Fraunhofer Institute for Applied and Integrated Security

Garching bei Munchen, Germany

Fraunhofer Institute for Applied and Integrated Security

Garching bei Munchen, Germany
SEARCH FILTERS
Time filter
Source Type

Stephanow P.,Fraunhofer Institute for Applied and Integrated Security | Banse C.,Fraunhofer Institute for Applied and Integrated Security
Proceedings - 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID 2017 | Year: 2017

Continuous test-based cloud certification uses tests to automatically and repeatedly evaluate whether a cloud service satisfies customer requirements over time. However, inaccurate tests can decrease customers' trust in test results and can lead to providers disputing results of test-based certification techniques. In this paper, we propose an approach how to evaluate the performance of test-based cloud certification techniques. Our method allows to infer conclusions about the general performance of test-based techniques, compare alternative techniques, and compare alternative configurations of test-based techniques. We present experimental results on how we used our approach to evaluate and compare exemplary test-based techniques which support the certification of requirements related to security, reliability and availability. © 2017 IEEE.


Stephanow P.,Fraunhofer Institute for Applied and Integrated Security | Khajehmoogahi K.,Fraunhofer Institute for Applied and Integrated Security
Proceedings - International Conference on Advanced Information Networking and Applications, AINA | Year: 2017

Continuous security certification of software-as-a-service (SaaS) aims at continuously, i.e. repeatedly and automatically validating whether a SaaS application adheres to a set of security requirements. Since SaaS applications make heavy use of web application technologies, checking security requirements with the help of web application testing techniques seems evident. However, these techniques mainly focus on conducting discrete security tests, that is, mostly manually triggered tests whose results are interpreted by human experts. Thus these techniques are not per se suited to support continuous security certification of SaaS applications and have to be adapted accordingly. In this paper, we report on our current status of developing methods and tools to support test-based, continuous security certification of SaaS applications which make use of web application testing techniques. To that end, we describe major challenges to overcome and present experimental test results of using SQLMap to continuously test for SQL injection vulnerabilities. © 2017 IEEE.


Kunz I.,Fraunhofer Institute for Applied and Integrated Security | Stephanow P.,Fraunhofer Institute for Applied and Integrated Security
Proceedings - International Conference on Advanced Information Networking and Applications, AINA | Year: 2017

Current research on cloud service certification is working on techniques to continuously, i.e. automatically and repeatedly, assess whether cloud services satisfy certification criteria. However, traditional certifications are conducted following static processes which are not designed to meet the requirements of continuous certification techniques. In this paper, we address this gap by redesigning the traditional certification process and adding suitable tooling to support continuous certification of cloud services. To that end, we analyze and generalize traditional certification processes and, on this basis, develop a novel, executable process model to detect ongoing changes of cloud services and adapt continuous certification techniques accordingly. We present our prototype which implements the process model and show how it allows us to automatically reconfigure continuous certification techniques according to changes observed in the target of certification as well as to continuously report certification results. © 2017 IEEE.


Rottondi C.,Polytechnic of Milan | Verticale G.,Polytechnic of Milan | Krauss C.,Fraunhofer Institute for Applied and Integrated Security
IEEE Journal on Selected Areas in Communications | Year: 2013

The widespread deployment of Automatic Metering Infrastructures in Smart Grid scenarios rises great concerns about privacy preservation of user-related data, from which detailed information about customer's habits and behaviors can be deduced. Therefore, the users' individual measurements should be aggregated before being provided to External Entities such as utilities, grid managers and third parties. This paper proposes a security architecture for distributed aggregation of additive data, in particular energy consumption metering data, relying on Gateways placed at the customers' premises, which collect the data generated by local Meters and provide communication and cryptographic capabilities. The Gateways communicate with one another and with the External Entities by means of a public data network. We propose a secure communication protocol aimed at preventing Gateways and External Entities from inferring information about individual data, in which privacy-preserving aggregation is performed by means of a cryptographic homomorphic scheme. The routing of information flows can be centralized or it can be performed in a distributed fashion using a protocol inspired by Chord. We compare the performance of both approaches to the optimal solution minimizing the data aggregation delay. © 1983-2012 IEEE.


MUNICH, 08-Nov-2016 — /EuropaWire/ — At electronica 2016, Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) presents semiconductor solutions for sustainable success in the Internet of Things (IoT). Electronics from Infineon are part of our everyday lives already today and even more tomorrow. Sensors, microcontrollers, power semiconductors and security solutions are the building blocks to make connected devices and IoT systems smart, safe and energy-efficient. For example, around 80 per cent of innovation in automotive applications is based on semiconductors. Electronica, the leading international trade fair about electronic components, takes place in Munich, November 8 – 11, 2016. Highlights from Infineon include: Dr. Reinhard Ploss, CEO of Infineon Technologies AG, and other key industry players discuss the impact of the IoT on the electronics industry. Today, a machine solves the riddle of Rubik’s Cube in 0.89 seconds only. Infineon will attempt to break the current Guinness World Record by using the company’s AURIX™ microcontroller. Join us at the Infineon booth or follow us on twitter.com/Infineon to experience this world record attempt. Premiering at electronica 2016, the Infineon IoT Security Circle places the spotlight on the urgent need for security in the IoT. Here, Infineon will host a series of panel discussions and networking sessions with leading IoT security experts, design houses and distributors. In addition, selected partners of the Infineon Security Partner Network (ISPN) will present ready-to-implement security solutions for smart cars, Industry 4.0 and smart home applications. The ISPN was founded in 2015 to address the broader IoT ecosystem with hardware-based security solutions that can be easily implemented. Utimaco, NovTech Inc, Fraunhofer Institute for Secure Information Technology (SIT) and Fraunhofer Institute for Applied and Integrated Security (AISEC) are the latest members to join this unique network. Always on, always online Hall A5, Infineon booth 506 The world is getting smarter and more connected by the day. Always-on connectivity presents its own energy efficiency and security challenges. On display at the Infineon booth are solutions ranging from connected cars to smart manufacturing to smart homes. And at the dedicated Maker’s Corner, Infineon provides “2GO-Kits”, Arduino shields and other boards, to make new applications up and running in no time. Further information is available at  www.infineon.com/electronica Press material will be available at www.infineon.com/press


