Information Technology (IT) is increasingly utilized in railway systems to introduce new functions and improve process efficiency. Due to the digitalization of the railway infrastructure and the replacement of proprietary networking infrastructures with IP-based infrastructures the risks of cyberattacks increases and new IT security requirements appear. As the railway system is a critical infrastructure, that is strongly regulated by the German IT security act (IT-Sicherheitsgesetz), appropriate security solutions need to be developed. The aim of HASELNUSS is the development of a customized, hardware-based security platform for the railway command and control system that provides the required security functions without jeopardizing safety. The platform features provisions to ensure the system integrity and constitutes the foundation for secure infrastructure networking. It includes secure patch and update management, health monitoring, anomaly and attack detection as well as countermeasures against side-channel attacks. The developed security platform will be implemented in demonstrators during the project.
More information: https://haselnuss-projekt.de/
Funded by: German Federal Ministry of Education and Research
In recent years, the majority of the world's Critical Infrastructures (CIs) evolved to become more flexible, cost efficient and able to offer better services and conditions for business opportunities. Towards this evolution, CIs and companies offering CI services had to adopt many of the recent advances of the Information and Communication Technologies (ICT) field. This adaptation however, was rather hasty and without thorough evaluation of its impact on security. The result was to leave CIs vulnerable to a whole new set of threats and attacks that impose high levels of risk to the public safety, economy and welfare of the population. In so far, the main approach to protect CIs is to handle them as comprehensive entities and offer them a complete solution for their overall infrastructures and systems (IT&OT departments). However, complete CI protection solutions exist in the form of individual products from individual companies. These products integrate only in tools/solutions designed by the same company, thus offering limited technical solutions. The main aim of CIPSEC is to create a unified security framework that orchestrates state-of-the-art heterogeneous security products to offer high levels of protection in IT (information technology) and OT (operational technology) departments of CIs. As part of this framework CIPSEC will offer a complete security ecosystem of additional services that can support the proposed technical solutions to work reliably and at professional quality. These services include vulnerability tests and recommendations, key personnel training courses, public-private partnerships (PPPs), forensics analysis, standardization and protection against cascading effects. All solutions and services will be validated in three pilots performed in three different CI environments (transportation, health, environment). CIPSEC will also develop a marketing strategy for optimal positioning of its solutions in the CI security market.
More information: https://www.cipsec.eu/
A video explaining the project: https://youtu.be/eb02CUfK648
Funded by: European Commission (H2020)
The Doctoral College “Privacy and Trust for Mobile Users” was launched in October 2015. It is a highly interdisciplinary collaboration between Computer Science and the fields of Law, Economics, Sociology, and usability research funded as Research Training Group by the German National Science Foundation. Mobile information and communication technology has become virtually ubiquitous due to the proliferation of smartphones and tablet computers; large sections of the society use it to their advantage. In reference to the relationship users-network, public debates highlight the increasing transparency of users – in the sense of a surveillance society – while the network is deemed to become increasingly nontransparent, i.e. inscrutable. The proposed Research Training Group (RTG) plans major contributions to reversing this trend: It shall enable better privacy protection for users and better transparency, i.e. assessability of the network; Privacy protection shall be customizable to personal interests yet manageable by the lay person; Privacy-opposing economic or societal interests shall be better reconciled.
Crises, disasters and major emergencies are triggered by force of nature, human or technical failure, violence and terror. They threaten human lives, public safety in the affected area and the economy beyond the region. Technical infrastructures are damaged or fail. The LOEWE focus NICER (Networked Infrastructureless Cooperation for Emergency Response) investigates how infrastructureless information and communication technology can connect people in the event of a crisis and thus enable cooperation to overcome the crisis.
Funded by: LOEWE, Hessen State Offensive for the Development of Scientific and Economic Excellence
The mission of PRACTICE is to design cloud computing technologies that allow computations in the cloud thus enabling new business processes while keeping the used data secret. Unlike today – where insiders can access sensitive data – PRACTICE will prevent cloud providers and other unauthorized parties from obtaining secret or sensitive information. Information processed by businesses, government organizations and individuals often comes with confidentiality and integrity requirements that the processing party must adhere to. As a result, data processors must deploy security controls for their ICT infrastructure, protecting it against external as well as internal attackers. This is relatively easy when this infrastructure is local and controlled by the processing party, but much harder when it is provided by an external service provider. Cloud services promise great benefits in terms of financial savings, easy and convenient access to data and services, as well as business agility. Organizations and individuals therefore choose to outsource their data to the cloud, where an untrusted party is in charge of storage and computation. A major concern for the adoption of cloud computing is the inability of the cloud to build user trust in the information security measures deployed in cloud services. Common computing techniques cannot be applied on encrypted data, and therefore the data and the programs that compute on the data must be decrypted before being run on the cloud infrastructure. A comprehensive solution for securing the cloud computing infrastructure can be based on cryptographic mechanisms of secure computation. These mechanisms allow for distributed computation of arbitrary functions of private (secret) inputs, while hiding any information about the inputs to the functions.
