Security Engineering

CASED - Center for Advanced Security Research Darmstadt

An internationally important cluster for IT security research and development is established in Darmstadt. It is here where computer scientists, engineers, physicists, legal experts and experts in business administration of TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt (University of Applied Sciences) develop trend-setting IT security solutions and prepare them in order to be commercially useful. All involved partners qualify students and scientists for careers in science, business and administration. Headquarters of that cluster is the Center for Advanced Security Research Darmstadt (CASED) which receives funds by the LOEWE program of the government of Hessen. The funds of LOEWE cover infrastructure of CASED and cooperative CASED projects of cluster partners, i.e. TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt. In these projects the cluster develops applicable basic knowledge and IT security solutions. Thanks to its broadly-based position in regards to topics and competencies, the cluster and its headquarters CASED can realize especially complex projects efficiently and sustainably. The Security Engineering group is involved in projects on data privacy and the security of future Internet services.

Funded by: LOEWE, Hessische Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz

EC SPRIDE - European Center for Security and Privacy by Design 

The European Center for Security and Privacy by Design (EC-SPRIDE) will supplement the existing IT security research in Darmstadt with its outstanding fundamental research, thereby helping to round off the research profile in Darmstadt. In addition to this fundamental research, the Center will also significantly influence the practical activities. The basis for this top position is the unique concentration of IT security expertise in Darmstadt that is provided via CASED, above all at the TU Darmstadt and the Fraunhofer SIT, as well as the BMBF “Spitzencluster” (the Initiative for Excellence started by the Federal Ministry of Education and Research) and the European Institute of Technology (EIT). With well over 200 scientists in the area of IT security, Darmstadt is the best location in Europe for this competence center. Although EC-SPRIDE will cooperate closely with CASED, it will develop its own fundamental new methods.

Funded by: Bundesministerium für Bildung und Forschung

Privacy-Preserving Data Analysis

Since the amount of personalized data stored both in the public and the private sector is continuously increasing, there is a growing need for data privacy. In the past, data privacy was assured through procedures, laws or access control policies. However, these protection mechanisms tend to be ineffective once data is outsourced to partially untrusted servers or processed by third parties. The Security Engineering Group develops a new approach to data privacy by constructing cryptographic Privacy Enhancing Tehnologies (PETs). In this approach, data is kept encrypted and cryptographic protocols are used to compute directly with encrypted values without decryption. Since sensitive data is never available in the system in the clear, the approach provides a high level of data privacy and even allows to control the amount of information on sensitive data that leaks to third parties. Cryptography has developed in the past a number of tools that allow to construct cryptographic PETs (among others homomorphic encryption and Secure Multiparty Computation). However, their application to practical problems is still a challenging task and requires fundamental research to meet stringent cost and time constraints.

Funded by: CASED, Deutscher Akademischer Austauschdienst (DAAD)

UNIQUE - Foundations for Forgery-Resistant Security Hardware

In the UNIQUE project we focus on the problem of counterfeiting and tampering with integrated circuits (ICs), which are at the core of modern electronics products and IT systems. We will develop an integrated approach to protect hardware systems against counterfeiting, cloning, reverse engineering, tampering, and insertion of malicious components. Our interest concerns generic hardware systems and components in general and in particular those ICs and hardware components that provide cryptographic and security functionality (e.g. cryptographic co-processors, smartcards) and are used as security anchors in the devices they are embedded in. We will refer to these types of ICs as “security hardware”. To address the IC counterfeiting and tampering problem comprehensively, we aim at investigating and developing a complete solution from hardware-based crypto and security building blocks, security architectures, protocols and algorithms to design and evaluation principles necessary to detect counterfeiting or malicious components of hardware. The fundamental ideas underlying this proposal have been very recently discovered and will serve as a foundation for novel concepts, whose feasibility will be demonstrated.

We design novel hardware labelling and authentication mechanisms and schemes based on physical properties of the underlying hardware components using sub-micron physical security primitives such as the new concept of Physically Unclonable Functions (PUFs). The novel tools, methodologies and principles that we develop within this project will permit technology players to develop new products that can be brought to the market enhancing the assurance and security against counterfeiting and tampering of hardware components in a variety of areas such as consumer electronics, automotive and avionic, critical infrastructures and governmental use.

Funded by: European Commission (FP7)

Spitzencluster "Softwareinnovationen für das digitale Unternehmen"

One of the major challenges for the future relates to software innovations, which, in view of the rapid development of the Internet community, can strengthen the economic performance of companies and their networks. Information and communication technology is the decisive driver behind product and process innovation, and digital companies dynamically align their business models and processes with this. The current basis for developing the business software of the future is the paradigm shift in the software industry towards open, service-oriented software platforms. The Internet of the future will allow digital companies to combine their services more easily and implement their business processes more quickly, more dynamically and more flexibly. Furthermore, it will be possible to extend service functionalities by combining powerful solutions. IT security solutions will play a central role to provide a trusted service ecosystem. Within the project, we look at different security aspects of services and cloud computing.

Funded by: Bundesministerium für Bildung und Forschung

Cryptographic Protocols for Protecting Genomic Data (2009-2011)

In a few years, biotechnology will allow to sequence a full human gemome correctly and cheaply. This development will enable the use of genomic data both for clinical and research purposes. However, the human genome contains very sensitive information, which requires strong privacy protection. Currently, biomedical data is mainly protected by anonymization techniques, wich are not secure against re-identification attacks; furthermore, no formal confidentiality guarantees can be obtained. Within this project, we develop novel techniques to protect genomic data. Sensitive data is encrypted and not available in clear text to the parties involved; special cryptographic protocols will be developed to access the encrypted genomic sequence without prior decryption. We will furthermore demonstrate the practicality of the techniques by implementing a research prototype.

Funded by: Deutsche Forschungsgemeinschaft (DFG)