The future of encryption technology? Quantum computers and post-quantum cryptography explained

The future of encryption technology? Quantum computers and post-quantum cryptography explained

They can solve complex math problems, map large molecular structures and calculate complex traffic flows. We’re talking, of course, about quantum computers. In recent years, development work on quantum computers has made small improvements. But it’s not only in mathematics, medicine and logistics that functioning quantum computers would have significant impact — IT security as well stands to benefit greatly.

It’s the year 2035: Quantum computers are capable of cracking all of the public-key algorithms which provided protection for sensitive data back in 2019. Hackers use quantum computers to access information in private emails, while state authorities use them to obtain data belonging to suspicious institutions. Debit card payments are no longer possible, and trading in cryptocurrencies such as Bitcoin is vulnerable to attack.

This scenario seems unrealistic from our current perspective. Researchers predict, however, that in ten to fifteen years there will be functioning quantum computers capable of calculating mathematical problems such as the prime factorization of very large numbers millions of times faster than today’s normal computers and will thus be able to crack encryption methods which we believe to be secure. How realistic is this claim, and what does it mean for developments in the IT security industry?

The difference between normal computers and quantum computers

Normal computers store information in the form of bits, which can assume two different states: 0 or 1. The computing speed of a computer such as this depends on various aspects of the machine, including the number of processor cores it has, the size of the cache and size of the memory. A quantum computer, on the other hand, calculates quantum bits, also known as qubits. Qubits can not only assume the states 0 and 1, but an infinite number of intermediate states as well. This principle is called superposition and arises from quantum mechanical effects which are not yet fully understood. The qubits are in this superimposed state until they are measured.

A quantum computer with one qubit can take on two states simultaneously; a computer with 25 qubits can assume two to the power of 25 at the same time: 33,554,432 states. This allows quantum computers to take on many times more states at the same time than a normal computer and perform more simultaneous calculations. This means a quantum computer with many qubits would require only a few minutes to perform calculations that would take a normal computer more time than a human lifetime to complete.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Development status of quantum computers and current challenges

Although research on quantum computers has been going on for over twenty years, it has not yet been possible to develop a commercially usable quantum computer. Major institutions such as the NSA, Google, IBM and Microsoft are working to develop high-performance quantum computers. At the beginning of this year, IBM introduced a non-commercial quantum computer measuring 2.5 by 2.5 meters that operates on 20 qubits. A quantum computer with as few as 50 qubits would be faster than a supercomputer that uses many processors.

The fact that there are no commercially available quantum computers yet is due to a number of challenges which have yet to be solved: First, quantum computers are difficult to build because qubits need to be kept in stable superposition.

So far, it has only been possible to achieve run times of up to a few microseconds. Second, many entangled qubits are needed to achieve high computing power. However, this also greatly increases the number of errors resulting from calculations performed with many qubits. Even calculations performed with normal computers produce such computational errors, but unlike quantum computers, correction algorithms exist for these. This means that new algorithms have to be developed so that quantum computers can perform calculations efficiently and free of errors.

The successful development of a quantum computer would also give rise to the use of quantum cryptographic encryption methods, the development of which, however, is currently facing similar problems. Quantum cryptographic encryption promises secure communication. As soon as an eavesdropper tries to read the value of a particle, the value changes. The eavesdropper exposes him or herself and is unable to read the message, at least according to current theory. However, connections made thus far have been very error-prone, since the particles need to be transmitted with absolutely no interference. Moreover, the currently developed network is not suitable for transmitting communications secured with quantum keys.

Protecting data from quantum computers: Post-quantum cryptography

Research is already being performed on new quantum-resistant encryption algorithms to prevent the decryption of methods which we have come to believe are secure. This area of research is called post-quantum cryptography. Established asymmetric public-key encryption methods such as RSA multiply large prime numbers together for their encryption. It would take normal computers decades to factorize the primes again, which is why the procedures were considered secure until now. However, an algorithm has already been developed for quantum computers that can factorize large numbers into prime factors and crack asymmetric encryption in a matter of minutes. Right now, this algorithm exists only in theory, since quantum computers are not yet powerful enough to run it. The number of qubits needed to quickly crack asymmetric encryption methods is fairly well known: Between 2,300 and 4,000.

