Attacks on IT systems in order to manipulate or copy them are growing, as is people’s dependence on information technology. The Fraunhofer Institute for Applied and Integrated Security (AISEC) works together with politics, business and science on strategies and solutions against cyber attacks. With intelligent technologies for the security of embedded systems, smart grids, cloud computing or mobile devices, the researchers also protect products and services of companies.
In Germany, experts are not only observing an increased number but also “a new quality” of targeted cyber attacks, as can be seen in the last “Management Report on IT Security” by the Federal Office for Information Security (BSI). The fact that the IT systems work is therefore increasingly becoming a decisive factor: On the one hand, because the number of sensitive data that people exchange is increasing – increasingly via mobile devices such as smartphones and tablets. On the other hand, because important services in health care, energy generation, transport or industrial production are increasingly networked and digitally controlled.
The Fraunhofer Institute for Applied and Integrated Security in Garching near Munich supports companies, authorities and private individuals in protecting against such attacks. “Cyber attacks today can cause great damage to companies and society. But there are also dangers lurking outside of the Internet: For example, through product piracy, which today also increasingly means theft of IT-supported know-how – regardless of whether it is software or hardware, ”explains Prof. Dr. Claudia Eckert, Head of AISEC. IT security is increasingly becoming an important cornerstone for the German economy. Companies could benefit from this development. On the one hand, to protect your own products and solutions from possible dangers. On the other hand, by using solutions from research and developing high-quality security technologies themselves and offering them worldwide.
Tests: How do systems react to attacks?
The core competencies of the currently around 80 scientific and technical employees are hardware-related security and the security of embedded systems, product and know-how protection, automotive security, network security and security in the cloud and service based computing. The scientists test how existing systems react to cyber attacks, analyze their weak points and, based on the knowledge gained, develop specific technologies to protect sensitive information technologies. “Our goal is to support and improve the competitiveness of our customers and partners from manufacturing and service companies as well as public institutions”, Eckert describes the task of AISEC.
At the beginning of 2013, the state of Bavaria anchored IT security in the “Digital Bavaria” concept for the future. Minister of Economic Affairs Martin Zeil lists the issue there as a particularly important field of action. Among other things, the AISEC is to be expanded into a security center of national and European importance over the next few years. Bavaria will invest a total of 250 million euros in “Digital Bavaria” over the next five years. Eckert specifies: “Important fields of action are mobile communication, the factory of the future – keyword ‘Industry 4.0’ – intelligent energy networks, cloud computing and the networked automobile.”
Protective film prevents data from being read out
When it comes to protection against plagiarism, the Fraunhofer scientists see themselves as service providers for industry, especially for medium-sized companies. “Made in Germany” is also very popular with counterfeiters. This applies above all to machines and other high-tech products, which often do not have any special protection and make it easier for counterfeiters to do their craft. According to a study by the Association of German Mechanical and Plant Engineering (VDMA), the loss of sales in the industry as a result of plagiarism in 2011 amounted to around eight billion euros – an increase of 24 percent compared to the last survey two years ago.
“Here, above all, technological solutions are in demand that both protect companies from industrial espionage and protect the products that have been developed through high investments from being copied. Unfortunately, so far only a fraction of the companies affected have tackled the problem, ”says Professor Eckert. Measures against product piracy are usually much cheaper than the costs they incur. For example, your team has developed a protective film that can be used to protect electronic control components against external attacks. This prevents unauthorized access to the heart of electronic devices, the firmware. The film is firmly welded to the hardware and makes it impossible to read out sensitive data in the event of the slightest damage.
Mobile applications are “X-rayed”
Mobile security is an integral part of security competencies at AISEC. The scientists’ research area includes specific solutions for secure mobile devices. The technology “trust | me ”, for example, enables smartphones and tablets to be used securely in company networks. This is achieved by creating secure, isolated environments for private and business use. This means that several virtualized smartphones can be operated on one device. Confidential company data remains protected from access by third parties.
The “App-Ray” supports the trend towards “Bring Your Own Device (BYOD)”, ie the desire to use private smartphones and tablets for business purposes as well: “With the technology developed at AISEC, apps can be ‘X-rayed’. I immediately see which data on my device the newly downloaded app is accessing, ”explains Julian Schütte, who is responsible for the project. The company’s IT knows immediately which apps are suitable for business use and can be released for download. Companies can operate their own, quality-tested app store for both employees and their customers.