Past Projects

Past Projects

PRACTICE: Privacy-Preserving Computation in the Cloud (2013-2016)

The mission of PRACTICE is to design cloud computing technologies that allow computations in the cloud thus enabling new business processes while keeping the used data secret. Unlike today – where insiders can access sensitive data – PRACTICE will prevent cloud providers and other unauthorized parties from obtaining secret or sensitive information. Information processed by businesses, government organizations and individuals often comes with confidentiality and integrity requirements that the processing party must adhere to. As a result, data processors must deploy security controls for their ICT infrastructure, protecting it against external as well as internal attackers. This is relatively easy when this infrastructure is local and controlled by the processing party, but much harder when it is provided by an external service provider. Cloud services promise great benefits in terms of financial savings, easy and convenient access to data and services, as well as business agility. Organizations and individuals therefore choose to outsource their data to the cloud, where an untrusted party is in charge of storage and computation. A major concern for the adoption of cloud computing is the inability of the cloud to build user trust in the information security measures deployed in cloud services. Common computing techniques cannot be applied on encrypted data, and therefore the data and the programs that compute on the data must be decrypted before being run on the cloud infrastructure. A comprehensive solution for securing the cloud computing infrastructure can be based on cryptographic mechanisms of secure computation. These mechanisms allow for distributed computation of arbitrary functions of private (secret) inputs, while hiding any information about the inputs to the functions.

Funded by: European Commission (FP7)

CASED – Center for Advanced Security Research Darmstadt (2008-2016)

An internationally important cluster for IT security research and development is established in Darmstadt. It is here where computer scientists, engineers, physicists, legal experts and experts in business administration of TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt (University of Applied Sciences) develop trend-setting IT security solutions and prepare them in order to be commercially useful. All involved partners qualify students and scientists for careers in science, business and administration. Headquarters of that cluster is the Center for Advanced Security Research Darmstadt (CASED) which receives funds by the LOEWE program of the government of Hessen. The funds of LOEWE cover infrastructure of CASED and cooperative CASED projects of cluster partners, i.e. TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt. In these projects the cluster develops applicable basic knowledge and IT security solutions. Thanks to its broadly-based position in regards to topics and competencies, the cluster and its headquarters CASED can realize especially complex projects efficiently and sustainably. The Security Engineering group is involved in projects on data privacy and the security of future Internet services.

Funded by: LOEWE, Hessische Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz

CyberRoad: Development of the Cybercrime and Cyberterrorism research roadmap (2014-2016)

CyberROAD is a research project funded by the European Commission under the Seventh Framework Programme. The project is aimed to identify current and future issues in the fight against cyber-crime and cyber-terrorism in order to draw a strategic roadmap for cyber security research. A detailed snapshot of the technological, social, economic, political, and legal scenario on which cyber crime and cyber terrorism do develop will be first provided. Then, cyber-crime and cyber-terrorism will be analyzed in order to indentify research gaps and priorities.

Funded by: European Commission (FP7)

PUFFIN: Physically Unclonable Functions found in Standard PC Components (2012-2015)

Physically Unclonable Functions (PUFs) are used to uniquely identify electronic components and to protect valuable objects against counterfeiting. They allow creating a root of trust in a hardware system through generating device-unique “fingerprints” and deriving secret keys from the underlying physical properties of the silicon. Today they are typically found in specially designed hardware components and result from the silicon properties of individual transistors. They exist in many forms, among which are the so-called SRAM PUFs. The Physically unclonable functions found in standard PC components (PUFFIN) project intends to study and show the existence of SRAM PUFs and other types of PUFs in standard PCs, laptops, mobile phones and consumer electronics. This has not been attempted so far. The mere existence of physical properties that depend on a component and are reproducible is only the first step to guarantee appropriate robustness, reliability and randomness properties for use as secret keys or trust anchors in mass-market applications.

Funded by: European Commission (FP7)

Spitzencluster “Softwareinnovationen für das digitale Unternehmen” (2010-2015)

One of the major challenges for the future relates to software innovations, which, in view of the rapid development of the Internet community, can strengthen the economic performance of companies and their networks. Information and communication technology is the decisive driver behind product and process innovation, and digital companies dynamically align their business models and processes with this. The current basis for developing the business software of the future is the paradigm shift in the software industry towards open, service-oriented software platforms. The Internet of the future will allow digital companies to combine their services more easily and implement their business processes more quickly, more dynamically and more flexibly. Furthermore, it will be possible to extend service functionalities by combining powerful solutions. IT security solutions will play a central role to provide a trusted service ecosystem. Within the project, we look at different security aspects of services and cloud computing.

