Pioneers for a secure future
We have always been fascinated by innovations and research projects. We have contributed our security expertise and technological competence to a large number of sustainable projects at regional and supra regional level. The pioneers of achelos are continuously in contact with science and research-related institutions and are themselves experts in various professional committees.
Below you can find a selection of research projects and initiatives. If you are looking for a partner for a innovative future topic, please contact us!
AutoSCA: Automated vulnerability analysis of cryptographic protocols
achelos improves software development in security-relevant industrial projects
Developments related to Industry 4.0 are driving the networking of plants and machines, the Industrial Internet of Things (IIoT), ever further. This increase in networking is an important factor on the way to the smart, changeable "factory of the future" and opens up remarkable potential for optimising processes. At the same time, however, it also increases the attack surface on a company's IT infrastructure. Continuously effective IT security protection in companies, in order to be able to quickly identify and assess existing and new security risks, is thus becoming increasingly important.
Some facts and figures about AutoSCA:
AutoSCA |
Automated vulnerability analysis of cryptographic protocols |
Project duration |
05/2020 - 04/2022 |
Project partners |
|
Group coordinator |
Universität Paderborn |
Project contribution from achelos (sub-project) |
|
Project volume |
0.79 million € (thereof 92 % funding share by the Federal Ministry of Education and Research (BMBF)) |
Project sponsor |
VDI/VDE Innovation + Technik GmbH |
Project website (in German) |
|
The objective:
Continuously checking the effectiveness of protective measures taken is a major challenge in complex and heterogeneous system environments. This applies in particular to the security of software with its often hardly manageable number of lines of code. Automated testing of the correctness of software implementations is therefore a necessary step to make technical staff’s lives easier. In the AutoSCA project, new methods for the automatic detection of vulnerabilities are being researched and further developed. Effective and efficient automation is made possible by combining new findings in IT security with the methods of artificial intelligence (AI). We focus on vulnerabilities that are based on physical or logical side effects of the implementations, so-called side channels. The developed methods will be implemented as a tool for the automated detection of software side channels and can thus be evaluated.
Classification in the Reference Architecture Model Industry 4.0 (RAMI 4.0)
achelos builds up knowledge in the fundamentals of machine learning and suitable machine learning methods being part of an interdisciplinary team with cryptographers and machine learning experts. This knowledge is used to uncover further cryptographic vulnerabilities with the achelos test suites for secure network protocols.
The tasks for achelos:
Within the framework of AutoSCA, achelos pursues the following goals:
- To build up knowledge in the basics and suitable procedures of machine learning through cooperation with the specialist groups involved, in order to be able to uncover further cryptographic vulnerabilities
- Improving the quality, especially the test coverage, of existing test suites through the algorithms developed in this funded project
- Automated creation of test data that can be transferred to existing test environments
- Practical testing in order to verify the practical suitability
Further Information:
Projekt-Website AutoSCA (In German)
Contact:
Dr. Claudia Priesterjahn
Team Lead Research & Secure Communication Development
claudia.priesterjahn@achelos.de
T: +49 5251 14212-0
AI-DevAssist: AI-assisted secure software development
achelos improves software development in security-relevant industrial projects
Digitalisation is advancing ever further into all areas of life. Critical vulnerabilities in software development pose an enormous security risk and are rapidly on the rise. The project looks into methods for using artificial intelligence (AI) which detects vulnerabilities in software. The total investment volume of the project is €2.24 million, including funds provided by the project partners.
Some facts and figures about AI-DevAssist:
AI-DevAssist |
AI-assisted secure software development |
Project duration |
01/2021 - 12/2023 |
Project partners |
|
Group coordinator |
Code Intelligence, Bonn |
Project contribution from achelos (sub-project) |
|
Project volume |
€2.24 million (of which 82 % is funding by the Federal Ministry of Education and Research (BMBF)) |
Project sponsor |
VDI/VDE Innovation + Technik GmbH |
Project website (in German) |
KI-gestützte sichere Softwareentwicklung AI-DevAssist
|
The objective:
Developing secure and reliable software is a major and as yet unsolved challenge. The number of critical vulnerabilities is growing despite all attempts to curb it, as the diagram shows using the increase in CVE (Common Vulnerabilities and Exposures(1)) from 2006 to 2018 as an example. An analysis by Microsoft Research shows that developers are largely making the same mistakes as they did 20 years ago(2). The objective of this project is to research AI-supported methods for identifying vulnerabilities which enable simpler and more secure software development for developers.
