Cyber Defense

Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE

Virtual Security with tangible Benefits

Increased networking possibilities in many sectors of life have opened up previously unimaginable opportunities. Sadly, however, this is also true for hackers and their ability to launch cyber attacks. Just how vulnerable modern societies have become since they became too reliant on the Internet was apparent from the events in Estonia in 2007. The country’s entire Internet system had to be literally switched off due to a distributed denial of service (DDOS), causing large tracts of public life to grind to a halt. It has since been apparent that cyberspace needs its own defense strategies which are what we are now developing in the Fraunhofer FKIE’s “Cyber Defense Laboratory”.

The intention is to keep pace with the rapid development of network infrastructure technology and the concurrent diversification of potential threats. They include the previously  mentioned (D)DoS attacks, sending out spam messages, the flow of targeted information, the manipulation of industrial control installations and the kind of spying on users that has been demonstrated so spectacularly recently by Conficker, Storm, GhostNet and Stuxnet. Our Cyber Defense research group is concerned with all aspects of IT security, but is focusing its work in the areas of defense and public security. This is because the ultimate aim is to provide decision-makers in all areas of network-based reconnaissance and operational command and control with practical support in all matters of IT security. An increasing number of commercial organizations are now seeking our advice.

Approach

In response to mounting cyberspace security challenges, the FKIE has combined all related research activity into the “Cyber Defense Center”, comprising of the two “Cyber Defense Laboratories” at the Wachtberg and Bonn sites. It is at this new facility that the reliability and dependability of computer systems and networks will be evaluated, potential risks assessed, causes of cyber attacks analyzed and appropriate effective warning and protection mechanisms developed, always tailored precisely to the clients’ specific requirements. There are two product groups: (1) Technical solutions and studies: We prepare requirement analyses, feasibility studies and application-oriented models for our clients. We continue to support our prototypes throughout their life including after they have been transferred to our industrial partners. (2) Services: Here again we always start by intensively analyzing the client’s requirements. In addition to further education and training geared to target groups we also conduct independent scientific and technical project monitoring and expert analyses and investigations of technical systems.

Areas of Expertise

The distinctive methodology of the Cyber Defense department is based on the premise that we should always take a mission-centric approach. The Cyber Defense Labs in Wachtberg and Bonn have a unique perspective on IT security based on their experience of Network Enabled Capabilities of military missions and the security of critical infrastructures. Many years of cooperation between the Fraunhofer FKIE and the Bundeswehr means that our staff can not only offer an in-depth understanding of operational environments but they are also adept at handling highly sensitive information. In doing so they always preserve the balance between application-oriented and scientific expertise. To ensure they are always operating at the cutting edge of current understanding the research group is regularly involved in professional exchanges with related academic communities. In key words these would be: security architectures, end-to-end security, (group) key management, Honeypots/Honeynets, malicious software (malware) analysis, Botnet detection and combating, identification of routing anomalies, secure sensor networks and intrusion detection and response. Because this level of IT security expertise is in such demand in the civilian world, our know-how is increasingly being extended to business and government agencies.

Application

A large part of our research activity is aimed at protecting the diverse IT infrastructures of the german military, the Bundeswehr. Central to this is the issue of Network Enabled Capabilities. When multinational, cross-coalition groups are operating together, the ability to exchange secure and fully protected communications is a prerequisite for gathering the uniform situational information that makes the concerted action of all parties possible. IT security in diverse infrastructures is also a subject of far-reaching significance for public institutions, government agencies and globally operating commercial companies. Since these organizations share many similar requirement structures they too are increasingly employing the services of the Cyber Defense department. Specific examples include the protection of improvised mobile ad hoc operational networks, the self-configuring cryptographic safeguarding of distributed networks, the collection and analysis of malware as well as IT security tactical information display and decision-making support.

Projects

IDP / MIKE – Security between Communications Partners

The secure integration of IP driven, tactical terminals represents a challenge to Network Enabled Capabilities. The Fraunhofer FKIE has developed a process which boosts the availability of virtual private networks under arduous operating conditions and in situations where terminals do not need to be configured. [more]

Cooperative Intrusion Detection for dynamic Coalition Environments

Cost implications dictate that many networks operating within a coalition environment use the public Internet to connect with one another. This can, however, leave them susceptible to attacks. In order to guarantee protection of the network infrastructure, it makes sense to transfer the knowledge and capabilities of “Intrusion Detection” and “Intrusion Response” systems to the wireless tactical networks. [more]

Combating Botnets – Making the Internet safer

Botnets are armies of computer systems infected by malware making it possible for them to be controlled remotely by criminals. They are a refinement of the dreaded Trojans, except that it is no longer just one single PC, but up to several million zombie computers that can be controlled simultaneously. Our Fraunhofer FKIE colleagues are investigating and actively combating botnets. [more]