Time filter

Source Type

Rottondi C.,Polytechnic of Milan | Verticale G.,Polytechnic of Milan | Krauss C.,Fraunhofer Institute for Applied and Integrated Security
IEEE Journal on Selected Areas in Communications | Year: 2013

The widespread deployment of Automatic Metering Infrastructures in Smart Grid scenarios rises great concerns about privacy preservation of user-related data, from which detailed information about customer's habits and behaviors can be deduced. Therefore, the users' individual measurements should be aggregated before being provided to External Entities such as utilities, grid managers and third parties. This paper proposes a security architecture for distributed aggregation of additive data, in particular energy consumption metering data, relying on Gateways placed at the customers' premises, which collect the data generated by local Meters and provide communication and cryptographic capabilities. The Gateways communicate with one another and with the External Entities by means of a public data network. We propose a secure communication protocol aimed at preventing Gateways and External Entities from inferring information about individual data, in which privacy-preserving aggregation is performed by means of a cryptographic homomorphic scheme. The routing of information flows can be centralized or it can be performed in a distributed fashion using a protocol inspired by Chord. We compare the performance of both approaches to the optimal solution minimizing the data aggregation delay. © 1983-2012 IEEE.


MUNICH, 08-Nov-2016 — /EuropaWire/ — At electronica 2016, Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) presents semiconductor solutions for sustainable success in the Internet of Things (IoT). Electronics from Infineon are part of our everyday lives already today and even more tomorrow. Sensors, microcontrollers, power semiconductors and security solutions are the building blocks to make connected devices and IoT systems smart, safe and energy-efficient. For example, around 80 per cent of innovation in automotive applications is based on semiconductors. Electronica, the leading international trade fair about electronic components, takes place in Munich, November 8 – 11, 2016. Highlights from Infineon include: Dr. Reinhard Ploss, CEO of Infineon Technologies AG, and other key industry players discuss the impact of the IoT on the electronics industry. Today, a machine solves the riddle of Rubik’s Cube in 0.89 seconds only. Infineon will attempt to break the current Guinness World Record by using the company’s AURIX™ microcontroller. Join us at the Infineon booth or follow us on twitter.com/Infineon to experience this world record attempt. Premiering at electronica 2016, the Infineon IoT Security Circle places the spotlight on the urgent need for security in the IoT. Here, Infineon will host a series of panel discussions and networking sessions with leading IoT security experts, design houses and distributors. In addition, selected partners of the Infineon Security Partner Network (ISPN) will present ready-to-implement security solutions for smart cars, Industry 4.0 and smart home applications. The ISPN was founded in 2015 to address the broader IoT ecosystem with hardware-based security solutions that can be easily implemented. Utimaco, NovTech Inc, Fraunhofer Institute for Secure Information Technology (SIT) and Fraunhofer Institute for Applied and Integrated Security (AISEC) are the latest members to join this unique network. Always on, always online Hall A5, Infineon booth 506 The world is getting smarter and more connected by the day. Always-on connectivity presents its own energy efficiency and security challenges. On display at the Infineon booth are solutions ranging from connected cars to smart manufacturing to smart homes. And at the dedicated Maker’s Corner, Infineon provides “2GO-Kits”, Arduino shields and other boards, to make new applications up and running in no time. Further information is available at  www.infineon.com/electronica Press material will be available at www.infineon.com/press


Milosevic Z.,Ecole Polytechnique Federale de Lausanne | Hutle M.,Fraunhofer Institute for Applied and Integrated Security | Schiper A.,Ecole Polytechnique Federale de Lausanne
Distributed Computing | Year: 2014

Transmission faults allow us to reason about permanent and transient value faults in a uniform way. However, all existing solutions to consensus in this model are either in the synchronous system, or require strong conditions for termination, that exclude the case where all messages of a process can be corrupted. In this paper we introduce eventual consistency in order to overcome this limitation. Eventual consistency denotes the existence of rounds in which processes receive the same set of messages. We show how eventually consistent rounds can be simulated from eventually synchronous rounds, and how eventually consistent rounds can be used to solve consensus. Depending on the nature and number of permanent and transient transmission faults, we obtain different conditions on n n, the number of processes, in order to solve consensus in our weak model. © 2013 Springer-Verlag Berlin Heidelberg.


Krauss C.,Fraunhofer Institute for Applied and Integrated Security | Fusenig V.,Siemens AG
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

In cloud networking users may want to control where their virtual resources are stored or processed, e.g., only in western Europe and not in the US. Cloud networking is the combined management of cloud computing and network infrastructures of different providers and enables dynamic and flexible placement of virtual resources in this distributed environment. In this paper, we propose a mechanism for verifying the geographic location of a virtual resource. Our approach uses Trusted Platform Modules (TPM) to identify physical machines and a trusted authority which verifies the actual location. In addition, our approach enables the verification of the trustworthiness of the machine of the cloud operator. © 2013 Springer-Verlag.