At present, a lot of research money and energy are being invested in the development of quantum-resistant encryption methods. There are numerous possible methods that the American Institute NIST (National Institute of Standards and Technology) is trying to standardize. There are currently 48 procedures under review that are believed to be quantum-resistant. One of these methods is the Supersingular Isogeny Diffie-Hellmann key exchange method (SIDH), which in contrast to other methods has the advantage of being less memory-intensive. The development of quantum-resistant encryption methods, too, is facing problems: On the one hand, the storage space requirements and computational effort are very high in many methods. On the other hand, their security cannot yet be reliably assessed.

The development of quantum-resistant encryption methods shows that the threat posed by quantum computers is being taken seriously. However, when and whether quantum computers will be operational at all is completely unclear. According to a May 2018 study entitled The State of Development of Quantum Computers published by the German Federal Office for Information Security (BSI), due to the high cost of error correction it is “in the foreseeable future unlikely, and probably also economically unattractive, for academic and industrial laboratories to realize a cryptographically relevant quantum computer”. For intelligence agencies, however, this development may indeed prove more relevant. Whether and how realistic the initial scenario is depends on the one hand on how much progress is made in the development of quantum computers and, on the other hand, on what effective, quantum-resistant encryption methods are being developed.

Sources
  • BSI. Entwicklungsstand Quantencomputer. [abgerufen am 31.05.2019]
  • Böck, Hanno. Die leeren Versprechen der Quantenkryptographie. [abgerufen am 31.05.2019]
  • Böck, Hanno. Zu viele Vorschläge und zu viele Bytes. [abgerufen am 31.05.2019]
  • Dubois, Laura. Was ist eigentlich ein Quantencomputer? [abgerufen am 31.05.2019]
  • Killer, Achim. Quantencomputer bedrohen die Datenverschlüsselung. [abgerufen am 31.05.2019]
  • Lindinger, Manfred. Der Quantencomputer verlässt das Labor. [abgerufen am 31.05.2019]
  • Jennifer Chu. The beginning of the end for encryption schemes? [abgerufen am 31.05.2019]
  • t3n. Sind Quantencomputer das Ende der Kryptographie? [abgerufen am 31.05.2019]
  • t3n. Wirklich alles, was du über Quantencomputer wissen musst. [abgerufen am 31.05.2019]
    Mirai – The Botnet of Things

    Mirai – The Botnet of Things

    The dynamic of the Internet of Things shows us the daily progress of digitalization. More and more devices are connected to the Internet, providing users comfort and efficiency. The market is constantly filled with new devices and the variety of functions attracts many users. Today, there is already a huge network of data, servers and connected intelligent devices – which, however, represents a new and above all enormous target for cyber criminals due to the unconsidered security vulnerabilities of smart devices.

    The malware Mirai took advantage of this weakness: In October 2016, the botnet virus became widely known for the first time due to the largest DDoS attack ever launched, targeting the DNS provider “Dyn”. As a result, the websites and services of many international companies, including Amazon, Netflix and Spotify, were unavailable for a long time. For businesses, this can mean a loss of millions. What exactly is the story behind the malware that exploits the weaknesses of technological progress?

    The origin of the Mega Botnet

    2016 wasn’t the first time such an IoT botnet “hit” the market: according to independent security journalist Brian Krebs from krebsonsecurity.com, there have been Mirai-like predecessors since 2014, known as Bashlite, Gafgytm, QBot, Remaiten and Torlus. The Botcode of Mirai was created from the improved codes of its forerunners, compiled by several developers. It was finalized by a group of hackers who joined forces in 2014 and started DDoS attacks on competing Minecraft servers under the pseudonym “lelddos”, using the Mirai Botnet to slow them down or take them off the Internet, which cost their operators a lot of money.

    Mirai has been designed to eliminate malware from already infected IoT devices and eventually takes it over itself. Affected devices, again, looked for other vulnerable devices to take over. Due to the growing number of IoT products controlled by Mirai, the botnet became more extensive and hackers attempted larger targets. In September 2016, the French hosting company OVH suffered a DDoS attack with a total capacity of up to 1.5 terabits per second.

