14.02.2024
Serious Vulnerability in the Internet Infrastructure
The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
20.09.2023
Hacking contest with virtual Mars mission
The National Research Center for Applied Cybersecurity, ATHENE, and the European Space Agency, ESA, are jointly launching an international hacking contest for students. Themed "PWN the Rover", teams of participants must first complete a series of hacking challenges. The eight teams that qualify in this preliminary round will then be allowed to compete in the finals at the ESA’s European Space Operations Centre (ESOC) in Darmstadt on 17 October 2023 and put their hacking skills to the test on ESA’s ExoMy 3D printed rovers. The winning team will receive attractive prizes such as Hak5 USB Rubber Duckies, participation in a practical training simulation by ESA (Ladybird Guide to Mission Operations Training) for the support of a real space mission and security training at the Fraunhofer Cyber Range, where IT teams train for the severity of a cyberattack. For more information, visit www.pwn-the-rover.space.
08.05.2023
AI against money laundering
In the fight against money laundering, established software-based detection methods work imprecisely and often raise false alarms. Consequently, investigating authorities are frequently overburdened because they must follow up on every suspicion. In the new research project MaLeFiz (Machine Learning for the Identification of Conspicuous Financial Transactions), researchers are now working on a solution that uses machine learning – an artificial intelligence technique – to improve the search for illegal money flows and make it more precise so that fewer false alarms are generated. In addition, the project partners are developing minimum requirements and control mechanisms for AI solutions used in the financial industry. Furthermore, the results of the AI are to be made traceable. Project partners are Deloitte GmbH, the Fraunhofer Institute for Secure Information Technology SIT, the Martin Luther University Halle-Wittenberg, the University of Leipzig as well as the Center for Technology and Society at TU Berlin. The MaLeFiz project is funded by the German Federal Ministry of Education and Research and will run for three years. Fraunhofer SIT is leading the project and is responsible for the development of the AI-based tool. For more information, visit www.sit.fraunhofer.de/en/malefiz.
21.04.2023
SmartID – Detect product piracy quickly
Counterfeits of high-quality products such as medicines, cosmetics, watches, or food and beverages circulate in large numbers, especially in online retail. Consumers barely have a chance to verify the authenticity of a product. In the SmartID project, scientists at Fraunhofer are now developing a counterfeit-proof barcode system for authenticity verification simply by using a smartphone without accessing a database. The team is presenting a SmartID demonstrator for the first time at the Interpack 2023 trade fair for packaging in Düsseldorf.
30.11.2022
Strengthening Hessen's Cybersecurity Research
Protecting the cybersecurity of society, business and the state, and fending off threats: That is the goal of ATHENE, the National Research Center for Applied Cybersecurity. Through its research and development, Goethe University now is contributing to Europe's largest cybersecurity research center.
11.10.2022
Document protection with colorful barcode
The Fraunhofer Institute for Secure Information Technology SIT presents a new solution for protection against document forgery at itsa fair in Nuremberg. The digitized world offers plenty of opportunities for fraud, and every year German companies incur huge losses as a result. With the new DocSeal solution of Fraunhofer SIT, companies and public authorities can quickly and easily provide digital documents and paper documents with forgery protection. For this purpose, a colorful barcode (JAB code) is printed on the document, which records important document contents and their placement in the document in a tamper-proof manner. An app can then be used to check document authenticity and automatically detect tampering. To use DocSeal, one does not need Internet access or a central database. All the necessary information is stored directly in the colorful barcode. The barcode technology is ISO-standardized and open source. The solution was developed within ATHENE research center. For more information, visit www.sit.fraunhofer.de/docseal.
04.10.2022
Mechanism for Internet security broken
The National research center for Cybersecurity ATHENE has found a way to break one of the basic mechanisms used to secure Internet traffic. The mechanism, called RPKI, is actually designed to prevent cybercriminals or government attackers from diverting traffic on the Internet. Such redirections are surprisingly common on the Internet, e.g., for espionage or through misconfigurations. The ATHENE scientist team of Prof. Dr. Haya Shulman showed that attackers can completely bypass the security mechanism without the affected network operators being able to detect this. According to analyses by the ATHENE team, popular implementations of RPKI worldwide were vulnerable by early 2021. The team informed the manufacturers, and now presented the findings to the international expert public.
16.09.2021
Study: IT security for electric cars in China
The world's largest automotive market, China, is experiencing high growth rates for electric cars. In order to successfully compete in China, international automakers must comply with Chinese cybersecurity, cryptography and data security regulations. Fraunhofer SIT and Fraunhofer Singapore have summarized these in a joint study: It contains an overview of laws and regulations, including the responsible institutions in China, since 2015. The study also addresses research and development facilities as well as standardization authorities. The study is available for download free of charge at www.sit.fraunhofer.de/NEVChinaSurvey.
15.09.2021
Original or fake? Counterfeit-proof and unique identification shows authenticity of products
Counterfeit-proof product protection and resilient supply chains are the goals of the Fraunhofer SmartID project. The Fraunhofer Institutes for Applied Polymer Research IAP, for Secure Information Technology SIT and for Open Communication Systems FOKUS are developing a novel marking system that can determine the authenticity of products via smart devices even while being offline, i.e. without access to a database. SmartID will be embedded in existing track & trace infrastructures and can be printed on products or their packaging using commercially available printing processes.
13.07.2021
Celebrating the winners of the first Fraunhofer CyberStar Award
The winners of the first Fraunhofer CyberStar Award (FCSA) were announced today: They are Eyal Ronen, Ph.D., from the Tel Aviv University and Anatoly Shusterman from the Ben-Gurion University. The Fraunhofer CyberStar Award promotes excellent graduates in applied cybersecurity and their thesis. The award ceremony took place as part of the first German-Israeli Cyber Conference and was held online. It was supported by high-level speakers from both Israel and Germany such as Yigal Unna, Director General of the Israel National Cyber Directorate, Arne Schönbohm, the President of Germany’s Federal Office of Information Security, and other well-known cybersecurity experts. The conference was opened by Susanne Wasum-Rainer, the German Ambassador in Tel Aviv, and Jeremy Nissim Issacharoff, the Israeli Ambassador in Berlin. The conference was chaired by Haya Shulman.