Krauss C.,Fraunhofer Institute for Applied and Integrated Security | Fusenig V.,Siemens AG
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

In cloud networking users may want to control where their virtual resources are stored or processed, e.g., only in western Europe and not in the US. Cloud networking is the combined management of cloud computing and network infrastructures of different providers and enables dynamic and flexible placement of virtual resources in this distributed environment. In this paper, we propose a mechanism for verifying the geographic location of a virtual resource. Our approach uses Trusted Platform Modules (TPM) to identify physical machines and a trusted authority which verifies the actual location. In addition, our approach enables the verification of the trustworthiness of the machine of the cloud operator. © 2013 Springer-Verlag.


Weiss M.,Fraunhofer Institute for Applied and Integrated Security | Heinz B.,Fraunhofer Institute for Applied and Integrated Security | Stumpf F.,Fraunhofer Institute for Applied and Integrated Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2012

We show in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack. Using Bernstein's correlation in this attack, an adversary is able to extract sensitive keying material from an isolated trusted execution domain. We demonstrate this cache timing attack on an embedded ARM-based platform running an L4 microkernel as virtualization layer. An attacker who gained access to the untrusted domain can extract the key of an AES-based authentication protocol used for a financial transaction. We provide measurements for different public domain AES implementations. Our results indicate that cache timing attacks are highly relevant in virtualization-based security architectures, such as trusted execution environments. © 2012 Springer-Verlag.


Gall M.,Fraunhofer Institute for Applied and Integrated Security | Schneider A.,Fraunhofer Institute for Applied and Integrated Security | Fallenbeck N.,Fraunhofer Institute for Applied and Integrated Security
Proceedings - International Conference on Advanced Information Networking and Applications, AINA | Year: 2013

When cooperating enterprises want to build a community cloud and don't want to burden only a single partner with the provisioning of the cloud infrastructure, they need an architecture that combines the cloud resources from different sites to form a single community cloud. While the idea is similar to grid computing the control over how the resources are used does not stay with the site, but is transferred to the user. Assuming that the IT infrastructures of the enterprises at least partly evolve towards a private cloud, the challenges we face become similar to those posed by the Intercloud. The architecture we present in this paper shows how clouds from different administrative domains can be linked together in a secure way. We also present a policy mechanism that allows users to control how their applications are distributed among the distributed architecture. This way it is possible to scale out parts of a distributed application, while other sensitive parts remain in the local cloud. © 2013 IEEE.


Velten M.,Fraunhofer Institute for Applied and Integrated Security | Stumpf F.,Fraunhofer Institute for Applied and Integrated Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

Measuring the integrity of critical operating system components and securely storing these measurements in a hardware-protected Trusted Platform Module (TPM) is a well-known approach for improving system security. However, currently it is not possible to securely extend this approach to TPMs used in virtualized environments. In this paper, we show how to multiplex integrity measurements of arbitrarily many Virtual Machines (VMs) with just a single standard TPM. In contrast to existing approaches such as vTPM, our approach achieves a higher level of security since measurements will never be held in software but are fully hardware-protected by the TPM at all times. We establish an integrity-protected mapping between each measurement and its respective VM such that it is not possible for an attacker to alter this mapping during remote attestation without being detected. Furthermore, all measurements will be stored in the TPM in a concealed manner in order to prevent information leakage of other VMs during remote attestation. The experimental results of our proof of concept implementation show the feasibility of our approach. © 2013 Springer-Verlag.


Hoffmann M.,Fraunhofer Institute for Applied and Integrated Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

The laws of identity and privacy protection goals are major requirements of user-centric personalized service environments. The goal is that users can send master data, preferences, attributes and claims together with policies to relying parties such as Cloud Services Providers in order to control purpose, usage, and availability of personally identifiable information. In order to meet the requirements and to establish a trusted end point this paper introduces a virtual representation of a user called LifeApp that can be downloaded and installed by relying partners. On the one hand this approach aims at empowering the user to control access, enforce policies, minimize misusage and enjoy - nonetheless - personalized contextual services. On the other hand relying parties benefit from synchronizing data whenever it changes at the user's or the requester's side. The advantages are up-to-date and authentic user data, simplified customer relationship management, and if needed compliance to local data protection. The paper introduces the app approach to personalized service environments based on the Kantara-UMA protocol. © 2013 Springer-Verlag.

Loading Fraunhofer Institute for Applied and Integrated Security collaborators
Loading Fraunhofer Institute for Applied and Integrated Security collaborators