More specifically, the aim is to push forward state-of-the-art security analysis using the example of Java. This will involve the development of artificial intelligence methods which expand existing static analysis and fuzzing tools and enable direct interaction between software developers and AI. Fuzzing is a dynamic software analysis that already uses rudimentary machine learning approaches.
In order to achieve this goal, AI-DevAssist brings together the expertise of leading global teams of experts from the research fields of artificial intelligence, secure software engineering, and usable security. Usable security essentially deals with the human factor in security and how technology can support humans in developing secure software. The solution approach taken by AI-DevAssist consists in the development of AI components that assume this task and identify software errors. AI-DevAssist uses innovative methods of Secure Software Engineering — in particular automated code analysis — to develop an AI assistant that is able to effectively identify vulnerabilities on the basis of semantic programme properties. In addition, methods will be researched and developed for the interaction between AI and software developers in order to optimise the transfer of knowledge between developer and security tool.
The tasks for achelos:
achelos will create a benchmark and support the evaluation of secure software development on the basis of artificial intelligence (AI)
The aim of the achelos sub-project is to ascertain requirements for the analysis software to be developed, create a benchmark, and evaluate the solutions developed in the project. In doing this, achelos builds on its many years of experience in the development of security-relevant software in industrial projects and brings this expertise into the project.
Main task: To create the benchmark
achelos uses vulnerabilities from known benchmarks and supplements them with vulnerabilities that cannot be detected using current tools. achelos will integrate the benchmark in a training and evaluation infrastructure and thus enable constant evaluation of the solutions developed in the project. An expert team from the achelos development department with experience in security relevant industrial projects will be involved in the evaluation of the human–AI interface.
achelos brings expertise to the development of security-relevant software
achelos possesses many years of experience in consulting, development, and testing for software from security-critical application areas. The achelos portfolio includes automated test suites for secure network protocols, security of certificates, and high-security components. Our test suites are used specially for acceptance testing of products that need to be certified in line with Common Criteria. During certification to a specific Evaluation Assurance Level (EAL 1 - 7), looking into secure implementation and vulnerabilities are important criteria. achelos' expertise in the field of test suites is particularly relevant for the design and creation of the benchmark.
In the 'it’s OWL' transfer project 'Integration of CogniCrypt', achelos was able to gather experience in static code analysis with the CogniCrypt tool. In the project, CogniCrypt was integrated into achelos' continuous integration environment and as a plug-in into the Eclipse software development environment and supplemented with rules for the BouncyCastle cryptolibrary.
Furthermore, achelos is working together with the project partners on the BMBF project AutoSCA to automatically analyse side channel attacks against cryptographic protocols for the first time. In this project, achelos is collaborating in an interdisciplinary team of cryptographers and machine learning experts in order to build up knowledge on the basics of machine learning and to establish suitable machine learning procedures with a view to detecting further cryptographic vulnerabilities with its test suites for secure network protocols.
(1) http://1https://cve.mitre.org/ (2) Matt Miller. Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape. In BlueHat IL, 2019.
Further Information:
Contact:
Dr. Claudia Priesterjahn
Team Lead Research & Secure Communication Development
claudia.priesterjahn@achelos.de
T: +49 5251 14212-0
KogniHome: a smart apartment for life
achelos contributes expertise on security tokens and key management
The door welcomes visitors, the wardrobe mirror reminds you to take your keys with you, while the stove warns you when the milk threatens to overcook. These ideas may sound like something from Alice in Wonderland, but they actually represent just a selection of the capabilities of the smart apartment developed at the KogniHome innovation cluster by 14 partners from the fields of science, industry, as well as social welfare and healthcare. Germany's Federal Ministry of Education and Research (BMBF) sponsored the project with €8 million up to 2017. The total investment volume was €11.3 million, including project partner’s own funds.