Funded by: European Commission (FP7)
CyberROAD is a research project funded by the European Commission under the Seventh Framework Programme. The project is aimed to identify current and future issues in the fight against cyber-crime and cyber-terrorism in order to draw a strategic roadmap for cyber security research. A detailed snapshot of the technological, social, economic, political, and legal scenario on which cyber crime and cyber terrorism do develop will be first provided. Then, cyber-crime and cyber-terrorism will be analyzed in order to indentify research gaps and priorities.
Funded by: European Commission (FP7)
Physically Unclonable Functions (PUFs) are used to uniquely identify electronic components and to protect valuable objects against counterfeiting. They allow creating a root of trust in a hardware system through generating device-unique “fingerprints” and deriving secret keys from the underlying physical properties of the silicon. Today they are typically found in specially designed hardware components and result from the silicon properties of individual transistors. They exist in many forms, among which are the so-called SRAM PUFs. The Physically unclonable functions found in standard PC components (PUFFIN) project intends to study and show the existence of SRAM PUFs and other types of PUFs in standard PCs, laptops, mobile phones and consumer electronics. This has not been attempted so far. The mere existence of physical properties that depend on a component and are reproducible is only the first step to guarantee appropriate robustness, reliability and randomness properties for use as secret keys or trust anchors in mass-market applications.
Funded by: European Commission (FP7)
One of the major challenges for the future relates to software innovations, which, in view of the rapid development of the Internet community, can strengthen the economic performance of companies and their networks. Information and communication technology is the decisive driver behind product and process innovation, and digital companies dynamically align their business models and processes with this. The current basis for developing the business software of the future is the paradigm shift in the software industry towards open, service-oriented software platforms. The Internet of the future will allow digital companies to combine their services more easily and implement their business processes more quickly, more dynamically and more flexibly. Furthermore, it will be possible to extend service functionalities by combining powerful solutions. IT security solutions will play a central role to provide a trusted service ecosystem. Within the project, we look at different security aspects of services and cloud computing.
Funded by: Bundesministerium für Bildung und Forschung
In the UNIQUE project we focus on the problem of counterfeiting and tampering with integrated circuits (ICs), which are at the core of modern electronics products and IT systems. We will develop an integrated approach to protect hardware systems against counterfeiting, cloning, reverse engineering, tampering, and insertion of malicious components. Our interest concerns generic hardware systems and components in general and in particular those ICs and hardware components that provide cryptographic and security functionality (e.g. cryptographic co-processors, smartcards) and are used as security anchors in the devices they are embedded in. We will refer to these types of ICs as “security hardware”. To address the IC counterfeiting and tampering problem comprehensively, we aim at investigating and developing a complete solution from hardware-based crypto and security building blocks, security architectures, protocols and algorithms to design and evaluation principles necessary to detect counterfeiting or malicious components of hardware. The fundamental ideas underlying this proposal have been very recently discovered and will serve as a foundation for novel concepts, whose feasibility will be demonstrated. We design novel hardware labelling and authentication mechanisms and schemes based on physical properties of the underlying hardware components using sub-micron physical security primitives such as the new concept of Physically Unclonable Functions (PUFs). The novel tools, methodologies and principles that we develop within this project will permit technology players to develop new products that can be brought to the market enhancing the assurance and security against counterfeiting and tampering of hardware components in a variety of areas such as consumer electronics, automotive and avionic, critical infrastructures and governmental use.
Funded by: European Commission (FP7)
In a few years, biotechnology will allow to sequence a full human gemome correctly and cheaply. This development will enable the use of genomic data both for clinical and research purposes. However, the human genome contains very sensitive information, which requires strong privacy protection. Currently, biomedical data is mainly protected by anonymization techniques, wich are not secure against re-identification attacks; furthermore, no formal confidentiality guarantees can be obtained. Within this project, we develop novel techniques to protect genomic data. Sensitive data is encrypted and not available in clear text to the parties involved; special cryptographic protocols will be developed to access the encrypted genomic sequence without prior decryption. We will furthermore demonstrate the practicality of the techniques by implementing a research prototype.
Funded by: Deutsche Forschungsgemeinschaft (DFG)
Since the amount of personalized data stored both in the public and the private sector is continuously increasing, there is a growing need for data privacy. In the past, data privacy was assured through procedures, laws or access control policies. However, these protection mechanisms tend to be ineffective once data is outsourced to partially untrusted servers or processed by third parties. The Security Engineering Group develops a new approach to data privacy by constructing cryptographic Privacy Enhancing Tehnologies (PETs). In this approach, data is kept encrypted and cryptographic protocols are used to compute directly with encrypted values without decryption. Since sensitive data is never available in the system in the clear, the approach provides a high level of data privacy and even allows to control the amount of information on sensitive data that leaks to third parties. Cryptography has developed in the past a number of tools that allow to construct cryptographic PETs (among others homomorphic encryption and Secure Multiparty Computation). However, their application to practical problems is still a challenging task and requires fundamental research to meet stringent cost and time constraints.
Funded by: CASED, Deutscher Akademischer Austauschdienst (DAAD)