Funded by: Bundesministerium für Bildung und Forschung

EC SPRIDE – European Center for Security and Privacy by Design (2011-2015)

The European Center for Security and Privacy by Design (EC-SPRIDE) will supplement the existing IT security research in Darmstadt with its outstanding fundamental research, thereby helping to round off the research profile in Darmstadt. In addition to this fundamental research, the Center will also significantly influence the practical activities. The basis for this top position is the unique concentration of IT security expertise in Darmstadt that is provided via CASED, above all at the TU Darmstadt and the Fraunhofer SIT, as well as the BMBF “Spitzencluster” (the Initiative for Excellence started by the Federal Ministry of Education and Research) and the European Institute of Technology (EIT). With well over 200 scientists in the area of IT security, Darmstadt is the best location in Europe for this competence center. Although EC-SPRIDE will cooperate closely with CASED, it will develop its own fundamental new methods.

Funded by: Bundesministerium für Bildung und Forschung

UNIQUE – Foundations for Forgery-Resistant Security Hardware (2009-2012)

In the UNIQUE project we focus on the problem of counterfeiting and tampering with integrated circuits (ICs), which are at the core of modern electronics products and IT systems. We will develop an integrated approach to protect hardware systems against counterfeiting, cloning, reverse engineering, tampering, and insertion of malicious components. Our interest concerns generic hardware systems and components in general and in particular those ICs and hardware components that provide cryptographic and security functionality (e.g. cryptographic co-processors, smartcards) and are used as security anchors in the devices they are embedded in. We will refer to these types of ICs as “security hardware”. To address the IC counterfeiting and tampering problem comprehensively, we aim at investigating and developing a complete solution from hardware-based crypto and security building blocks, security architectures, protocols and algorithms to design and evaluation principles necessary to detect counterfeiting or malicious components of hardware. The fundamental ideas underlying this proposal have been very recently discovered and will serve as a foundation for novel concepts, whose feasibility will be demonstrated. We design novel hardware labelling and authentication mechanisms and schemes based on physical properties of the underlying hardware components using sub-micron physical security primitives such as the new concept of Physically Unclonable Functions (PUFs). The novel tools, methodologies and principles that we develop within this project will permit technology players to develop new products that can be brought to the market enhancing the assurance and security against counterfeiting and tampering of hardware components in a variety of areas such as consumer electronics, automotive and avionic, critical infrastructures and governmental use.

Funded by: European Commission (FP7)

Cryptographic Protocols for Protecting Genomic Data (2009-2011)

In a few years, biotechnology will allow to sequence a full human gemome correctly and cheaply. This development will enable the use of genomic data both for clinical and research purposes. However, the human genome contains very sensitive information, which requires strong privacy protection. Currently, biomedical data is mainly protected by anonymization techniques, wich are not secure against re-identification attacks; furthermore, no formal confidentiality guarantees can be obtained. Within this project, we develop novel techniques to protect genomic data. Sensitive data is encrypted and not available in clear text to the parties involved; special cryptographic protocols will be developed to access the encrypted genomic sequence without prior decryption. We will furthermore demonstrate the practicality of the techniques by implementing a research prototype.

Funded by: Deutsche Forschungsgemeinschaft (DFG)

Privacy-Preserving Data Analysis (2009-2010)

Since the amount of personalized data stored both in the public and the private sector is continuously increasing, there is a growing need for data privacy. In the past, data privacy was assured through procedures, laws or access control policies. However, these protection mechanisms tend to be ineffective once data is outsourced to partially untrusted servers or processed by third parties. The Security Engineering Group develops a new approach to data privacy by constructing cryptographic Privacy Enhancing Tehnologies (PETs). In this approach, data is kept encrypted and cryptographic protocols are used to compute directly with encrypted values without decryption. Since sensitive data is never available in the system in the clear, the approach provides a high level of data privacy and even allows to control the amount of information on sensitive data that leaks to third parties. Cryptography has developed in the past a number of tools that allow to construct cryptographic PETs (among others homomorphic encryption and Secure Multiparty Computation). However, their application to practical problems is still a challenging task and requires fundamental research to meet stringent cost and time constraints.

Funded by: CASED, Deutscher Akademischer Austauschdienst (DAAD)