APPLIED AND INTEGRATED SECURITY

Similar documents
Applied and Integrated Security. C. Eckert

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Cyber Security and Privacy

Security Challenges in the Cloud

Hardware Security Modules for Protecting Embedded Systems

Secure & Interconnected Mobility: Integrated Security for Mobile, Automotive, and Cloud Computing

Security in Vehicle Networks

Embedded Java & Secure Element for high security in IoT systems

How to Secure Infrastructure Clouds with Trusted Computing Technologies

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios

Facilitated Self-Evaluation v1.0

EIT ICT Labs MASTER SCHOOL. Specialisations

The relevance of cyber-security to functional safety of connected and automated vehicles

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

Hands on, field experiences with BYOD. BYOD Seminar

Management of Security Information and Events in Future Internet

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Nokia Networks. security you can rely on

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

Brainloop Cloud Security

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC

PUF Physical Unclonable Functions

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

Crypho Security Whitepaper

exceet Secure Solutions Smart & Secure Network From Vision to Reality

WIND RIVER INTELLIGENT DEVICE PLATFORM XT

SCADA Security Training

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Cisco Advanced Services for Network Security

Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

Seminar: Security Metrics in Cloud Computing ( se)

Capabilities for Cybersecurity Resilience

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

Industrial Control Systems Security Guide

Internet of Things (IoT): A vision, architectural elements, and future directions

ICT Enabling the Future of Smart Energy. Competence Center IT4Energy Dr. Thomas Luckenbach Dr. Armin Wolf

Cybersecurity Risk Assessment in Smart Grids

Remote Management Services Portfolio Overview

Leading The World Into Connected Security. Paolo Florian Sales Engineer

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

NIST Cybersecurity Framework Manufacturing Implementation

Vision on Mobile Security and BYOD BYOD Seminar

Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering

Smart grid security analysis

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

BYOD: End-to-End Security

The Next Generation of Security Leaders

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

Dept. of Financial Information Security

NXP and the Internet of Things ( IoT ) Andrew C. Russell VP Marketing Greater China

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014

ATTPS Publication: Trustworthy ICT Taxonomy

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Horizontal IoT Application Development using Semantic Web Technologies

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Chapter 1: Introduction

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh

The Internet of Things: Opportunities & Challenges

Securing Smart City Platforms IoT, M2M, Cloud and Big Data

Jort Kollerie SonicWALL

WHITE PAPER Security in M2M Communication What is secure enough?

Vehicular On-board Security: EVITA Project

Can We Reconstruct How Identity is Managed on the Internet?

Enterprise Application Enablement for the Internet of Things

Course MS20696A Managing Enterprise Devices and Apps using System Center Configuration Manager

Introduction to Cyber Security / Information Security

Mobile device Management mit NAC

Security testing for hardware product : the security evaluations practice

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Managing Enterprise Devices and Apps using System Center Configuration Manager 20696B; 5 Days, Instructor-led

TeleTrusT Bundesverband IT-Sicherheit e.v.

Transcription:

APPLIED AND INTEGRATED SECURITY Directors: Claudia Eckert (Managing) Georg Sigl

SECURITY RESEARCH IN MUNICH Fraunhofer Institution for Applied and Integrated Security Claudia Eckert Georg Sigl TU München Electrical Engineering Georg Sigl TU München Computer Science Claudia Eckert 2

AISEC MISSION: MIT SICHERHEIT INNOVATIV! Development of innovative Security Technologies to improve Robustness, Dependability and Security of IT-based Systems and Infrastructures Development of innovative, new Applications to improve existing (IT-based) Workflows and to enable new Business Models Development of Test Methods and Tools to improve the Quality of Products, Designs, Applications, to minimize Risks and reduce Damages

AISEC KEY FIGURES Employees: 2013: current status: 98 (incl. 62 FTEs) Plans for further growth 2014 > 110 2015 > 150 Financing (Fraunhofer Model) Up to 30% state directly, 70% 3 rd party research projects

AISEC FIELDS OF EXPERTISE Embedded Security Smartcard & RFID Security Product Protection Cloud Security Network Security Automotive Security Smart Grid Security Evaluation Mobile Security Cyber Security

AISEC ORGANISATION

EMBEDDED SECURITY RESEARCH & DEVELOPMENT AREAS Secure (wireless) Transaction Systems e.g. Remote Keyless Entry (RKE) based on elliptic curves Concepts for Component Identification/Authentication using Physical Unclonable Functions (PUF) Hardware Security Modules (HSM) as hardware trust anchor Mechanism for Product and Piracy Protection to prevent cloning and IP theft Trustworthy Platforms and Virtualization as a secure software environment Methods and Tools to support designers in secure software design and verification

