UPB Bildmarke
Department of Computer Science
Contact
  • Deutsch
  • English
  • Prospective students
    • Open Page "Study"
    • Our study pro­grammes
    • Counselling and support services
    • Study Service
    • Academic rules and regulations
    • FAQs
    • Open Page "Research"
    • Our Research
    • Professors and fields of expertise
    • Distinguished lectures
    • Open Page "Department"
    • Organisation
    • Professors and fields of expertise
    • Committees, student councils and representatives
    • Job offers
    • IRB
Contact
Com­puter Sci­ence News
Creating trustworthy IT systems using cryptography
Contact
  1. Faculty of Computer Science, Electrical Engineering and Mathematics
  2. Institute of Computer Science

Com­puter Sci­ence News

Back to the news list

Se­cur­ity solu­tions for the com­put­ing of the fu­ture

25.04.2023  |  EIM-Nachrichten,  CS-Nachrichten

Share post on:

  • Share on Instagram
  • Teilen auf Twitter
  • Teilen auf Facebook
  • Teilen auf Xing
  • Teilen auf LinkedIn
  • Teilen über E-Mail
  • Link kopieren

Creating trustworthy IT systems using cryptography

Banking, emails, shopping: increasing volumes of data are being collected, processed and stored online. The challenge of ensuring that they are securely encrypted is similarly increasing, because in the future, quantum computers will be able to crack current encryptions. There is a need for solutions to enable trustworthy IT systems, both now and in the years to come. The Collaborative Research Center (CRC) ‘CROSSING’ (Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments) sees researchers working to develop cryptography-based security solutions that will be able to withstand even high-performance quantum computers. This joint project is a collaboration between TU Darmstadt, Paderborn University, the University of Duisburg-Essen, the University of Regensburg, and the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt. More than 65 researchers from the fields of quantum physics, cryptography, system security and software engineering are working together in an interdisciplinary collaboration to develop new security solutions that create trust in the current and next generation of computing environments. Last year, the CRC – which has been funded by the German Research Foundation (DFG) since 2014 – was extended for a third term until 2026 with ten million euros of funding.

Prof. Dr. Eric Bodden of the Heinz Nixdorf Institute and Department of Computer Science at Paderborn University is heading the ‘Secure Integration of Cryptographic Software’ sub-project under the CRC’s ‘Engineering’ section. With his team, he is developing methods and technologies to enable encryption technology to be securely integrated into various applications. This means that even people who are not experts in the field should be able to correctly use cryptographic processes.

Improved information security: freely available platform for developers
 
During the first two funding phases, the CRC researchers have already managed to develop secure encryption and signature processes to combat quantum attacks. But although cryptography offers a variety of solutions to protect sensitive data, implementing it poses some challenges. Software developers are therefore having to tackle issues relating to the choice, composition and integration of cryptographic components. Among other things, this creates a danger of insecure combinations.

To overcome this hurdle, Prof. Bodden and his team are tackling the objective of assisting developers using automation tools. The researchers have designed various software development and analysis techniques to achieve this. The tools are being made freely accessible to all via the intelligent open-source platform ‘CogniCrypt’, developed jointly by the CRC researchers. In doing so, they are seeking to help application developers choose suitable cryptographic components, as well as incorporate them securely into their software to prevent vulnerabilities and errors from the outset.

Avoid security loopholes right from the start
 
To raise awareness of the proper way of dealing with these security solutions, the researchers have documented some cryptography regulations. This is because if any elements within an application are not executed in a specific way, security loopholes quickly arise that can cause considerable damage.

The researchers have followed the ‘allowlisting’ approach in this: ‘“allowlisting” is a form of application control that reduces malicious security attacks by only allowing correct cryptography to be executed’, explains Michael Schlichtig, a researcher in the ‘Secure Software Engineering’ research group at the Heinz Nixdorf Institute. Researchers consider this as offering a major advantage over ‘denylisting’, which prohibits executions based on known threats: ‘If I need to list all potential threats, it is very easy to overlook something, making the solution insecure. “Allowlisting”, on the other hand, allows us to ensure that only the secure use of cryptography is permitted’, Schlichtig explains.

In this third and final phase of funding, the researchers in the various project groups are currently working to combine their research findings as optimally as possible, so that the newly developed cryptography-based security solutions are easy but also effective for IT developers, administrators and end users to employ.

Photo (Paderborn University, Jennifer Bounoua): Trustworthy IT systems: the Collaborative Research Center (CRC) ‘CROSSING’ brings together more than 65 researchers from the fields of quantum physics, cryptography, system security and software engineering to develop cryptography-based security solutions.
Download (4 MB)

Contact

business-card image

Prof. Dr. Eric Bodden

Secure Software Engineering / Heinz Nixdorf Institut

Write email +49 5251 60-6563
More about the person
business-card image

Michael Schlichtig

Secure Software Engineering / Heinz Nixdorf Institut

Write email +49 5251 60-6580
More about the person

Department of Computer Science

Warburger Str. 100
33098 Paderborn
Germany

Universität Paderborn

Warburger Str. 100
33098 Paderborn
Germany

Phone University

+49 5251 60-0
Legal notice
  • Imprint
  • Data privacy
  • Whistleblower system
Social networks