Institute of IT-Security and Security Law
Current Projects

Current Projects

The East-Bavarian Centre of Internet Competence aims to consolidate East-Bavarian universities' research competence on the subject of the Internet and make this extensive body of research available to businesses in the region as a catalyst for innovation.

Three complementary projects of the University of Passau, covering Big Data, legal aspects of critical infrastructures and Smart Grids and one project carried out by Deggendorf Institute of Technology, on the detection of anomalies in power grids, will exemplify the benefits such pooled knowledge can bring to the Bavarian economy.

The projects deal with a wide array of Internet technologies and their interdisciplinary relationships with the legal and economic environment. The East-Bavarian Centre of Internet Competence is funded by the Bavarian Ministry of Economic Affairs and Media, Energy and Technology (funding period: 2015–2020).

  • Bavarian Knowledge Network for Digital Infrastructures, IT Security and Law for Businesses (BayWiDI):

    The BayWiDI project examines current developments in IT security law, particularly regarding the passing of the German IT Security Act. It concerns itself with questions such as how businesses can ascertain an adequate level of legally-compliant IT security while still remaining flexible enough for innovations.

    Ultimately, the project aims to give Bavarian companies a valuable IT Security instrument for self-implementation using approaches developed in the projects. All knowledge generated from this dialogue between business and academia is conveyed in everyday language and continuously updated in the newly established BayWiDI platform. To this end, the end users are involved in the development of suitable tools and formats.

    Project Director: Prof. Dirk Heckmann

  • Big and Open Data Analytics for Small and Medium-sized Enterprises (BODA):

    Using large-volume (or 'Big Data') data analysis processes on data freely available on the World Wide Web has an enormous potential for the success of Bavarian business enterprises. However, due to the complexity of technologies used for Big Data and open data processing SMEs often find themselves locked out of this success factor.

    The BODA project therefore aims to explore, develop and – using prototypes – test new could-based services to make Open Data usable in Big Data processes for Bavarian SMEs. The project is carried out in co-operation with business partners involved in data-based customer analysis on the data-analysis and application side, among others.

    Project Directors: Prof. Michael Granitzer, Prof. Harald Kosch

  • Smart Grids – Communication, Management and Security:

    The idea behind Smart Grids, or intelligent power distribution networks, is to achieve a more efficient utilisation of energy sources, which will usher in a new era of ecologically-sound power generation.

    The two major challenges in this are steadily increasing energy consumption and the inclusion of renewable energy sources. To meet these challenges, both power supply and demand have to be made 'smart' by taking today's power grid technology and enhancing it withinformation and communication technology.

    Bavaria is already among the world's leading regions in terms of energy generation, particularly when it comes to the use of photovoltaic systems. This project, moreover, gives Bavarian SMEs a further boost with regard to the technology and knowledge used to push ahead with the change towards clean energy. New problems brought about on a regional level by virtual power plants, energy management, load distribution and energy reservoirs can also be solved on a regional level, and open up new markets in the process.

    Project Director: Prof. Hermann de Meer 
  • ForSEC TP2:

Projekt Mngt: Prof. Dr. Joachim Possegga
Projekt Duration: 09/2013 - 08/2017
Internet of Things Security

  • ForSEC TP9:

Projekt Mngt: Prof. Dr. Joachim Possegga
Projekt Duration: 03/2013 - 08/2017
Web Security

  • ForSEC TP3:

Projekt Mngt: Prof. Dr. Hans Reiser
Projekt Duration: 09/2013 - 08/2017

Project Mngt.: Prof. Dr. Hermann de Meer
Partners: Dirk Emmerich, Fujitsu Technology Solutions GmbH, Munich, Germany

