved from our existing operating system, MirageOS. First of all, we try to ensure that the protocol implementation has as few bugs as possible, using type-safe language as it is shown that 70% of security issues come from language flaws. We then structure our communication stack as a collection of micro-services, where each service has access to the minimum required amount of private data. All of these services can then be deployed as isolated, secure unikernels. This means that a security risk or vulnerability in one service does not imply a security risk in the others!

Our work will provide organisations, businesses, and individuals with another way to communicate that is still compatible with the ecosystem, due to shared portability protocols. We don’t want to replace everything but we are excited to be able to offer users a set of secure-by-design components that can be flexibly assembled to form a scalable and secure communication stack, that handles both emails and instant messaging.

 

What will be the next steps?

Scalability is our final goal. We already have a number of services with our solutions but we intend to scale-up to a much more complex service. Our new email service represents a good opportunity for us to achieve this increased scale.