Some facts and figures about KogniHome:
KogniHome |
Networked living – the smart apartment Regional innovation cluster as part of of the Federal Ministry of Education and Research's (BMBF) funding priority "Human-Technology Interaction in Demographic Change". |
Project duration |
August, 1 2014 to December, 31st 2017 |
Project partners |
14 partners from science and industry, as well as social welfare and healthcare in Ostwestfalen-Lippe (OWL) |
Overall project management |
Cluster of Excellence Cognitive Interactive Technology (CITEC) at the University of Bielefeld |
Project contribution by achelos (sub-project management) |
|
Award |
KogniHome has been named an "outstanding location" by the "Germany – Land of Ideas" initiative. |
Project volume |
€11.3 million (of which €8 million in funding from the Federal Ministry of Education and Research [BMBF]) |
Funding code |
16SV7061 |
Project website |
The objective:
An apartment that supports people in their day-to-day activities – equipped with intelligent and learning technology that can be easily operated by speech or gestures. The intuitive control in particular offers senior citizens and people with disabilities an opportunity to live longer in their own four walls.
The achelos tasks:
achelos managed the sub-project "Development and implementation of a security token"
The basis for acceptance of the KogniHome is authenticated and confidential communication between individual devices and components. In order to guarantee secure communication channels, it is vital for the communication partners to be able to identify and authenticate one another before starting communication of actual content.
The objective of the sub-project managed by achelos was to develop a security token for the identification and authentication process, as well as the key management between devices and components in the apartment.
achelos contributes security expertise
The achelos team has in-depth knowledge for the resource-efficient and hardware-oriented implementation of the relevant security processes in the KogniHome. achelos has defined these processes in full - all the way up to the Public Key Infrastructure (PKI). achelos implemented and adjusted the cryptographic processes developed by the Codes and Cryptography department at the University of Paderborn, as well as other known processes, and managed their implementation on suitable hardware platforms.
The prototype:
A smart apartment for life
The special feature of the KogniHome project is that the apartment can accompany its users throughout their entire life, as it learns from their needs and abilities. The technologies are invisibly integrated into the familiar living environment. A uniform security standard needs to be guaranteed for interaction of the various devices from different manufacturers with regard to authenticity and confidentiality. A research apartment is installed in a building of the von Bodelschwinghschen Stiftungen Bethel in Bielefeld.
The partners:
14 partners from OWL worked on the apartment of the future
The Cluster of Excellence Cognitive Interactive Technology (CITEC) at the University of Bielefeld managed the KogniHome project. Alongside achelos, 13 other partners were involved in the project, including domestic appliance manufacturer Miele, the von Bodelschwinghschen Stiftungen Bethel and the company Hella from Lippstadt.
For more information:
www.kogni-home.de
Press release from the University of Bielefeld on project conclusion with results of the project partners
Contact:
Dr. Claudia Priesterjahn
Team Lead Research & Secure Communication Development
claudia.priesterjahn@achelos.de
Phone: +49 5251 14212-0
CogniCrypt transfer project improve quality for secure software implementation
CogniCrypt transfer project improves quality for secure software implementation
CogniCrypt is a tool that can detect security vulnerabilities early in software development using highly accurate and efficient static code analysis. CogniCrypt is the result of a long-term research project and is actively being further developed by Fraunhofer IEM. CogniCrypt warns of misuse of crypto libraries and thus ensures software quality. In the it's OWL transfer project, Fraunhofer IEM and achelos GmbH spent five months working together on further developing CogniCrypt. The results were incorporated in the open source product in the form of a knowledge transfer and added support for other cryptographic libraries.
