KASTEL Phase 2: Research Areas
As a university-based competence centre, KASTEL's main objective is to develop methods and concepts for secure IT systems of the future. The holistic approach and the application reference are in the foreground. This is achieved by bundling the outstanding capabilities of twelve working groups in the field of IT security in one centre.
In order to ensure the practical
relevance of the developed solutions and to ensure technology transfer, an
exchange with companies from the Karlsruhe Technology Region takes place.
Technology transfer in the security sector is intended to strengthen the region
economically.
The work of KASTEL pursues two major
goals:
The first major objective is to
investigate the impact of increasing networking on IT security of systems. To
this end, various aspects of smart environments are first of all examined,
which are characterised by a variety of networked sensors and actuators.
Networked production (Industry 4.0) is also regarded as an application in the
economy. Furthermore, the security of networked critical infrastructures, such
as decentralized power grids (Smart Grid), will be investigated.
The second major objective is to link
theory and practice. Inspired by the experiences of the first funding period,
methods and tools will be further adapted and extended by functions that allow
an approximation to the requirements and complexity of real systems.
Security and Privacy for Future Energy Grids
Our energy systems will be fundamentally
rebuilt in the future. Renewable energies, such as solar and wind energy, are
produced locally and decentralized. This makes reliable planning difficult.
Only through the intensive use of IT it is possible to reconcile production and
demand.
This widespread use of IT systems simultaneously brings new threats to the economy and society: the power consumption data collected for network control allow conclusions to be drawn both on private habits and production processes in industry. At the same time, additional IT systems increase the attack area; manipulation can lead to disruptions, damage and long-term, large-scale power outages. This makes IT security an important prerequisite for the Energiewende (energy transition). The power grid must be considered as a whole in order to be able to integrate the concepts and methods of computer science and electrical engineering in a suitable way. In particular, data protection and the legal framework of regulation also require a close involvement of jurisprudence. KASTEL develops interdisciplinary solutions for the security and privacy of the power grids of the future. A particular challenge is to reconcile the seemingly contradictory requirements for functionality, real-time capability, privacy protection and robustness against attacks and disruptions. Distributed energy systems should not only have a secure IT infrastructure, but also be robust as a whole, since attacks cannot be completely avoided. KASTEL researches the security and robustness of real systems in the Energy Lab 2.0 of the Helmholtz Association and in the IT Security Laboratory for the Production of the Fraunhofer IOSB.
Security and Data Protection for the Future Living- and
Working-Environment
The far-reaching integration of IT technology
into the world of life and work enables a multitude of innovative applications
and services. In so-called Smart Environments, networked sensors and actuators
form the basis for automating everyday processes, providing greater convenience
and making efficient use of resources such as energy or water. However, the
ubiquitous collection, storage and processing of data that goes hand in hand
with this also affects the core area of personal life. The collected data can
be used to identify activities, interests and preferences of individuals or
processes in organisations. One of the major challenges for Smart Environments
is therefore the protection of the privacy of individuals and the business
secrets of organisations.
Security in Smart Environments encompasses
various interlinked aspects, which as such are also investigated together in
KASTEL. On the one hand, the protection of privacy in the collection, storage,
processing and visualisation of data. On the other hand, the protection of this
data from unauthorized third parties during each of these steps. Secure
procedures and communication protocols form the basis for this. In addition, it
also deals with related legal issues, such as data protection, in each of these
areas.
Security and Data Protection for Future Production Systems
Modern production facilities are highly
networked. Embedded systems communicate with each other independently, planning
systems from the cloud calculate order steps and machine occupancy, plant
operators monitor and control from a distance, maintenance personnel access
resources worldwide and perform configuration changes. In the networked world,
the protection of production facilities no longer ends at the factory building
or the company grounds. The network connections allow adversaries to intrude
and manipulate the systems, malware infections can completely paralyze large
areas of the system, causing immense physical damage to the system and danger
to the population. Not only since news about Stuxnet, Duqu, Flame and Havex has
it been clear that production facilities are easy targets for cyber attacks.
Industry 4.0 is increasingly dissolving
the previous separation of traditional IT networks and production networks in
order to be able to operate communication and data exchange across all network
hierarchies. Network components in production are clearly different from the
components used in traditional IT. In its development, which is designed for a
service life of several decades, networking and the associated data security
have so far played little role. Historically, production lines are separated
from each other and from other IT systems. This separation was enforced
physically, by separate communication networks and also logically, by different
protocols. In the course of Industry 4.0, these systems will now be connected
to the network systems of traditional IT. The industry hopes that this will
result in more flexible and efficient production processes. However, the
production systems are also exposed to many hazard scenarios of traditional IT
systems, which makes IT security an important aspect of industrial systems. In
order not to jeopardise the success of industry 4.0, the use of new
technologies must not become a security risk.
Provable Security for Complex IT-Systems
Security in modern and complex systems can only be reliably guaranteed if the requirements placed on a system are consistent from design to implementation and quality assurance of the system. Practically observable attacks on systems are usually due to a lack of security concepts or to errors that only arose during implementation, since the security design was not consistently implemented. That's why we at KASTEL are researching a system theory for the continuous adaptation to strategic, evolving adversaries, as well as tools and methods that take a holistic view of security from design to the last line of code, making it possible to implement and verify it throughout. Experts from the most diverse disciplines of computer science therefore work closely with experts from the legal sciences in order to further develop familiar methods for the documentation and analysis of systems and programs and to make them usable for use in the security-critical environment.