Dirk Scheuermann

Security evaluation of scenarios based on the TCG's TPM specification

The Trusted Platform Module TPM is a basic but nevertheless very complex security component that can provide the foundations and the root of security for a variety of applications. In contrast to the TPM, other basic security mechanisms like cryptographic algorithms or security protocols have frequently been subject to thorough security analysis and formal verification. This paper presents a first methodic security analysis of a large part of the TPM specification. A formal automata model based on asynchronous product automata APA and a finite state verification tool SHVT are used to emulate a TPM within an executable model. On this basis four different generic scenarios were analysed with respect to security and practicability: secure boot, secure storage, remote attestation and data migration. A variety of security problems and inconsistencies was found. Subsequently, the TPM specification was adapted to overcome the problems identified. In this paper, the analysis of the remote attestation scenario and some of the problems found are explained in more detail.

Secure automotive on-board protocols: a case of over-the-air firmware updates

The software running on electronic devices is regularly updated, these days. A vehicle consists of many such devices, but is operated in a completely different manner than consumer devices. Update operations are safety critical in the automotive domain. Thus, they demand for a very well secured process. We propose an on-board security architecture which facilitates such update processes by combining hardware and software modules. In this paper, we present a protocol to show how this security architecture is employed in order to achieve secure firmware updates for automotive control units.

Protected transmission of biometric user authentication data for oncard-matching

Since fingerprint data are no secrets but of public nature, the verification data transmitted to a smartcard for oncard-matching need protection by appropriate means in order to assure data origin in the biometric sensor and to prevent bypassing the sensor. For this purpose, the verification data to be transferred to the user smartcard is protected with a cryptographic checksum that is calculated within a separate security module controlled by a tamper resistant card terminal with integrated biometric sensor.

Increasing Security and Privacy in User-centric Identity Management: The IdM Card Approach

In this paper, we describe how security and privacy can be increased in user-centric Identity Management (IdM) by the introduction of a so-called IdM card. This IdM card securely stores and processes identity data of the card owner, an end user. The card represents a trusted device that supports the user in managing its digital identities and also in performing secure and privacy-enhanced service authentication and authorization.

Preventing Pass-the-Hash and Similar Impersonation Attacks in Enterprise Infrastructures

Industrial espionage through complex cyber attacks such as Advanced Persistent Threats (APT) is an increasing risk in any business segment. Combining any available attack vector professional attackers infiltrate their targets progressively, e.g. through combining social engineering with technical hacking. The most relevant targets of APT are internal enterprise and production networks providing access to top-secret information. This work focuses on preventing Pass-the-Hash, one of the biggest and most long-standing security flaws present in enterprise domain networks. The introduced approach can be applied further to make password theft pointless for attackers in general, and is capable of extending network protocols, that are unprotected by themselves, with approved security mechanisms. The protocols do not need to be modified and already existing network services can stay untouched when integrating the solution into enterprise infrastructures.

Smartcards with biometric user verification

If a smartcard provides security functions such as electronic signature creation, valuables such as electronic money and/or sensitive data such as medical data, then the smartcard has to verify that it is used by the legitimate cardholder. For this purpose, the user has usually to present a PIN. Since smartcards become more and more powerful, it is feasible to implement on-card matching algorithms allowing to perform a biometric user verification in the smartcard. The contribution of FhG-SIT in this field consists of participation in standardisation and the development of on-card matching algorithms.

Using Extensible Metadata Definitions to Create a Vendor-Independent SIEM System

The threat of cyber-attacks grows up, as one can see by several negative security news and reports [8]. Today there are many security components (e.g. anti-virus-system, firewall, and IDS) available to protect enterprise networks; unfortunately, they work independently from each other – isolated. But many attacks can only be recognized if logs and events of different security components are combined and correlated with each other. Existing specifications of the Trusted Computing Group (TCG) already provide a standardized protocol for metadata collection and exchange named IF-MAP. This protocol is very useful for network security applications and for the correlation of different metadata in one common database. That circumstance again is very suitable for Security Information and Event Management (SIEM) systems. In this paper we present a SIEM architecture developed during a research project called SIMU. Additionally, we introduce a new kind of metadata that can be helpful for domains that are not covered by the existing TCG specifications. Therefore, a metadata model with unique data types has been designed for higher flexibility. For the realization two different extensions are discussed in this paper: a new feature model or an additional service identifier.