Aims:Legal compliance and data security are two major issues when it comes to Cloud computing. In particular in Europe, data protection has become an important impact factor regarding security, management, and offerings of IT-Outsourcing. Caused by the specific technical design of Cloud environments, legal compliant security faces several challenges that need to be overcome. It is difficult to track data processing within the Cloud, in particular where and by whom data is processed. This makes it very difficult to prove if and how data has been processed within the Cloud, which is for example mandatory for compliance with European data protection law.The joint research and development project between Fujitsu Technologies Solutions AG and University of Passau aims for solving the lack of monitoring and control by Cloud customers and Cloud providers to improve the self-determination of the data subjects and the legal security of the Cloud providers. By investigating current legislation and technical state of the art on data protection and IT-Security, new solutions shall be indentified to implement and prove security and legal compliance of Cloud Computing.Therefore, the project focuses onderiving technical requirements from applicable legislation on Cloud computing,

  • identifying and implementing an effective isolation- and protection model for data processing within the Cloud, and
  • supporting and improving compliance monitoring and auditing of Cloud services.

Project Duration: 01.04.14 - 31.03.17
Project Mngt.: Prof. Dr. Hermann de Meer

FP7, SEC-2013.2.5-4, Grant 608090

Hybrid Risk Management for Utility Networks

The main objective of this project is to identify and evaluate ‘Hybrid Risk Metrics' for assessing and categorizing security risks in interconnected utility infrastructure networks in order to provide foundations for novel protection and prevention mechanisms.

The project will provide utility network providers with a risk assessment tool that - in adherence with, e.g., the BSI or ICNC recommendations - supports qualitative risk assessment based on numerical (quantitative) techniques. For that matter, our method will explicitly account for the infrastructure's two-fold nature in terms of the utility network and the control network alongside it. The expected impact is thus a movement away from best practice only, towards the treatment of risk in utility networks based on a sound and well-understood mathematical foundation. The project will take an explicit step towards considering security in the given context of utility networks, ultimately yielding a specially tailored solution that is optimal for the application at hand.

SECOR

Projekt Mngt: Prof. Dr. Joachim Possegga
Projekt Duration: 10/2014 - 08/2017
funded by: BMBF

Secure Service Composition for the Internet of Things (Sichere Erstellung von zusammengesetzten Diensten für das Internet der Dinge): The academic/industrial consortium of SECOR proposes applied research in ICT, in particular IT-Security in the context of cooperation and has two goals: First, to pursue joint research between the École Nationale des Sciences de l’Informatique (ENSI) and the Faculty of Computer Science and Mathematics (UNI PASSAU); second, to conduct technology transfer into the involved Tunisian SME Focus (FOCUS).Internet of Things and Services. The consortium builds upon existing

Project Duration: 02/2015 - 08/2018
Project Mngt.: Prof. Dr. Joachim Possegga
funded by: European Union

Privacy and Security Maintaining Cloud Services

With a current volume of over USD 100 billion and annual growth rates of over 10%, the world-wide market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most The PRISMACLOUD work program is complemented with activities addressing secure user interfaces, secure service composition, secure implementation in software and hardware, security certification, and an impact analysis from an end-user view. In order to converge with the European Cloud Computing Strategy, a strategy for the dissemination of results into standards is developed.Techniques for outsourcing computation with verifiable correctness and authenticity-preservation allow to securely delegate computations to cloud providers. A distributed multi-cloud data storage architecture shares data among several cloud providers and improves security and availability. Dynamically updating shares by means of novel techniques avoids vendor lock-in, preserves data authenticity, facilitates long term privacy and promotes a dynamic cloud provider market. Claims about the secure connection and configuration of the virtualized cloud infrastructures and properties of cloud topologies are verifiable by means of cryptographic techniques. User privacy issues are addressed by data minimization and anonymization technologies due to the application of privacy-preserving cryptographic techniques. As feasibility proof, three use cases from the fields of SmartCity, e-Government, and e-Health, will be implemented and evaluated by the project participants. sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. PRISMACLOUD addresses these challenges and yields a portfolio of novel security enabled cloud services, guaranteeing the required security for sensitive data in the cloud.

contact person: Henrich Pöhls

Open Competence Center for Cyber Security

Project Duration: 01.04.15-30.09.17
Project Mngt.: Prof. Dr. Hans Reiser
funded by: BMBF

The goal of the project is to establish an open environment for interdisciplinary and  professional education in cyber security. This includes degree programmes at Universities as well as individual courses for law enforcement and the private sector.

