In Germany experts are not only seeing an increase in the number but also a “new quality” of targeted cyber attacks, as set out in the most recent “Situation Report on IT Security” by the Federal Office for Information Security (BSI). According to the minister of the interior Joachim Herrmann, the Bavarian authorities alone are exposed to over 35,000 attacks from the internet every day. This trend is not surprising given that information technology is increasingly determining our everyday life. The fact that the IT system is working is therefore increasingly becoming the decisive factor; on the one hand because the amount of sensitive data we exchange is increasing – particularly via mobile terminal devices such as smartphones and tablets, and on the other hand because important services in healthcare, energy production, traffic or in industrial production are increasingly becoming interlinked and digitally controlled.   

Fraunhofer Security Center in the North of Munich

The Fraunhofer Research Institution for Applied and Integrated Security AISEC in Garching near Munich is supporting companies, authorities and private individuals to protect themselves against such attacks. “These days cyber attacks can cause great damage to companies and society. But there are also dangers lurking outside the internet, for example through product piracy, which today means increasing theft of IT-based know-how, irrespective of whether it involves software or hardware. IT security is therefore assigned a central social and economic relevance. For the German economy it is increasingly becoming an important cornerstone. Companies can profit from this development. Firstly, in order to protect their own products and solutions against possible risks, and secondly through using research solutions and themselves developing high-quality security technologies and selling them worldwide” according to Prof. Dr. Claudia Eckert, director of the AISEC.

The key competences of the currently around 80 scientific and technical personnel lie in hardware-related security and the security of embedded systems, product and know-how protection, automotive security, the security of networks as well as security in Cloud and service-based computing. The scientists test how existing systems react to cyber attacks, analyze their weak points and on the basis of the obtained findings develop specific technologies to protect sensitive information technology. “Our aim is to support and improve the competitiveness of our customers and partners in the manufacturing and services sectors as well as public institutions” is how Prof. Eckert describes the task of the AISEC.

At the beginning of 2013 Bavaria enshrined IT security in the futuristic concept “Digital Bavaria”. In it economics minister Martin Zeil presents the topic as a particularly important field of action. Among other things the AISEC is to be developed into a security center of national and European importance in the coming years. In the next five years Bavaria is investing 250 million Euros in “Digital Bavaria”. Important areas are mobile communication, the factory of the future – key word ‘Industry 4.0’ – intelligent energy networks, Cloud computing and the networked automobile“ specified Prof. Eckert.  

Protective film prevents the reading out of data

In terms of plagiarism protection the Fraunhofer scientists see themselves as industry service providers, particularly for medium-sized companies. “Made in Germany” also ranks high among product forgers. This applies above all for machines and other highly technical products which often have no special protection themselves thereby facilitating the work of the counterfeiters. According to a study by the German Engineering Federation (VDMA), sales losses in the sector due to plagiarism amounted to around eight billion Euros in 2011 – an increase of a 24 percent compared with the last survey two years ago.   

“Here technological solutions are mainly required, which both protect companies against economic espionage but also protect products developed through high own investments against being copied. Unfortunately only a fraction of the affected companies are so far dealing with the problem. Therefore measures against product piracy are often cheaper than the costs incurred thereby” added Prof. Eckert. Her team has for example developed a protective film with which electronic control components can be protected against external attacks. In this way unauthorized access to the heart of electronic devices, the firmware, can be prevented. The film is firmly welded to the hardware and even if it is only slightly damaged it is impossible to read out sensitive data.  

An integral part of the security competences at the AISEC is also the topic of mobile security. The research field of the scientists includes specific solutions for secure mobile terminal devices. The trust | me technology for example allows smartphones and tablets to be safely used in company networks. This works in that the researchers have set up secure isolated environments for private and business use. In this way several virtualized smartphones can be operated on one device. Confidential company data remains protected against third-part access.  

The “App-Ray” supports the trend towards “Bring Your Own Device (BYOD)”, i.e. the desire to use private smartphones and tablets for business purposes too. “With the technology developed at the AISEC apps can be ‘X-rayed’. I am immediately shown which data on my device the newly downloaded app is accessing” explained Julian Schütte who is responsible for the project. The company’s own IT immediately knows which apps are suitable for business use and can be cleared for downloading. Companies can therefore operate their own quality-tested app store for its personnel and for its customers.