40 Jahre Informatik Hamburg

661 views

Published on

Präsentation gehalten von Frau Prof. Eckert zu 40 Jahre Informatik in Hamburg im November 2011.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
661
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

40 Jahre Informatik Hamburg

  1. 1. 26.05.2012 Mit Sicherheit innovativ! Claudia Eckert TU München, Fraunhofer Institut AISEC 1 40 Jahre Informatik Hamburg 18.11. 2011 Universität HamburgOutline1. Motivation:  Informatik formt Zukunft 2. Future Internet   Informatik als Innovationsmotor 3. Security Threats Innovationen benötigen Sicherheit4.   Research Topics 2 Sicherheit benötigt Forschung Si h h it b öti t F h5. Selected Examples @AISEC/TUM Mit Sicherheit innovativ!6.   SummaryClaudia Eckert 2 1
  2. 2. 26.05.2012 1. MotivationMainframes, Embedded, Smart Environments & CPS 5) Smart Environments & CPS 4) RFID-Tags Smart Grid Factory of Embedded the Future 90% of all 1) Mainframes CPUs are embedded 1User 8.5% growth 1 Computer 1 Computer Multiple Computers 17 Billion total Multiple Users 1 User M2M revenue TimeClaudia Eckert 31. Motivation Trends in ICT Cyber Physical Systems (CPS) • Integration of physical environments  and ICT systems (of systems) Characteristics:  • Lots of Autonomous devices/sensors e.g. Smart Grid • Embedded systems • Heterogeneous networks  • M2M‐communication Main tasks:  • Controlling & monitoring complex systems often in real‐time • Collecting data, exchange data, trigger actions, ….Claudia Eckert 4 2
  3. 3. 26.05.2012 1. Motivation Trends in ICTCloud ComputingNew style of computing where massively scalable  IT‐enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies  (Gartner 2008) Claudia Eckert 5 1. Motivation Trends in ICT1.     Internet of Things =  Embedded Systems + Cyber Physical + Internet2.    Internet of Services/Cloud Computing = Business Software + new Business Models + Internet3.    Future Internet = Internet of Things + Internet of Services + Mobility +  Improved Core‐Network + Internet of Knowledge & ContentNew Business Opportunities: e.g. • Smart Grid, Smart Mobility, Smart Health, Smart Cities, Factory of  the Future, Smart Logistics, …• Challenge:  Handling of “Big Data”:  Data Acquisition, Analytics, Provisioning, … Claudia Eckert 6 3
  4. 4. 26.05.2012Outline1. Motivation:  Informatik formt Zukunft 2. Future Internet   Informatik als Innovationsmotor 3. Security Threats Innovationen benötigen Sicherheit4.   Research Topics 7 Sicherheit benötigt Forschung Si h h it b öti t F h5. Selected Examples @AISEC/TUM Mit Sicherheit innovativ!6.   SummaryClaudia Eckert 7 2. Future Internet Business OpportunitiesMobile Application: Convergence private/businessConsumerized IT!  Loyalty Identity Payment Management Communicate Physical Pay Content Access Download Transact Identify y DRM Ticketing Device ConfigurationClaudia Eckert 8 4
  5. 5. 26.05.2012 2. Future Internet Business OpportunitiesConsumerized IT An increasing number of organizations take a strategicapproach to Consumerization by providing IT support IT supportfor personal devicesQuelle: bringyourownit.com/2011/09/26/trend‐micro‐consumerization‐report‐2011/Increased Efficency:Recent studies have shown that allowing employees touse innovative, state‐of‐the‐art devices and servicesof their own choosing can increase their efficiency.  f th i h i i th i ffi iReduced Costs:Reduced capital expenditures are likely as employees turn to their own personal devices to perform work, with the added benefit of lower device management and maintenance costs.Quelle: Booz & Company, Comsumerization of IT, 2010 2. Future Internet Business Opportunities Automotive Industry: Connected Drive, Web‐Services in Cars  Intelligent Car Routing and Traffic info and Road Billing g Navigation N i ti web cams (Location based) Fleet Management web information GPS Street Inter Car Parking Communication Parking Slots Reservation Contactless Gas Mobile TV StationUse of Web Services will be common in the carImportance of protection against attacks from the internet will increase Claudia Eckert 10 5
  6. 6. 26.05.2012 2. Future Internet Business OpportunitiesSmart Mobility:  Internet within the vehicle• IP‐based communication: few and more complex control units• Value‐added services Business Apps cloud‐based services Value‐added services, Business Apps , cloud‐based services  e.g. on‐board diagnostics,  entertainment,  e‐mobilityClaudia Eckert 11 2. Future Internet Business Opportunities Smart Energy: from e‐Energy to eMobility eMobility ICT to manage and control  energy‐grids• New pricing  billing models New pricing, billing models Dynamic Management Power Consumption• New services, Solar cells when price is low e.g. AAI Private Households Office-facilities Outage Processors: Sensors: Controls Detection of Disruptions Storage Isolated Grid Wind-Farm Generators: Power plant Local energy Industrial producer plant 12 6
