The world's largest automotive market, China, is experiencing high growth rates for electric cars. In order to successfully compete in China, international automakers must comply with Chinese cybersecurity, cryptography and data security regulations. Fraunhofer SIT and Fraunhofer Singapore have summarized these in a joint study: It contains an overview of laws and regulations, including the responsible institutions in China, from 2015 until 2021. The study also addresses research and development facilities as well as standardization authorities.
R. Niederhagen, M. Waidner, O. Küch
From online-banking to the blockchain – most IT security mechanisms for protecting data and digital communication are based on cryptography. Quantum computers and new forms of attacks are threatening many of these IT security mechanisms. How businesses and society can protect the cyber-world from such devastating threats in the future was discussed by experts in the realm of business, research, and politics at the “Eberbacher Gespräch” on “Next Generation Cryptography”. The experts’ opinion: Cryptography must become more flexible in order to be able to react quickly to technical changes.
R. Niederhagen, M. Waidner
Quantum computers are hanging over the security of our information like a sword of Damocles: We do not know when or even if quantum computers will become a reality — but once they arrive, they will break confidentiality, privacy, and authenticity of our modern communication. It will no longer be possible to trust digital certificates and signatures and it will no longer be possible to exchange secret keys for data encryption using current cryptographic primitives like RSA, ECC, DH, DSA, and so on. However, there is hope: The cryptographic community is working on post-quantum cryptography in order to provide alternatives using hard mathematical problems that cannot be broken by quantum computers. There is a zoo of alternative cryptographic primitives and protocols that are under investigation and standardization bodies like NIST and ETSI are starting processes to standardize post-quantum algorithms.
M. Waidner, M. Kasper, Th. Henkel, C. Rudolph, O. Küch
Information technology (IT) is one of the most important drivers of innovation in production and automation. In Germany, the term Industrie 4.0 summarizes various activities and developments involved in the evolution of industrial processes in production, logisitics, automation, etc. Many research and development projects work on different aspects of these developments. In the view of politics, industry, and IT enterprises, sufficient IT security is considered an essential prerequisite for the future of production. However, although many current IT security solutions can be applied in Industrie 4.0 context, they do not satisfy all requirements of processes in Industrie 4.0. Work needs to be done on underlying security mechanisms as well as on security architectures. Fraunhofer Institute for Secure Information Technology hosted the Eberbach Workshop »security in Industrie 4.0« to formulate guidelines and recommendations for a secure Industrie 4.0. Representatives from the industry, research, and politics identified the most important practical challenges in the realm of IT security.
There have been numerous transformations in the interrelated realms of software development (SD) and IT security. To form a clear picture of the SD trends and account for their implications, we conducted an explorative study comprising 23 interviews with SD and IT security experts from industry, academia and regulating institutions. The analysis reveals six major trends.
M. Waidner, M. Backes, J. Müller-Quade
This trends and strategy report argues that the development and integration of secure software has to follow the Security by Design principle and defines respective challenges for a practice oriented research agenda. Software is the most important driver for innovations in many industries today and will remain so in the future. Many vulnerabilities and attacks are due to security weaknesses in application software. During application software development or integration, security issues are either taken into account insufficiently or not at all, which
constantly leads to new openings for attacks.
Keywords: Security by Design, Secure Engineering, Software Engineering, Security Development Lifecycle, Application Security, Supply Chain, Software Development
M. Borgmann, T. Hahn, M. Herfert, T. Kunz, M. Richter, U. Viebeg, S. Vowé
The ever-increasing amount of valuable digital data both at home and in business needs to be protected, since its irrevocable loss is unacceptable. Cloud storage services promise to be a solution for this problem. They offer user-friendly, easily accessible and costsaving ways to store and automatically back up arbitrary data, as well as data sharing between users and synchronization of multiple devices.
However, recent successful attacks on cloud storage provider have shown that the security of cloud storage services is often poor. That is also the result of a study "On the Security of Cloud Storage Services" of the Fraunhofer Institute for Secure Information Technology that testet different cloud storage providers. None of the providers testet was able to fully meet all the security requirements. The study was updated recently, the alterations are summarized in an addendum.
Keywords: Cloud Computing, Cloud Storage, Security, Privacy, Encryption, Condentiality, Outsourcing