Some facts and figures about CogniCrypt:
CogniCrypt |
CogniCrypt makes software development more secure and high-grade: The tool also supports during code reviews, as the tool provides proof that the application interfaces (APIs) have been used correctly. | |
Project duration |
January, 1 2019 to May, 31st 2019 |
|
Project partners |
|
|
Project contribution by achelos |
Continuous knowledge transfer in the transfer project The security experts at achelos incorporated the product in the continuous integration process of their software development operations and tested the tool. achelos was able to contribute its profound cryptographic knowledge within the scope of the project and made a valuable contribution to the development of CogniCrypt. Within the project, CogniCrypt was enhanced by new sets of rules. The new rules allow CogniCrypt to detect security vulnerabilities when using other libraries (Bouncy Castle). The rules defined within the project are fully compliant with Technical Guidelines 02102-1 of the German Federal Office for Information Security (BSI). |
|
Project website |
The Eclipse CogniCrypt plug-in detects misuse of cryptography directly in the development environment. (Photo: Copyright: Fraunhofer IEM)
The starting position:
Many security holes in software solutions are misimplementations of cryptography, which are often related to the large number of encryption algorithms and their configuration (key length, block modes or padding). In software development there is often a lack of knowledge about which algorithm to choose and when. This inevitably leads to security gaps.
That's what CogniCrypt does:
Static code analysis verifies secure use of cryptography.
The static code analysis function of CogniCrypt continuously checks the code for correct implementations during development. When the code is saved in the editor, a static analysis is triggered in the background and warns of incorrect use of a cryptographic programming interface (API).
The achelos tasks
The aim of the project was to integrate the CogniCrypt tool into the software development process of achelos GmbH at several points. In order to avoid incorrect implementations, the Fraunhofer IEM specified rules for the correct use of software libraries. In the course of the project, CogniCrypt was extended by new rules to detect errors in the implementation of other libraries (Bouncy Castle) and to avoid security gaps at an early stage. The achelos team possesses complex knowledge in cryptography and its application and was able to contribute to the further development of CogniCrypt through continuous feedback.
About CogniCrypt
The CogniCrypt tool was developed within the scope of the CROSSING Collaborative Research Initiative at the Technical University of Darmstadt and in cooperation with the Heinz Nixdorf Institute at the University of Paderborn. It allows companies operating in the field of security and cryptography to identify and then eliminate security-critical misuse of cryptographic libraries quickly and reliably, as well as to generate secure cryptographic integration code for various common usage scenarios fully automatically. With the support of the Fraunhofer IEM, CogniCrypt was further developed to market maturity and can be integrated into the Eclipse development environment.
The partners:
About the Fraunhofer IEM:
From its location in Paderborn, Germany, the Fraunhofer Institute for Mechatronic Systems Design IEM offers expertise for intelligent mechatronic solutions in the context of Industry 4.0. Scientists from the fields of mechanical engineering, software engineering and electrical engineering engage in interdisciplinary collaboration here, researching innovative methods and tools for development of intelligent products, production systems and services.
About the "It’s OWL" technology network
In the "It's OWL – intelligent technical systems OstWestfalenLippe" technology network, over 200 companies, research institutes and organisations develop solutions for intelligent products and production methods. With the support of the State of North Rhine-Westphalia, projects with a total value of €100 million are set to be implemented between 2018 and 2022. The key focus topics are artificial intelligence, digital platforms, digital twins and work in the fourth industrial revolution, Industry 4.0. Having won awards in the German government's Top Cluster competition, the "It's OWL" network ranks as one of the largest SME initiatives for Industry 4.0.
For more information:
www.eclipse.org/cognicrypt/
Press release on project conclusion
Contact:
Thomas Freitag
Managing Director
thomas.freitag@achelos.de
Phone: +49 5251 14212-304
Energy efficiency as a driver of new business models
achelos: security and efficiency through rule-compliant implementation
In future, smart home technologies will change life and business in buildings. New fields of application for software and hardware promise exciting design options for landlords, tenants and owner-occupiers of buildings.