SECURE SERVICES RESEARCH & DEVELOPMENT AREAS Cloud Security: Security-Monitoring-Framework TapnDrop: Secure Data Exchange (e.g. in meeting) using Cloud Backend Storage Secure Distributed Storage Mobile Security: Security Analysis Framework for Android Vulnerability Assessments AppRay: App-Security Checks to be integrated e.g. in»company App Store«Penetration Test Test-Frameworks Compliance & Interoperability Analysis Interoperability Cloud Portfolio Whitepapers Knowledge Security as a Service Development Monitoring Testbed

NETWORK SECURITY RESEARCH & DEVELOPMENT AREAS Network Security: Security Architectures for Secure Cloud-Networking Software Defined Networking (SDN): Security Analysis, new Security Protocols & Applications Cyber Security: New and improved attack detection techniques Collaborative information exchange between e.g. operators, information exchange w/o loss of reputation System & Network Evaluation and Test PRIvacy VIolation DetectOR: Tool to support website analysis Security testing of Routers, Networks (Pentesting) etc.

AISEC Security Analysis Labs: Examples Hardware Security Lab Analysis and validation of HW components & security modules NFC Lab Analysis of NFC solutions, e.g., mobile payment Smart Meter Lab Vulnerability assessment of Smart Meter and Gateways Network-Lab Malware Analysis, SDN-Lab, HIP ( IPSec2.0 ) Cloud-Lab Interoperability tests on OpenSource Stacks, Security as a Service Mobile Lab Android, ios assessment, App security checks, BYOD solutions

Hardware Security Lab Attacks and Analysis (Differential) Power analysis (SPA, DPA) Template attacks Electromagnetic Radiation Analysis (EMA) Fault Attacks Temperature Attacks Offerings Security Analysis (Black Box, White Box) Design Verification Prototyping

SMART GRID Secure Smart Meter Problem Attacks on Control Systems Fraud Privacy Protection Innovative Solutions Security Concepts for Smart Meter and Gateways Adapted Hardware Security Modules and Efficient (Cryptographic) Protocols Concepts for Anonymity and Pseudonyms Advantage Development of Smart Grid Reference Architectures

TAPNDROP: SECURE FILESHARING THROUGH THE CLOUD Data Exchange via Cloud Spontaneous Data sharing in a Meeting between present People Client-side Encryption no Trust in Cloud Provider required Key Exchange through NFC: AES256 Session Key Session-Management: Limited Key Validity www.tapndrop.de 13

APP-RAY: AUTOMATIC APP SECURITY CHECK Automated Check of Android-Apps for Security Weaknesses Privacy Violations User defined Catalogue of Criteria 14

AISEC PARTNERS* * without Research Institutes and Universities

NETWORKING Computer Science Electrical engineering TU Munich Other Research Institutions Fraunhofer Cloud Alliance Embedded Alliance Collaborative Work: e.g. ILT, IIS, EMFT, IWES, Safetrans CAST ev TeleTrust Associations AISEC Münchner Kreis WWR Organisations Kantara Cloud security Alliance BITKOM ETSI VDE/ITG GESA GFFT Eurosmart BICCnet (Security cluster) Car2Car TCG

SICHERHEITS-CLUSTER MÜNCHEN Technische Universität München

THE FUTURE Research Partners Cyber Security Center Industry & Appilcation Partners Passau fortiss CC Cyber- Security CC Test & Simulation CC Cloud & eid Ulm Erlangen Security Evaluation Secure Cyber Physical Systems Mobile Security

AISEC SERVICES AND OFFERINGS Studies risk analyses, evaluation of technologies and concepts Tests vulnerability analyses, technical pre-auditing Development concepts, proofs-of-concepts, implementation, integration Modeling security concepts, optimization of infrastructures & solutions Training & Consulting seminars, coaching

OUR STRENGTHS Our labs provide ideal environment for evaluations. Security analysis and testing Interoperability testing, conformance testing We have the right competences, environment and labs to design prototypes demonstrating tailored solutions, develop proof-of-concepts demonstrating improved solutions Our knowledge about all layers: Hardware, Embedded, Networking, Services, Cloud, Processes allows us to provide holistic security solutions. We participate in leading research projects (national and EU level)

THANK YOU Contact: Georg Sigl: georg.sigl@aisec.fraunhofer.de sigl@tum.de Claudia Eckert: claudia.eckert@aisec.fraunhofer.de claudia.eckert@in.tum.de

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information