APPLIED AND INTEGRATED SECURITY

Transcription

1 APPLIED AND INTEGRATED SECURITY Directors: Claudia Eckert (Managing) Georg Sigl

2 SECURITY RESEARCH IN MUNICH Fraunhofer Institution for Applied and Integrated Security Claudia Eckert Georg Sigl TU München Electrical Engineering Georg Sigl TU München Computer Science Claudia Eckert 2

3 AISEC MISSION: MIT SICHERHEIT INNOVATIV! Development of innovative Security Technologies to improve Robustness, Dependability and Security of IT-based Systems and Infrastructures Development of innovative, new Applications to improve existing (IT-based) Workflows and to enable new Business Models Development of Test Methods and Tools to improve the Quality of Products, Designs, Applications, to minimize Risks and reduce Damages

4 AISEC KEY FIGURES Employees: 2013: current status: 98 (incl. 62 FTEs) Plans for further growth 2014 > > 150 Financing (Fraunhofer Model) Up to 30% state directly, 70% 3 rd party research projects

5 AISEC FIELDS OF EXPERTISE Embedded Security Smartcard & RFID Security Product Protection Cloud Security Network Security Automotive Security Smart Grid Security Evaluation Mobile Security Cyber Security

6 AISEC ORGANISATION

7 EMBEDDED SECURITY RESEARCH & DEVELOPMENT AREAS Secure (wireless) Transaction Systems e.g. Remote Keyless Entry (RKE) based on elliptic curves Concepts for Component Identification/Authentication using Physical Unclonable Functions (PUF) Hardware Security Modules (HSM) as hardware trust anchor Mechanism for Product and Piracy Protection to prevent cloning and IP theft Trustworthy Platforms and Virtualization as a secure software environment Methods and Tools to support designers in secure software design and verification

8 SECURE SERVICES RESEARCH & DEVELOPMENT AREAS Cloud Security: Security-Monitoring-Framework TapnDrop: Secure Data Exchange (e.g. in meeting) using Cloud Backend Storage Secure Distributed Storage Mobile Security: Security Analysis Framework for Android Vulnerability Assessments AppRay: App-Security Checks to be integrated e.g. in»company App Store«Penetration Test Test-Frameworks Compliance & Interoperability Analysis Interoperability Cloud Portfolio Whitepapers Knowledge Security as a Service Development Monitoring Testbed

9 NETWORK SECURITY RESEARCH & DEVELOPMENT AREAS Network Security: Security Architectures for Secure Cloud-Networking Software Defined Networking (SDN): Security Analysis, new Security Protocols & Applications Cyber Security: New and improved attack detection techniques Collaborative information exchange between e.g. operators, information exchange w/o loss of reputation System & Network Evaluation and Test PRIvacy VIolation DetectOR: Tool to support website analysis Security testing of Routers, Networks (Pentesting) etc.

10 AISEC Security Analysis Labs: Examples Hardware Security Lab Analysis and validation of HW components & security modules NFC Lab Analysis of NFC solutions, e.g., mobile payment Smart Meter Lab Vulnerability assessment of Smart Meter and Gateways Network-Lab Malware Analysis, SDN-Lab, HIP ( IPSec2.0 ) Cloud-Lab Interoperability tests on OpenSource Stacks, Security as a Service Mobile Lab Android, ios assessment, App security checks, BYOD solutions

11 Hardware Security Lab Attacks and Analysis (Differential) Power analysis (SPA, DPA) Template attacks Electromagnetic Radiation Analysis (EMA) Fault Attacks Temperature Attacks Offerings Security Analysis (Black Box, White Box) Design Verification Prototyping

12 SMART GRID Secure Smart Meter Problem Attacks on Control Systems Fraud Privacy Protection Innovative Solutions Security Concepts for Smart Meter and Gateways Adapted Hardware Security Modules and Efficient (Cryptographic) Protocols Concepts for Anonymity and Pseudonyms Advantage Development of Smart Grid Reference Architectures

13 TAPNDROP: SECURE FILESHARING THROUGH THE CLOUD Data Exchange via Cloud Spontaneous Data sharing in a Meeting between present People Client-side Encryption no Trust in Cloud Provider required Key Exchange through NFC: AES256 Session Key Session-Management: Limited Key Validity 13

14 APP-RAY: AUTOMATIC APP SECURITY CHECK Automated Check of Android-Apps for Security Weaknesses Privacy Violations User defined Catalogue of Criteria 14

15 AISEC PARTNERS* * without Research Institutes and Universities

16 NETWORKING Computer Science Electrical engineering TU Munich Other Research Institutions Fraunhofer Cloud Alliance Embedded Alliance Collaborative Work: e.g. ILT, IIS, EMFT, IWES, Safetrans CAST ev TeleTrust Associations AISEC Münchner Kreis WWR Organisations Kantara Cloud security Alliance BITKOM ETSI VDE/ITG GESA GFFT Eurosmart BICCnet (Security cluster) Car2Car TCG

17 SICHERHEITS-CLUSTER MÜNCHEN Technische Universität München

18 THE FUTURE Research Partners Cyber Security Center Industry & Appilcation Partners Passau fortiss CC Cyber- Security CC Test & Simulation CC Cloud & eid Ulm Erlangen Security Evaluation Secure Cyber Physical Systems Mobile Security

19 AISEC SERVICES AND OFFERINGS Studies risk analyses, evaluation of technologies and concepts Tests vulnerability analyses, technical pre-auditing Development concepts, proofs-of-concepts, implementation, integration Modeling security concepts, optimization of infrastructures & solutions Training & Consulting seminars, coaching

20 OUR STRENGTHS Our labs provide ideal environment for evaluations. Security analysis and testing Interoperability testing, conformance testing We have the right competences, environment and labs to design prototypes demonstrating tailored solutions, develop proof-of-concepts demonstrating improved solutions Our knowledge about all layers: Hardware, Embedded, Networking, Services, Cloud, Processes allows us to provide holistic security solutions. We participate in leading research projects (national and EU level)

21 THANK YOU Contact: Georg Sigl: Claudia Eckert: