Applied Cyber Security Darmstadt

In the PORTUNUS project we investigate as part of the ATHENE research area Cryptography crypto-agile APIs for hardware implemented post-quantum cryptography.

Contact: Prof. Dr. Alexander Wiesmaier

The development of quantum-resistant cryptographic schemes (PQC) is advancing. To enable its efficient practical application the three-way abstraction gap between 1) cryptographers who design PQC algorithms, 2) platform experts who realize these algorithms on hardware, and 3) software developers who want to use these must be closed. In the project PORTUNUS the partners from Fraunhofer SIT, TU Darmstadt and Hochschule Darmstadt deal with this topic. While our partners deal with the description and realization of PQC algorithms on hardware, our focus at Hochschule Darmstadt is on easy-to-use and crypto-agile access to the PQC implementation, including support for runtime specific needs.

In the QR-PACE project we investigate as part of the ATHENE research area Cryptography the migration of electronic identity documents (eCards) to quantum-resilient schemes, so-called post-quantum cryptography (PQC). In particular, we focus on the PACE protocol, which is used for the initial authentication in electronic ID documents and passports.

Contact:

Nouri Alnahawi

Prof. Dr. Alexander Wiesmaier

The project SEcure Automotive COmmunication Protocols (SEACOP) is part of the ATHENE research area Secure Autonomous Driving (SAD).

Contact: Prof. Dr. Christoph Krauß

Autonomous driving requires new automotive technologies that rely on increased computing power and increased data exchange within the vehicle and to the outside world. New technologies such as Automotive Ethernet are replacing or extending legacy technologies within a vehicle such as LIN, CAN, MOST, or FlexRay. Also new E/E architectures are used in autonomous vehicles including domain fusion, centralization, ECU consolidation / integration of multiple functionalities in one ECU (including mixed criticality), and increased backend connection. Also in the automotive world new approaches such as service-orientation are introduced with the AUTOSAR adaptive platform. From a security perspective, this technology change is ambivalent since it enables new attacks but also enables the use of (new) sophisticated security solutions or the use of established Internet security protocols within a vehicle. However, there are still many issues to solve. Internet protocols such as (D)TLS or IPsec using TCP/IP or UDP/IP have not been specifically designed to address automotive requirements, e.g., support for multicast communication, or latency and bandwidth guarantees. A thorough evaluation of such protocols and adaptions / improvements is required. In addition, entirely new protocols need to be developed for certain scenarios. Furthermore, designs for communication architectures, e.g., the use of firewalls, domain separation, filtering mechanisms, or VLANs, requires additional research. In addition to already intensively investigated ITS Vehicle2X communication, new communication protocols are rising. For example, autonomous electric vehicles will communicate wirelessly with charge points using ISO 15118 Edition 2. The vehicle communicates the estimated time of arrival, battery status, required energy, and desired point in time to continue the travel to the charging point, which enables optimal charging schedules as well as the optimization of the load management to use the energy grid effectively. In addition, protocols for secure over-the-air (OTA) code updates are required (which is also required by the UNECE WP.29 regulation).

The goal of SEACOP is to improve the communication security within the E/E system of autonomous vehicles and for selected external communication. To achieve this goal, we evaluate existing protocols, develop new protocols, and implement and evaluate our new solutions. Concrete, we address the following objectives:

• Evaluation of (security) protocols used in the automotive domain and other domains which may be suitable for use in E/E architectures of autonomous vehicles
• Development of improved and adapted protocols as well as new protocols for the use within vehicles
• Evaluation of protocols used for external communication with focus on remote management and communication of electric vehicles with the charging infrastructure
• Development of improved and adapted protocols as well as new protocols for the external communication
• Prototypical implementation and evaluation

Thus, the results of this project are analyses of the applicability of security protocols, adapted and new protocols, and their prototypical implementation and evaluation.

The project Agile and Easy-to-use Integration of PQC Schemes investigates as part of the ATHENE research area Cryptography the praktical challenges introduced by the migration from classical to PQC schemes.

Contact: Prof. Dr. Alexander Wiesmaier

Post-quantum cryptographic schemes have been under development for several years. Very soon there will be standardized post-quantum algorithms replacing the previous standards, which will eventually become obsolete. In order for quantum-resistant cryptographic Measures to be utilized, one needs more than simply developing secure post-quantum algorithms. The migration towards PQC poses great challenges on different levels. Those are not only restricted to the integration into existing protocols, but also include performance issues such as hardware specifications and memory usage, and especially the uncertainty of long term security of the new algorithm families. Moreover, a major challenge lies within finding suitable means of communicating and negotiating new algorithms and protocol parameters between different IT-systems. This leads to the urgent need for establishing the concept of crypto-agility, so as to be prepared for the rapid changes of cryptography, and insure the compatibility in all possible scenarios and settings.

Our research group deals with the challenges of post-quantum cryptography migration, and searches for answers to the open questions in this field. We build upon our findings and analysis towards finding suitable solutions for achieving said migration and establishing crypto-agility in IT-systems. Our goal is to develop such solutions through design, strategies, frameworks and interfaces. On the one hand we conduct research on the newest findings regarding cryptographic measures and  their development state. On the other hand, we Contribute to cutting edge post quantum cryptography technologies and it's applications, as we transform our theoretical and scientific findings into practical solutions.

The project Pentester's Parcours deals with the development and provisioning of a practicing environment for offensive security, i.e. a dedicated target for white hacking attacks.

Contact: Prof. Dr. Alexander Wiesmaier

The environment simulates a company network consisting of multiple computers running different applications. Various vulnerabilities have been placed within the system, which allows attackers to successively invade the network. An important feature of the environment is the ability to be easily reset (after an attack) to its initial state. A further important feature is the ability to be easily replicated. Both is realized by applying virtualization technology. Last but not least, an easy management of the environment is provided by automation tools.

Funded by the German Federal Ministry for Economic Affairs and Energy (BMWi) the ZIM network Digital Shadows brings together experts from industry and academia with the purpose of conducting joined research and development projects in the area of digital shadows.

Contact: Prof. Dr. Alexander Wiesmaier

A digital shadow denotes all data that is gathered while executing or using a concrete process or service. Together with the digital master that models the general behavior and relations of the process or service, the digital twin can be generated. The latter is then a digital reflection of the concrete instance of the process or service.