The volume of digital data produced and stored by companies is growing. Cloud technology offers a convenient solution: IT service providers offer storage space or software which enables data to be saved remotely. But how can companies be sure that their data is protected against unauthorized access or deletion? Researchers from the Technical University of Munich (TUM) have studied this issue and developed a model which allows service providers to be checked and certified reliably.
Particularly for SMEs, it is often difficult to find a secure and reliable option among the many smaller cloud service providers on the market. On the back of discussions with around 100 IT specialists from these types of companies, TUM scientists led by Prof. Helmut Krcmar, Chair Person of the Chair for Information Systems, have developed a solution for this problem. Together with six additional partners, they have developed a new dynamic certification system for cloud services as part of the “Next Generation Certification” (NGCert) consortium.
Cloud certificates have to be flexible
Quality certification already exists in the form of so-called certificates, which are intended to guarantee the security of saved data. These are issued by TÜV and other authorities, and are designed to check specific requirements, such as legal regulations which the provider is required to fulfill for its customers. However, these quality certificates are often provided for one to three years – following just a one-off examination.
These types of static certificates are the main problem according to Helmut Krcmar. “Certificates lose their relevance to the current situation much quicker than in one to three years and therefore also their security. We need dynamic systems which can constantly check the validity of certification over a period of time. We have now developed a model which makes this possible for the first time from an organizational and technical standpoint.” The discussions held with companies showed that the introduction of this type of dynamic quality certification could substantially increase companies’ trust in cloud services and allow them to use the technology more easily.
Secure storage in Germany
In collaboration with companies and cloud service providers, the scientists developed important criteria which new dynamic certificates have to fulfill. For three fourths of the consulted companies involved in the project, data security and data protection were most important. Confidential personal data is often saved in the cloud. From a legal standpoint, the responsibility for this data remains with the companies and not the cloud service provider. It is therefore vital that the data is reliably saved within Germany, where strict data protection laws apply.
That is why NGCert project partners developed programs as part of the certificates which constantly check the location of the cloud service provider’s computers – something referred to as geolocation. The software tests all the paths taken by data packages sent from a company to the cloud service provider. These paths are as characteristic as fingerprints. If they change, it can indicate that the data processing is taking place in a different region, possibly using foreign computers.
Legal and independent
Another criterion is the so-called legal certainty of the cloud services. Laws on data protection and data security can frequently change, such as the retention period for access data. A certificate issued as a one-off is unable to react to these changes within the legal framework. “Our concept of dynamic certificates can also solve this problem. There are many individual software components which can change independently of one another and after a certificate is initially issued – these are referred to as modules,” says Krcmar.
In addition, the companies involved expressed their desire that the checking system should operate independently from the respective cloud service providers and be offered as an autonomous, objective system. This curbs the misuse of invalid or expired quality certificates. Prof. Krcmar’s team has also already developed initial ideas for business models involving this type of independent certification service.
The scientists have released a summary of their results in the “Management sicherer Cloud-Services” final volume which was published in December 2017. In future, the researchers are aiming to extend their results to include the consumer market in an effort to boost trust in cloud services and similar areas, such as e-commerce and location-based services.
Members of the NGCert consortium are: Technical University of Munich (Prof. Krcmar), Fraunhofer Institute for Applied and Integrated Security AISEC (Prof. Eckert), University of Kassel (Prof. Sunyaev), University of Kassel (Prof. Roßnagel), University of Passau (Prof. de Meer) and the industry partners EuroCloud Deutschland_eco e.V. and Fujitsu Technology Solutions.
The project was supported by the Federal Ministry of Education and Research (BMBF) and was successfully completed on December 31, 2017.
Prof. Helmut Krcmar
Chair for Information Systems
Technical University of Munich
Tel.: +49 89 289 19 532
https://www.tum.de/nc/en/about-tum/news/press-releases/detail/article/34401/ - Press Release online
http://www.professoren.tum.de/en/krcmar-helmut/ - Prof. Helmut Krcmar profile
https://ngcert.de/?page_id=599 - Consortium “Next Generation Certification” (NGCert)
https://www.springer.com/de/book/9783658195786 - Book “Management sicherer Cloud-Services” final volume (Springer, in German only)
Dr. Ulrich Marsch | Technische Universität München
Powerful IT security for the car of the future – research alliance develops new approaches
25.05.2018 | Universität Ulm
Supercomputing the emergence of material behavior
18.05.2018 | University of Texas at Austin, Texas Advanced Computing Center
The more electronics steer, accelerate and brake cars, the more important it is to protect them against cyber-attacks. That is why 15 partners from industry and academia will work together over the next three years on new approaches to IT security in self-driving cars. The joint project goes by the name Security For Connected, Autonomous Cars (SecForCARs) and has funding of €7.2 million from the German Federal Ministry of Education and Research. Infineon is leading the project.
Vehicles already offer diverse communication interfaces and more and more automated functions, such as distance and lane-keeping assist systems. At the same...
A research team led by physicists at the Technical University of Munich (TUM) has developed molecular nanoswitches that can be toggled between two structurally different states using an applied voltage. They can serve as the basis for a pioneering class of devices that could replace silicon-based components with organic molecules.
The development of new electronic technologies drives the incessant reduction of functional component sizes. In the context of an international collaborative...
At the LASYS 2018, from June 5th to 7th, the Laser Zentrum Hannover e.V. (LZH) will be showcasing processes for the laser material processing of tomorrow in hall 4 at stand 4E75. With blown bomb shells the LZH will present first results of a research project on civil security.
At this year's LASYS, the LZH will exhibit light-based processes such as cutting, welding, ablation and structuring as well as additive manufacturing for...
There are videos on the internet that can make one marvel at technology. For example, a smartphone is casually bent around the arm or a thin-film display is rolled in all directions and with almost every diameter. From the user's point of view, this looks fantastic. From a professional point of view, however, the question arises: Is that already possible?
At Display Week 2018, scientists from the Fraunhofer Institute for Applied Polymer Research IAP will be demonstrating today’s technological possibilities and...
So-called quantum many-body scars allow quantum systems to stay out of equilibrium much longer, explaining experiment | Study published in Nature Physics
Recently, researchers from Harvard and MIT succeeded in trapping a record 53 atoms and individually controlling their quantum state, realizing what is called a...
25.05.2018 | Event News
02.05.2018 | Event News
13.04.2018 | Event News
25.05.2018 | Event News
25.05.2018 | Machine Engineering
25.05.2018 | Life Sciences