Our research focuses on the design and analysis of security infrastructures. We cover the entire spectrum, from the development of security anchors for embedded systems to the design of security concepts for critical infrastructures.
We also conduct focused research in the area of transportation security.
UNICARagil is a collaborative project carried out by a consortium of seven German universities and six industrial partners, with funding provided by the Federal Ministry of Education and Research of Germany. In the scope of this project, disruptive modular structures for agile, automated vehicle concepts are researched and developed. Four prototype vehicles of different characteristics based on the same modular platform are going to be build up over a period of four years. The four fully automated and driverless vehicles demonstrate disruptive architectures in hardware and software, as well as disruptive concepts in safety, security, verification and validation.
The Chair of Computer Engineering is responsible for the development of a security concept such that attacks on the autonomous vehicles cannot be carried out easily. We aim to integrate security aspects already during design phase. In this way, we guarantee that our measures become an integral part of the future vehicle.
Funded by: BMBF
A fundamental prerequisite for the development of society and the economy is that the actors and processes of present and future IT infrastructures can justifiably trust each other. Cryptography is an essential enabler of such trust, supporting important protection goals such as confidentiality, integrity, authenticity, and non-repudiation. Despite remarkable growth over the last 35 years in both the theory and practice of cryptography, today's solutions do not remotely meet all the requirements that arise in new and next generation computing environments. The goal of CROSSING is to provide cryptography-based security solutions enabling trust in new and next generation computing environments. The solutions will meet the efficiency and security requirements of the new environments and will have sound implementations. They will be easy to use for developers, administrators, and end users of IT, even if they are not cryptography experts.
Information Technology (IT) is increasingly utilized in railway systems to introduce new functions and improve process efficiency. Due to the digitalization of the railway infrastructure and the replacement of proprietary networking infrastructures with IP-based infrastructures the risks of cyberattacks increases and new IT security requirements appear. As the railway system is a critical infrastructure, that is strongly regulated by the German IT security act (IT-Sicherheitsgesetz), appropriate security solutions need to be developed. The aim of HASELNUSS is the development of a customized, hardware-based security platform for the railway command and control system that provides the required security functions without jeopardizing safety. The platform features provisions to ensure the system integrity and constitutes the foundation for secure infrastructure networking. It includes secure patch and update management, health monitoring, anomaly and attack detection as well as countermeasures against side-channel attacks. The developed security platform will be implemented in demonstrators during the project.
More information: https://haselnuss-projekt.de/
Funded by: German Federal Ministry of Education and Research
The CYSIS working group was established by Deutsche Bahn AG and TU Darmstadt within the framework of the Innovation Alliance and the existing DB RailLab on 25 January 2016. The purpose of the group is to discuss the cybersecurity challenges faced by the increasing digitalisation of the railway sector. CYSIS forms a basis for an intensive exchange of information between industry and academia in the railway sector, in order to benefit from each other's knowledge. Effective defense mechanisms and countermeasures are investigated with the assistance of partners from academia. CYSIS regularly publishes whitepapers and technical guidelines.
CYSIS consists of the following subgroups:
- Resilient Architectures (completed): The group discussed resilient architecturesfor railway signalling. A whitepaper has been published. It presents requirements for signalling systems in order to be prepared against cyberattacks.
- Business Continuity Management (completed): The operators of signalling systems need to be prepared for dealing with attacks. Concepts are developed to maintain a minimum of train operation even under attack.
- Security for Safety (completed): Train operation needs to be security aware. To build security in future interlocking systems, design decisions have to be made now. The decisions cover the system architecture, the lifecycle, the operation and the homologation process. The subgroup created a whitepaper and a short version was published in Signal + Draht 5/2018 in English and German.
- ETCS and Security (completed): Security aspects of the European Train Control System (ETCS) are investigated. It is currently the only signalling system in Germany that utilizes wireless information transmission, which has a significantly larger attack surface.
- Holistic Security (completed): Typically, security is regarded separately in railway signalling, rolling stock, and fixed installations. For a strong security concept, a holistic approach is required that includes the consideration of all three parts together.
- Internet of Railway Things: The group discusses essential security aspects of railway IoT by means of two realistic use cases. The security includes security requirements, attack vectors, threats, countermeasures, security architectures, and more.
- Bahn frei für die Firewall, bahn manager, #04-2016
- Cybersicherheitsrisiken in der Leit- und Sicherungstechnik, Der Eisenbahningenieur, March 2017
- Resilient Architectures:
- Security for Safety:
Security for Safety, Signal + Draht, 05/2018
- ETCS and Security:
Funded by: Deutsche Bahn