Fedler R.,Fraunhofer Institute for Applied and Integrated Security | Kulicke M.,Fraunhofer Institute for Applied and Integrated Security | Schutte J.,Fraunhofer Institute for Applied and Integrated Security
Proceedings of the ACM Conference on Computer and Communications Security | Year: 2013

Sophisticated malware targeting the Android mobile operating system increasingly utilizes local root exploits. These allow for the escalation of privileges and subsequent automatic, unnoticed, and permanent infection of a target device. Poor vendor patch policy leaves customer devices vulnerable for many months. All current local root exploits are exclusively implemented as native code and can be dynamically downloaded and run by any app. Hence, the lack of control mechanisms for the execution of native code poses a major threat to the security of Android devices. In this paper, we present different approaches to prevent local root exploits by means of gradually controlling native code execution. The proposed alterations to the Android operating system protect against all current local root exploits, while limiting the user experience as little as possible. Thus, the approaches we present help to avert automatic privilege escalation and to reduce exploitability and malware infection of Android devices. © 2013 ACM.


Weiss M.,Fraunhofer Institute for Applied and Integrated Security | Heinz B.,Fraunhofer Institute for Applied and Integrated Security | Stumpf F.,Fraunhofer Institute for Applied and Integrated Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2012

We show in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack. Using Bernstein's correlation in this attack, an adversary is able to extract sensitive keying material from an isolated trusted execution domain. We demonstrate this cache timing attack on an embedded ARM-based platform running an L4 microkernel as virtualization layer. An attacker who gained access to the untrusted domain can extract the key of an AES-based authentication protocol used for a financial transaction. We provide measurements for different public domain AES implementations. Our results indicate that cache timing attacks are highly relevant in virtualization-based security architectures, such as trusted execution environments. © 2012 Springer-Verlag.


Gall M.,Fraunhofer Institute for Applied and Integrated Security | Schneider A.,Fraunhofer Institute for Applied and Integrated Security | Fallenbeck N.,Fraunhofer Institute for Applied and Integrated Security
Proceedings - International Conference on Advanced Information Networking and Applications, AINA | Year: 2013

When cooperating enterprises want to build a community cloud and don't want to burden only a single partner with the provisioning of the cloud infrastructure, they need an architecture that combines the cloud resources from different sites to form a single community cloud. While the idea is similar to grid computing the control over how the resources are used does not stay with the site, but is transferred to the user. Assuming that the IT infrastructures of the enterprises at least partly evolve towards a private cloud, the challenges we face become similar to those posed by the Intercloud. The architecture we present in this paper shows how clouds from different administrative domains can be linked together in a secure way. We also present a policy mechanism that allows users to control how their applications are distributed among the distributed architecture. This way it is possible to scale out parts of a distributed application, while other sensitive parts remain in the local cloud. © 2013 IEEE.


Velten M.,Fraunhofer Institute for Applied and Integrated Security | Stumpf F.,Fraunhofer Institute for Applied and Integrated Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

Measuring the integrity of critical operating system components and securely storing these measurements in a hardware-protected Trusted Platform Module (TPM) is a well-known approach for improving system security. However, currently it is not possible to securely extend this approach to TPMs used in virtualized environments. In this paper, we show how to multiplex integrity measurements of arbitrarily many Virtual Machines (VMs) with just a single standard TPM. In contrast to existing approaches such as vTPM, our approach achieves a higher level of security since measurements will never be held in software but are fully hardware-protected by the TPM at all times. We establish an integrity-protected mapping between each measurement and its respective VM such that it is not possible for an attacker to alter this mapping during remote attestation without being detected. Furthermore, all measurements will be stored in the TPM in a concealed manner in order to prevent information leakage of other VMs during remote attestation. The experimental results of our proof of concept implementation show the feasibility of our approach. © 2013 Springer-Verlag.


Hoffmann M.,Fraunhofer Institute for Applied and Integrated Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

The laws of identity and privacy protection goals are major requirements of user-centric personalized service environments. The goal is that users can send master data, preferences, attributes and claims together with policies to relying parties such as Cloud Services Providers in order to control purpose, usage, and availability of personally identifiable information. In order to meet the requirements and to establish a trusted end point this paper introduces a virtual representation of a user called LifeApp that can be downloaded and installed by relying partners. On the one hand this approach aims at empowering the user to control access, enforce policies, minimize misusage and enjoy - nonetheless - personalized contextual services. On the other hand relying parties benefit from synchronizing data whenever it changes at the user's or the requester's side. The advantages are up-to-date and authentic user data, simplified customer relationship management, and if needed compliance to local data protection. The paper introduces the app approach to personalized service environments based on the Kantara-UMA protocol. © 2013 Springer-Verlag.


Schutte J.,Fraunhofer Institute for Applied and Integrated Security
Proceedings - International Conference on Advanced Information Networking and Applications, AINA | Year: 2012

With the constantly growing complexity and heterogeneity of distributed system, the ability to control their security mechanisms in a human-understandable way becomes increasingly important. Policies, for specifying the behavior of a system in terms of non-functional requirements, have been in use for several years and the Event-Condition-Action (ECA) pattern has been applied in various systems in order to define appropriate reactions to changing conditions. However, ECA policies do not reflect the desired system state but rather on specific actions the system should perform upon the occurrence of certain events, thereby demanding in-depth knowledge about the inner workings of a system and preventing the development of truly "self-protecting" systems, i.e. systems which are able to automatically adapt themselves so as to achieve certain security goals. In this paper, we present a policy framework that abstracts the ECA model to situation-goal (SG) policies, stating which security requirements should hold in a certain situation and thereby bring policies closer to the actual security model the user has in mind. A prototypical implementation of the framework has been done in form of a module for the Apollon policy system. © 2012 IEEE.

Loading Fraunhofer Institute for Applied and Integrated Security collaborators
Loading Fraunhofer Institute for Applied and Integrated Security collaborators