R. Niederhagen, M. Waidner
Quantum computers are hanging over the security of our information like a sword of Damocles: We do not know when or even if quantum computers will become a reality — but once they arrive, they will break confidentiality, privacy, and authenticity of our modern communication. It will no longer be possible to trust digital certificates and signatures and it will no longer be possible to exchange secret keys for data encryption using current cryptographic primitives like RSA, ECC, DH, DSA, and so on. However, there is hope: The cryptographic community is working on post-quantum cryptography in order to provide alternatives using hard mathematical problems that cannot be broken by quantum computers. There is a zoo of alternative cryptographic primitives and protocols that are under investigation and standardization bodies like NIST and ETSI are starting processes to standardize post-quantum algorithms.
M. Waidner, M. Kasper, Th. Henkel, C. Rudolph, O. Küch
Information technology (IT) is one of the most important drivers of innovation in production and automation. In Germany, the term Industrie 4.0 summarizes various activities and developments involved in the evolution of industrial processes in production, logisitics, automation, etc. Many research and development projects work on different aspects of these developments. In the view of politics, industry, and IT enterprises, sufficient IT security is considered an essential prerequisite for the future of production. However, although many current IT security solutions can be applied in Industrie 4.0 context, they do not satisfy all requirements of processes in Industrie 4.0. Work needs to be done on underlying security mechanisms as well as on security architectures. Fraunhofer Institute for Secure Information Technology hosted the Eberbach Workshop »security in Industrie 4.0« to formulate guidelines and recommendations for a secure Industrie 4.0. Representatives from the industry, research, and politics identified the most important practical challenges in the realm of IT security.
There have been numerous transformations in the interrelated realms of software development (SD) and IT security. To form a clear picture of the SD trends and account for their implications, we conducted an explorative study comprising 23 interviews with SD and IT security experts from industry, academia and regulating institutions. The analysis reveals six major trends.
M. Waidner, M. Backes, J. Müller-Quade
This trends and strategy report argues that the development and integration of secure software has to follow the Security by Design principle and defines respective challenges for a practice oriented research agenda. Software is the most important driver for innovations in many industries today and will remain so in the future. Many vulnerabilities and attacks are due to security weaknesses in application software. During application software development or integration, security issues are either taken into account insufficiently or not at all, which
constantly leads to new openings for attacks.
Keywords: Security by Design, Secure Engineering, Software Engineering, Security Development Lifecycle, Application Security, Supply Chain, Software Development
M. Borgmann, T. Hahn, M. Herfert, T. Kunz, M. Richter, U. Viebeg, S. Vowé
The ever-increasing amount of valuable digital data both at home and in business needs to be protected, since its irrevocable loss is unacceptable. Cloud storage services promise to be a solution for this problem. They offer user-friendly, easily accessible and costsaving ways to store and automatically back up arbitrary data, as well as data sharing between users and synchronization of multiple devices.
However, recent successful attacks on cloud storage provider have shown that the security of cloud storage services is often poor. That is also the result of a study "On the Security of Cloud Storage Services" of the Fraunhofer Institute for Secure Information Technology that testet different cloud storage providers. None of the providers testet was able to fully meet all the security requirements. The study was updated recently, the alterations are summarized in an addendum.
Keywords: Cloud Computing, Cloud Storage, Security, Privacy, Encryption, Condentiality, Outsourcing