Research - IT Security

Our research on IT Security focuses on embedded security, especially efficient and scalable security architectures and implementations.

Design and implementation of a security architecture

Currently, we are preparing a project for the design of a security architecture for trustworthy data processing and a reference implementation. The goal of this project is to develop an open, scalable, reliable and trustworthy software stack with associated hardware that allow for data processing and communication in security critical environments.

For existing security architectures the implementation is mostly closed and not accessible to the public. This holds especially true for embedded systems. Recent research on side channel analysis has shown that in security critical settings the implementation is critical for the overall security of a system. Using mathematically secure algorithms and protocols is not sufficient to ensure global security. Confidentiality, integrity and authenticity can often still be compromised.

The security architecture

Components of the security architecture

The security architecture consists of the concepts and components outlined on the right. As a prerequisite, a detailed Threat Model containing current attacks and threats is compiled and updated with new research results. Furthermore, usability and scalability are goals for the security architecture. Scalability is important to ensure that a wide range of devices can utilize this security architecture, while usability ensures that the architecture and its interfaces is used correctly. For the concrete implementation, an API is designed that allows for abstraction and separation of the different algorithms and objects within the security architecture. This API is implemented on top of a secure, isolating kernel and provide access to the software and hardware services for userspace programs. On the hardware side, an encrypting memory controller, which secures data outside the processor core, is provided. Additionally, a unique identification key for each system is created with a physical unclonable function and a random number generator based on physical effects is implemented. These hardware parts form the basis for the security of the software stack. The combination of the above components ensures the security of an extendable and performant system.

Adjacent topics of interest

Adjacent topics include

Previous projects

Contact

For further information, contact Wolfgang Meyer zu Bergsten.