Umfassende Sicherheit: Safety und Security im Kontext autonomer Systeme

Einleitung Autonome Systeme werden einer der zentralen Innovationstreiber des kommenden Jahrzehnts sein. Die Forschungsund Entwicklungsabteilungen etablierter wie neuer Unternehmen arbeiten mit Hochdruck an der Umsetzung hochund vollautomatisierter Systeme. Neben der Faszination völlig neuer funktionaler Möglichkeiten blieb die Sicherheit dieser Systeme lange im Schatten dieser Faszination und der damit verbundenen Marketingwirksamkeit zurück. Denn Sicherheit bietet bei der häufig rein oberflächlichen Betrachtung keine neuen, attraktiven Funktionen, sondern wird als notwendiges Übel und Einschränkung wahrgenommen. Doch zeigen gerade Ereignisse der jüngeren Vergangenheit, dass bei der Entwicklung eines hochautomatisierten Systems die Hinzunahme der Sicherheit dem entwickelten System eine ganz neue Bedeutung gibt. Und gerade hier könnte letztlich ein entscheidender Wettbewerbsvorteil für die Unternehmen der ,,Old Economy“ liegen, die jahrzehntelange Erfahrung in der Entwicklung sicherheitskritischer Systeme vorweisen können. Oder anders formuliert: Mangelnde Sicherheit kann sich als Showstopper einer innovativen Technologie erweisen. Sicherheit sollte daher als ein zentraler Wettbewerbsfaktor wesentlich stärker als bisher in den Fokus von Forschung und Entwicklung rücken. Sicherheit ist hierbei als Umfassende Sicherheit zu verstehen, die sowohl Safety als auch Security und vor allem auch deren Wechselwirkung betrachtet. Neue Ansätze der künstlichen Intelligenz, die zur Umsetzung autonomer Funktionalitäten unerlässlich sind, stellen für den Safetynachweis eine große Herausforderung dar. Die Fähigkeit eines Unternehmens, Systeme mit der notwendigen Intelligenz für den Praxisbetrieb auszustatten, ohne deren Safety zu gefährden, wird eine Schlüsselrolle im aktuellen Wettlauf um die ersten praxistauglichen autonomen Systeme spielen. Gleichzeitig werden autonome Systeme aber auch immer vernetzte und somit offene Systeme sein, die mit ihrer Umgebung und der Cloud in Verbindung stehen werden. Neben Safety, das in der Entwicklung technischer Systeme eine jahrzehntelange Engineeringkultur vorweisen kann, sehen sich Unternehmen nun auch Securityherausforderungen gegenüber. Es ist daher wenig verwunderlich, dass viele Unternehmen außerhalb der IT-Branche, wie zum Beispiel die großen Zulieferer im Automobilbereich, in den letzten Jahren intensiv versucht haben Security-Know-how aufzubauen. Letztlich reicht es aber auch nicht, Safety einerseits und Security andererseits zu betrachten, sondern vor allem auch deren Zusammenspiel ist von zentraler Bedeutung. So ist die Vermeidung von Hackerangriffen auf ein Fahrzeug eine Aufgabe der Securityspezialisten. Gleichzeitig hat ein solcher

Addressing Industry 4.0 Security by Software-Defined Networking

Preceded by three industrial evolutions with the virtue of innovation in basic technologies such as mechanics (first evolution, beginning in the 1780s), electricity (second evolution, beginning from the 1870s), and electronics and computation (third evolution, starting from the 1970s), the vision for the fourth industrial evolution (in German called Industrie 4.0) has been started by the German government in 2011 [1]