Some facts and figures about "green with IT":
green with IT |
New digital processes in the housing and energy sectors The network offers proven and data protection-compliant digitisation solutions for commercial landlords. |
History |
|
Project partners |
Innovative application partners from the housing and building management sector in the Berlin-Brandenburg metropolitan area, as well as additional partners for certain core competencies |
Contribution by achelos |
achelos supports management of the housing and energy sectors in the make-or-buy decision for introduction of Smart Meter Gateways and Public Key Infrastructures, as well as during implementation |
Project website |
The objective:
In the "green with IT" network, achelos will cooperate with innovative application partners from the housing and building management sectors to examine and, if suitable, proceed with introducing Smart Meter Gateways and Public Key Infrastructures, as well as extending the approach to include measurement of water and heat consumption within the scope of defined parameters. The results will be published, so that as many disruptive applications as possible are created and lead to widespread acceptance through attractive prices.
The technology:
Key role for the Smart Meter Gateway
The Smart Meter Gateway is the central communication unit of intelligent measuring systems in the energy sector. It is developed according to the specifications of Germany's Federal Office for Information Security (BSI).
The Federal Office for Information Security (BSI) manages the technical guidelines
The German Federal Office for Information Security (BSI) has drawn up protection profiles and technical guidelines (TR 03109). These are binding as per the Measuring Point Operation Act (MsbG) and guarantee data protection, data security and interoperability of intelligent measuring systems based on the respective state-of-the-art. Among other things, they include the minimum requirements of the following:
- Intelligent measuring systems (§ 21)
- The Smart Meter Gateway (§ 22)
- Secure connection to the Smart Meter Gateway (§ 23)
- Certification of the Smart Meter Gateway according to Common Criteria (§ 24)
- Certification of the Smart Meter Gateway Administrator (§ 25)
As an authority, the BSI is responsible for a uniform safety level and interoperability and is responsible for the permanent further development of the documentation. It takes the initiative to update and revise existing protection profiles and technical guidelines in the event of possible new or technically advanced threat scenarios and other applications (e.g. the Smart Home).The tasks for achelos:
Security and efficiency through rule-compliant implementation
achelos supports the management of the housing and energy sectors in the make-or-buy decision for introduction of Smart Meter Gateways and Public Key Infrastructures, as well as during implementation.
Security for future IoT applications in day-to-day residential activities through:
- Definition of safety requirements as per ISO 27001 and basic protection as per the Federal Office for Information Security (BSI)
- Designing the IT security policy, as well as its strategies and guidelines
- Drafting the IT security concept
- Drafting the IT security architecture
- Developing the IT security organisation technical concept and necessary processes
- Analysing remaining risks
- Defining the back-up and contingency plan
- Preparing/supporting the CC evaluation and CC certification
- Drawing up requirements-compliant documentation
The partners:
achelos is an active member of the green with IT association alongside eleven other members.
For more information:
Contact:
Dr. Claudia Priesterjahn
Team Lead Research & Secure Communication Development
claudia.priesterjahn@achelos.de
Phone: +49 5251 14212-0
System integrity for self-service systems (SiS)
Some facts and figures about SiS:
System integrity for self-service systems (SiS) |
Improved protection of ATMs as a central self-service system |
Project duration |
2010 bis 2013 |
Project partners |
|
Overall project management |
Wincor Nixdorf International GmbH (now Diebold Nixdorf AG) |
Project contribution by achelos |
Experts in smart card technology and security processes |
Project volume |
More than €2 million, funded by the Federal Ministry of Education and Research |
Funding code |
01IS10030D |
Final report |
The objective:
achelos as an expert in smart card technology and security processes
The objective of the project was to improve protection of ATMs as a central self-service system. The project partners have drawn up a holistic concept to ensure the integrity of an ATM with regard to hardware and software. New identity-based cryptographic processes are used which allow the verification of software and hardware integrity. achelos actively supported the project in this field and was involved in the project as experts in smart card technology and security processes.
