Prof. Claudia Eckert leads the leads the Fraunhofer Institute for Applied and Integrated Security AISEC in Garching and is Chair of IT Security at the Technical University of Munich (TUM). “First, it is important to assess the security of software systems and understand where the possible security weaknesses and vulnerabilities are. Then, we can work to resolve these and make the software more robust,” she adds. It is often too costly to redesign insecure software systems entirely from scratch so they have an appropriate level of security. “If that’s the case, then we have to use additional measures to shield the weak points so they cannot be exploited by anyone.” Dashcams in cars are a topical example. When an accident occurs, dashcams provide the police and insurance companies with important information about what happened. However, dashcams can be hacked as easily as other types of cameras, and their data manipulated. “Such insecure sources of data are then used in court, often in cases that involve a large amount of money,” warns Eckert. That is why Eckert and her team have developed a security protocol and integrated it into the camera. It ensures that data is encrypted directly in the device, that access to the data from unreliable sources can reliably be prevented and that any attempts at launching an attack on the system are recognized and warded off, thus neutralizing the threat of an attack. This technology can be transferred to many other sensor systems in industry and the Internet of Things.
The information scientist is also working on completely new approaches to securely transferring, storing and processing data. This includes confidential development and production data, patient data and much more. Nowadays, all of this information is stored on servers in the cloud. “A lot of the time, the user has to blindly trust the cloud provider that stores the data. Normally, they don’t know how well the data is protected, where it is processed or who exactly has access to it,” adds Eckert. She is working on security solutions to put a change to this; these can be broadly referred to as “confidential computing.” They involve creating monitorable areas on storage platforms where data is processed without the threat of unauthorized access. Moreover, when the system receives the user’s data, it will also receive the rules for its usage and transfer. It will then monitor and ensure that these rules are complied with. Confidential computing can increase the level of trust a customer feels when they hand over their data. “The trick is to use tamper-proof information technology to clearly demonstrate that the system is trustworthy,” says Eckert.