Home | deutsch  | Sitemap | Legals | Data Protection | KIT

Quattro S: Security, Safety, Sovereignty, Social Product

Quattro S: Security, Safety, Sovereignty, Social Product
Project team:

Weber, Arnd (Project leader)

Start date:

2017

Project partners:

Fraunhofer SIT, Fraunhofer Singapore, RheinMain University of Applied Sciences, TU Berlin/T-Labs

Research area:

Innovation processes and impacts of technology

Project description

This project will provide solutions to multiple problems. The first one is the security of information technology. The range of issues addressed includes zero-day exploits (e.g., WannaCry ransomware), denial of service attacks (e.g., Mirai), hardware attacks (e.g., based on the Meltdown and Spectre CPU flaws) up to novel types of hardware Trojans. The possibilities for these attacks originate from weaknesses in the long IT supply chains and threaten the confidentiality, integrity, and availability of systems.

The second problem is that these attacks can also threaten the safety of products, e.g., in energy infrastructures or in the automotive industry.

The third problem lies in the  loss of value added because of a migration of production and competences towards competing economies (e.g., US and China). Sovereignty would mean to have full control of the characteristics of information technology, to be sure that no hidden features are implemented, that no business secrets can be stolen, and to benefit economically from such control.

These objectives are difficult to meet because any component involved in the supply chain may have multiple flaws, possibly even due to problems in the development tools used. Furthermore, while more secure components will reduce overall costs, developing them may initially increase costs. Hence, regulation making secure systems mandatory can help because competing companies would operate under the same conditions. Since other parts of the world are also working on controlling the supply chains, research on options and there implementation in industry is indispensable.

The project will include the following activities:

  • Risk analysis
  • Exploration of technical options, such as (1) the control of the entire supply chain, from the application layers through to the operating system and the hardware and tools used; (2) open, certified and proven paths; (3) migration paths of solutions, e.g., from small systems to large ones
  • Exploration of supportive economic and legislative actions
  • Contribution to setting up a transition process and participation in the development of prototypes
  • Discussion of results, involving stakeholders, and refinement of options, prototypes, and product visions

The objectives will be pursued by means of expert interviews, dissemination activities, workshops, maintenance of a website, as well as participation in the specification and development of prototypes.

Events

Workshop on “Security and Sovereignty in the Information Technology Supply Chain”, organized by KIT, Fraunhofer SIT and Télécom ParisTech, on January 12, 2017

Publications

Recent publications

Titelbild

Weber, A.; Reith, S.; Kasper, M.; Kuhlmann, D.; Seifert, J.-P.; Krauß, C.
Sovereignty in information technology. Security, safety and fair market access by openness and control of the supply chain. Karlsruhe, Wiesbaden, Singapur, Darmstadt, Berlin: KIT-ITAS, HS RheinMain, Fraunhofer Singapur/SIT, TU Berlin 2018, publ. online
Volltext/pdf Titelbild/jpg

If you would like to provide feedback, if you are interested in co-operation, or if you would like to second the content of the White Paper, please contact arnd.weber∂kit.edu.

Publications from prior work

Weber, A.; Weber, D.
Governance sicherer Informationstechnik in offenen Netzen. Wege zu Sicherheit ohne Lücken und Hintertüren. In: Bogner, A.; Decker, M.; Sotoudeh, M. (eds.): Responsible Innovation. Neue Impulse für die Technikfolgenabschätzung? Berlin: edition sigma 2015, 151-164

Jacobi, A.; Jensen, M.; Kool, L.; Munnichs, G.; Weber, A.
Security of eGovernment Systems. Policy options assessment and project conclusions. European Parliament, June 2013
http://www.europarl.europa.eu/stoa/webdav/site/cms/shared/0_home/STOA%20Security%20of%20eGovernment%20Final%20Report.pdf

Weber, A.; Weber, D.
Verifizierte Virtualisierung für mehr Sicherheit und Komfort. DuD-Datenschutz und Datensicherheit (2012)1, S. 43-47
Volltext/pdf full text/pdf

Weber, A.
Enabling crypto: How radical innovations occur. Communications of the ACM 45(2002)4, S. 103-107
Supplementing material: Interviews with Whitfield Diffie and Ralph Merkle.
full text/htm full text/htm

Pfitzmann, B.; Riordan, J.; Stüble, C.; Waidner, M.; Weber, A.
The PERSEUS System Architecture; IBM Research Report RZ 3335 (#93381), Zurich 2001

Contact

Dr. Arnd Weber
Karlsruhe Institute of Technology (KIT)
Institute for Technology Assessment and Systems Analysis (ITAS)
P.O. Box 3640
76021 Karlsruhe
Germany

Tel.: +49 721 608-23737
E-Mail