  7. 7. 26.05.2012 2. Future Internet Business OpportunitiesIts all about Data, Information & Knowledge!Its is all about Security of Data:• Correctly identified person, service, device?       Authenticity• Correct  data, not manipulated?                               Integrity• No data leakages to unauthorized parties?         Confidentiality• Is authorized access to data possible?                    Availability  Security is essentialClaudia Eckert 13 2. Future Internet Business OpportunitiesAnd ..... Appropriate Security Measures  are urgently requiredBecause .... • Attack surfaces grow• Lots of attacks that jeopardize the Security Claudia Eckert 14 7
  8. 8. 26.05.2012Outline1. Motivation:  Informatik formt Zukunft 2. Future Internet   Informatik als Innovationsmotor 3. Security Threats Innovationen benötigen Sicherheit4.   Research Topics 15 Sicherheit benötigt Forschung Si h h it b öti t F h5. Selected Examples @AISEC/TUM Mit Sicherheit innovativ!6.   SummaryClaudia Eckert 153. Security Threats Hardware AttacksMalicious Hardware• Physical Access to Hardware like  Physical Access to Hardware like Sensors (e.g in cars): • Generate manipulated data,  • Delete data,  • Data leakages Manipulated Smart Meter in AISEC Lab• Product counterfeiting: • Forged hardware with low quality • Safety problems • Liability problems Forged break disc (left original)Claudia Eckert 16 8
  9. 9. 26.05.20123. Security Threats Software Manipulation AttacksMalicious Software• Vulnerable Software (Operating System, Web‐ ( p g y Application, Server) • Code Injection • Data access: manipulation, deletion • Session Hijacking • ID Spoofing • Denial of Service:  Safety‐critical applications can be influenced as well!Claudia Eckert 17 ‚alltägliche‘ Angriffe 18 9
  10. 10. 26.05.20123. Security Threats Network based AttacksVulnerable Networks • Heterogeneous Technologies (e.g. GSM/LTE, WLAN, SCADA) • Injection of false messages,   • Message Replay , Sniffing, Spoofing • Drop messages • DDoSExample: Example:StuxnetAttack 2010Claudia Eckert 19Hacken kritischer Infrastrukturen 10
  11. 11. 26.05.2012 3. Security Threats Example:Smart GridsClaudia Eckert 21 Current Look & Feel …. Future Internet will be a Security Nightmare Any Hope? What is required?  Security Technology:  Scalable, adaptable,  seamless Built‐in Security:          New Architectures  Secure by Design Health‐Monitoring:     New Services, Security as Service Secure during operation Security Culture: Education, Training, AwarenessClaudia Eckert 22 11
  12. 12. 26.05.2012Outline1. Motivation:  Informatik formt Zukunft 2. Future Internet   Informatik als Innovationsmotor 3. Security Threats Innovationen benötigen Sicherheit4.   Research Topics 23 Sicherheit benötigt Forschung Si h h it b öti t F h5. Selected Examples @AISEC/TUM Mit Sicherheit innovativ!6.   SummaryClaudia Eckert 234. Research Topics Security Technologye.g. Scalable Hardware‐Security • Attack‐resistant Hardware modules • Reconfigurable hardware cores  • Secure Object Ids for  M2M authentication • Lightweight cryptography to support resource‐poor sensorsClaudia Eckert 24 12
  13. 13. 26.05.2012 4. Research Topics Secure by Design e.g. Trustworthy Software‐Architectures:  • Secure Programming:  • Input Filtering etc. • Isolated execution environments • Controlled isolation of applications • Trusted Input/Output , trusted path • Security & integrity checks Security & integrity checks • Security check‐points , metrics • Detection  of invalid system states  • Rollback Claudia Eckert 25 4. Research Topics Secure by Design Example: next Generation Mobile PhonesMobile Payment Mobile Banking Mobile Ticketing Mobile Visa Mobile Health Mobile Public Services Services Trusted Applications Trusted Execution Environment 13
  14. 14. 26.05.2012 4. Research Topics Secure during Operatione.g. Security as a Service • Identity Management e.g. with nPA mobile nPA (not yet)• Health monitoring & Malware detection e.g. Improve detection and  e g Improve detection and reaction methods Learn from observed  attacker behavior  Claudia Eckert 27 Outline 1. Motivation:  Informatik formt Zukunft  2. Future Internet   Informatik als Innovationsmotor  3. Security Threats Innovationen benötigen Sicherheit 4.   Research Topics 28 Sicherheit benötigt Forschung Si h h it b öti t F h 5. Selected Examples @AISEC/TUM Mit Sicherheit innovativ! 6.   Summary Claudia Eckert 28 14
