Competence Center for IT Security

Competence Center for IT security

With the Competence Center for IT security the FZI has created a central contact point for practical questions for IT security with the support of the State of Baden-Wuerttemberg. The center offers solutions for questions of IT security for small and medium enterprises (SMEs) in Baden-Wuerttemberg. The security solutions that are researched at the Competence Center for IT Security are easy to understand, easy to apply, and easy to communicate.

The Internet of Things raises new security challenges. To address these challenges one not only needs an expertise in methods and mechanisms for IT security. The key to success lies in the addition of this knowledge through in-depth knowledge of the respective application domain.

NOVEL CHALLENGES WITH IOT DEVICES

Cyber-physical systems (CPS) are IT systems that interact with the physical world. Thus, securityflaws in CPS may thus have a severe impact on human safety. While confidentiality is traditionally the most important security goal for conventional IT systems, availability and integrity now gain importance in CPS. In the Internet of Things (IoT) embedded devices are connected to the internet on a massive scale. This trend results in an increased attack surface and allows attackers to scale their attacks to a huge number of devices.

These paradigm shifts raise new challenges for IT security:

  • Due to the high homogeneity of platforms there is a high probability that many IoT devices are vulnerable at the same time.
  • As CPS interface with the real world by the omnipresent sensor technology, the protection of users’ privacy is becoming a challenge.
  • There is a low profit margin per device, innovation cycles are short, and users have a low interest in security.
  • Security testing and certification of IoT devices is complex and expensive.

A HOLISTIC APPROACH TOWARDS SECURE IOT SYSTEMS

The design and implementation of a secure IoT system is an interdisciplinary approach. One needs expertise in fundamental methods and mechanisms for IT security:

  • Hardware security
  • Cryptography
  • Secure software development
  • Network security
  • IT security management

An IT system is always designed with a specific application in mind. Thus, to guarantee not only a secure system design, but also a suitable one, one must also be proficient in the system’s application domain (e.g., automation and robotics, health care, mobility, …):

  • Terminology
  • Domain-specific protocols and mechanisms (e.g. OPC-UA, CAN, ETSI ITS G5, …)
  • Domain-specific requirements (e.g. availability, real-time, …)
  • Common software development processes (e.g. V-Model, …)

Researchers at the FZI have a long standing experience in applied research and its transfer to the application. In the Competence Center for IT Security we complement this experience with a well-founded expertise in IT security.

SECURITY FOR THE WHOLE LIFECYCLE OF A SYSTEM

IT security is not a one-step process. It must be considered in all phases of an IT system’s lifecycle – for instance during its design, implementation, testing and operation.