A german project description is available by clicking on the header.

Project Duration: 15.05.15-14.05.17
Project Mngt.: Prof. Dr. Hans Reiser
funded by DFG

A german project description is available by clicking on the header.

Project Duration: 01.10.15-30.09.17
Project Mngt.: Prof. Dr. Ilia Polian

funded by DFG

Cryptographic circuits are employed in mobile and embedded systems to protect sensitive information from unauthorized access and manipulation. Fault attacks circumvent the protection by injecting faults into the hardware implementation of the cryptographic function, thus manipulating the calculation in a controlled manner and allowing the attacker to derive protected data such as secret keys. A large number of fault attacks and counter-measures against such attacks were suggested in the last years. However, isolated techniques for each individual attack are no longer sufficient; a generic protective strategy is lacking.

The Algebraic Fault Attacks project focuses on the class of algebraic fault attacks, where the information used for cryptanalysis is represented by systems of polynomials. In order to understand the scope of such attacks and develop suitable counter-measures,, techniques to conduct algebraic fault attacks will be developed. Making them as automated as possible will enable systematic vulnerability estimation of cryptographic functions and their hardware implementations. Mixed algebraic models will be employed which integrate the specification of the function with its hardware implementation and can be enriched by results of side-channel analysis. To solve the generated algebraic systems, classical Gröbner-base and border-base procedures as well as reduction of reduction of such systems to Boolean satisfiability (SAT) instances will be employed. Both border-base and SAT algorithms will be optimized for specific properties of fault-based cryptanalysis, and a tightly-integrated combination of both methods will be created. The attacks will be validated on an FPGA-based fault-injection platform, and the obtained data will be fed back in order to refine the employed models of attacks and counter-measures. Finally, a cross-level protection strategy combining error detection based on novel AMD codes with low-level hardening is proposed.

AGILE - Adaptive Gateways for dIverse muLtiple Environments

Project Duration: 01.01.16 - 31.12.18
Project Mngt.: Prof. Dr. Joachim Possegga
funded by: European Union

AGILE builds a modular hardware and software gateway for the Internet of Things with support for protocol interoperability, device and data management, IoT apps execution, and external Cloud communication, featuring diverse pilot activities, Open Calls & Community building.A complete IoT Ecosystem AGILE creates IoT hardware and software components for multiple stakeholders. IoT makers and developers who wish to quickly prototype solutions for managing IoT devices and data End users with no experience in coding or setting up IoT hardware Industry vendors seeking a modular gateway option that saves time in development and production IoT entrepreneurs and SMEs who are building IoT solutions that need support of multiple protocols and networks.

ESP

Projekt Mngt: Prof. Dr. Joachim Possegga
Projekt Duration: 11.05.2016 - 31.10.2016
funded by: DAAD

Transformation: Kurzmaßnahmen

Dingfest

Project Duration: 01.06.16-31.05.19
Project Mngt.: Prof. Dr. Hans Reiser
funded by: BMBF

ISAP

Projekt Mngt: Prof. Dr. Joachim Possegga
Projekt Duration: 08/2016 - 07/2018
funded by DAAD

Partner: Amirkabir University of Technology, Iran

Internationale Studien- und Ausbildungspartnerschaften

SUMEX

Projekt Mngt: Prof. Dr. Joachim Possegga
Projekt Duration: 08/2016 - 07/2018
funded by: BMBF

Summer School and Exchange Program

The project description is only available in german. To see the german page please click on the header.

Project Mngt.: Prof. Dr. Dirk Heckmann