The tasks for achelos:
- Analysis of existing security processes
- Definition of adapted security processes
- Prototype implementation
The partners:
Four companies from the German city of Paderborn are working together on the joint project for IT security research.
The Federal Ministry of Education and Research funded the SiS joint project for development of a security token to ensure system integrity of self-service machines. Alongside achelos, the University of Paderborn, Wincor Nixdorf International GmbH and Morpho Cards GmbH were all involved in the project with a total volume in excess of €2 million.
Further information:
31 August 2011 | Announcement from the Institute of Computer Science
The project partners were able to present their final report in 2013.
Contact:
Marcel Schriegel
Senior Consultant
marcel.schriegel@achelos.de
Phone: +49 5251 14212-312
Digital identities for a secure industry
Trustpoint facts and figures:
Open-source solution for secure management of machine identities |
As digitalisation continues to advance throughout industrial environments, it is becoming increasingly important to provide and manage machine identities securely in networks. |
Project duration |
September 2023 to August 2026 |
Project partners |
|
Associated partners |
|
Network coordinator |
Centrum für Digitalisierung, Führung und Nachhaltigkeit Schwarzwald, Freudenstadt |
Project contribution by achelos |
Expert for digital identities and security processes |
Project volume |
1.94 Mio. € (73% of which funded by the BMBF) |
Funding |
Federal Ministry for Education and Research |
Official announcement |
|
Website |
The objective and approach:
achelos involved as an expert in digital identities and security processes
The project entitled "Digitale Identitäten für eine sichere Industrie (Trustpoint)" focuses on developing an open-source solution to ensure that machine identities can be provided and managed securely within a network throughout the entire lifecycle. The new solution serves as a trust anchor and is intended to support companies in checking the chains of trust. The intended solution aims to facilitate easier and more effective protection of machines and components utilised in factories. To achieve this goal, the researchers first analyse existing technologies and standards, and then define special requirements in industrial environments. Building on this, practical development of an open-source solution is to be secured in cooperation with companies. In the final stage, the developed trust anchor is then trialled and evaluated by the project team in a factory environment.
The tasks for achelos:
- Collaborative involvement in development of the open-source solution, up to software maturity
- Analysis of the current situation and problems in terms of managing machine identities in industrial environments
- Identification of requirements of a secure and automated solution for provision of digital identities in the form of a results report
- Conceptual design based on the analysis results, as well as the list of requirements for a digital identity provision solution
- Secure commissioning and bootstrapping as per RFC 8995 (BRSKI)
The consortium and supporting companies:
Under the leadership of Campus Schwarzwald, the consortium comprising asvin GmbH, Keyfactor, achelos GmbH and the Hamm-Lippstadt University unites vast expertise and experience in the field of digital identities and their application in industrial environments. The project is being supported by the companies ARBURG GmbH + Co KG, HOMAG, FANUC Europe and Phoenix Contact.
Innovations and outlook:
The trust anchor being developed in the project will allow companies to both identify and operate their machines securely in a network. Implementation will lead to greater security, efficiency and flexibility in industrial processes. The objective is to secure compliant, seamless and trustworthy communication between various stakeholders in industrial environments. The trust anchor project is making an important contribution to keeping the digital transformation secure, while increasing both the sustainability of Germany as an industrial location and digital sovereignty.
Future action areas of achelos:
achelos focuses on industrial manufacturing customers and is planning to provide Zero Trust-based security consulting and solutions for comprehensive cybersecurity of OT networks in critical and important infrastructures as per NIS 2.0.
More information:
Trustpoint | Digitale Identitäten für eine sichere Industrie | Website des Bundesministeriums für Bildung und Forschung
Trustpoint | Digitalisierung, aber sicher! | Schwarzwald Campus
Project website of Campus Schwarzwald
Contact:
Dr. Claudia Priesterjahn
Team Lead Research & Secure Communication Development
claudia.priesterjahn@achelos.de
Phone: +49 5251 14212-0