  15. 15. 26.05.20125. Selected Examples @ AISEC/TUM Lightweight CryptographySecure Remote Key-less Entry, RKEProblem: Many vehicle access systems possess intrinsic security weaknesses Symmetric cryptography for authentication often used Easy to crack!Solution: Lightweight implementation of ECC and PKI: strong cryptography Secure access protocolsClaudia Eckert 295. Selected Examples @ AISEC/TUM New Concepts for Component Identification‘Finger prints’ for Objects: Unclonable Material-Based SecurityProblem• Secrets can be extracted : spoofed component ID, insecure keysSolution• Physical unclonable function (PUF)• Object fingerprints, depend on variations of the of manufacturing process• M2M Authentication: Physical structure generates Challenge-Response-Pairs in an unpredictable way• Secure generation of cryptographic keys for standard protocols• No protected memory necessaryClaudia Eckert 15
  16. 16. 26.05.2012 5. Selected Examples @ AISEC/TUM Scalable Hardware Security Modules Automotive EnvironmentProblem• Fl h Storage is insecure: not appropriate Flash St i i t i t for keys and sensitive data• Secure Storage within each ECU is very expensiveSolution Central key manaegment using a dedicated Secure Hardware ElementBenefit• Secure M2M authentication of components• Manipulation-resistant storage and cryptographic services• Basis for secure In-Car and Car2X communication Claudia Eckert 31 5. Selected Examples @ AISEC/TUM Secure by DesignSmart Meter/GatewayProblem:• data leakages, privacy issues leakagesSolution• Secure Smart Meter Compliant to BSI Protection Profile• Based on Hardware Security Module Display• Secure Handling of metering data: authentication, Access control, HSM data confidentiality (encryption)• Privacy by design: HSM data aggregation, filtering Claudia Eckert 32 16
  17. 17. 26.05.20125. Selected Examples @ AISEC/TUM Secure by DesignProduct Piracy ProtectionProblem C Copy, Re-Engineering Hi h T h Componentes R E i i High-Tech C tSolution Secure Element used as trust anchor for firmware Authentication between firmware und hardware Software Obfuscation for firmware Tight coupeling of firmware & hardwareClaudia Eckert 33 5. Selected Examples @ AISEC/TUM Secure during OperationMonitoring of Cloud-Services Workflow Manager GRC ManagerProblem Policy Metrics a age Manager a age Manager Cloud-user lose control over their data: where is the data (leakages?), who has access, … PLUGINSSolution Application Modelle Vorlagen KPIs to measure security Event Bus Application Server DSL Interpreter status of outsourced Appl. App Controller Complex Event Processing Dynamic controls to detect Java VM MONITORING FRAMEWORK misbehaviour, deviations Virtuelle Maschine Virtuelle Maschine Monitoring: e.g. Xen / KVM Hypervisor Data flows (where is my data), Log-files (who had access), Betriebssystem Events (IDS, …) Claudia Eckert 34 17
  18. 18. 26.05.20125. Selected Examples @ AISEC/TUM Secure during OperationNew Approaches for Malware Analytics: Topic Models Latent topics in system Call tracesE.g. Expert view: Tr1: graphics program Tr2: read and transmit file content Tr 3: receive and display a picture Expert reveals latent structures: clustering/classifying using semantic expert know-howClaudia Eckert 355. Secure during Operation Some AISEC/TUM ExamplesImproved Malware analytics: SST Supervised Topic Transition Using Machine Learning Techniques and Topic Modeling for clustering Improved ‘semantic’ Clustering and Classification of malwareClaudia Eckert 36 18
  19. 19. 26.05.20125. Secure during Operation Some AISEC/TUM ExamplesSST Supervised Topic Transition >70 topics: High accuracy, low false alarm rate, low missing rate! 37Putting it all together:Example: Secure Smart Grids 19
  20. 20. 26.05.2012Summary & Take Home MessageICT driver of Innovations: • Huge amounts of data are collected, processed, distributedInnovation needs Security: • Data security, integrity, confidentiality is a MUST haveSecurity needs Research:• Security Technologies: Scalable, adaptable• Built‐in Security & Health Monitoring: Architectures, ServicesSecurity needs Multidisciplinarity• Informatics, Engineering, Math: Architecture, SE, HMI, Networks  • Business Administration, Law, Ethics,...Security needs Education: Security CultureClaudia Eckert 3940 Jahre Informatik an derUniversität HamburgHerzlichen Glückwunsch!• Informatik formt die Zukunft• Informatik ist Innovationsmotor• Informatik an der Universität Hamburg Technologie & Gesellschaft Mit Sicherheit innovativ!Alles Gute für die nächsten 40 Jahre!Claudia Eckert 40 20
  21. 21. 26.05.2012Thank you for your Attention Claudia Eckert Fraunhofer AISEC TU München, Chair for IT Security E-Mail: claudia.eckert@aisec.fraunhofer.de Internet: http://www.aisec.fraunhofer.deClaudia Eckert 41 21

×