    Shortly after that attack, one of the co-developers Mirais, published the source code of the malware online under the name “Anna-Senpai”. Thus, the author enabled many hackers to copy and further develop the code. The release led to a rapid increase in imitators operating their own Mirai botnets. This eventually ended in an attack on Dyn’s server just a month later. Due to the amount of new variations of Mirai, tracing those responsible became much more difficult. But only a few weeks after that, the FBI tracked down three young Americans.

    On the 5th of December 2017, the hackers pleaded guilty in court in Alaska for developing the malware and merging it into a botnet to harm companies and “other targets”. According to the court documents, the cybercriminal group also planned to earn money with its own DDoS-as-a-Service offer and racketeering. To avoid a prison sentence, the 21- and 22-year-olds agreed to assist the FBI in solving complex cybercrime investigations. Nevertheless, the sentence included a five-year suspended sentence, 2,500 hours of community service, and $127,000 in refunds. Even though, the criminal malware developers are now kept in check, the malware code still exists and can be reused, converted and improved by other hackers.

    The Return of Mirai

    In March 2019, security experts discovered a new type of Mirai, which is aimed primarily at IoT devices within companies. Cybercriminals expect this to increase their attack power even more as they gain access to greater bandwidth over corporate networks. The new Mirai version contains several more features, including 11 additional exploits, bringing the total number of exploits of the malware to 27. These additional features give the program an even larger attack surface. The malware spreads primarily through presentation systems, smart TVs, routers and IP cameras.
    Companies are advised to change the credentials of the implemented IoT devices and to consider the security of these devices in their IT security strategy as well.

    This development shows the uncertainty IoT devices face in the digitized world – the security factor is essential for businesses and users. A study by the Berkeley School of Information and the Center for Long-Term Cybersecurity (CLTC) identified the total cost for consumers caused by a hack of a smart device and additional power consumption when that device is involved in a cyberattack: For example, the combined costs of the attack on Dyn in October 2016 amounted to around 115,000 dollars for IoT users. In a worst-case scenario, the calculator results in a sum of about 68 million dollars, about 100 dollars per user, for a DDoS attack involving 600,000 IoT devices.

    The rise of DDoS Attacks

    The additional attack surface, which results from the very weakly protected Internet of Things, is also reflected in the increasing number of DDoS attacks on companies.

    Hornetsecurity News


    Stay in touch

    Sign up to get the latest News about Cloud Security.

    Whereas three years ago, there were still around 9,000 attacks per quarter on corporate infrastructure and servers in the German-speaking area, attacks increased year by year.
    In the 1st quarter of 2019, there were already 11,177 DDoS attacks registered in Germany, Austria and Switzerland alone. But not only the number of attacks is on the upswing, the volume is also growing significantly. According to the Link11 DDoS Report Q1 2019, the largest DDoS attack in German-speaking countries reached a volume of 224 gigabits per second. With an increase of 70 percent compared to the same period last year, the average of the middle range of this quarter was already 3.8 Gbps. The Internet of Things is contributing significantly to the increased performance of attacks – a fact that takes cyber security to a new level once again.

    Crypto mining – From the gold rush in the digital world

    Crypto mining – From the gold rush in the digital world

    It has been more than a century since the so-called “Klondike Gold Rush” broke out in Alaska. Many tried their luck as treasure hunters and set out under the most difficult conditions in search of the coveted precious metal. Since then, a lot has happened and real gold diggers are mostly only to be found in adventure stories. For in the age of the Internet and with the development of digital currencies, new, much more attractive ways of supposedly making quick and big money have emerged. One of them has a surprising amount in common with the legendary Klondike Gold Rush: “crypto mining” or “digging cryptocurrencies”.

    The procedure of illegal crypto mining

    Cryptocurrencies have become established as a legitimate means of payment. Since the payment units called “Bitcoin” or “Monero” are neither issued by states nor banks, they have to be generated and transferred in a different way. This process, called “mining,” can be done by the users themselves, using computers. But it is not that simple: In order for the digital currencies to be generated, the systems must solve complex algorithmic tasks. The more units to be generated, the more complex the calculation tasks. The exchange of currencies is organized on a decentralized basis and can be handled directly between users via the blockchain using a peer-to-peer network.

    The following motto for miners is derived from this: With more computing power, the tasks can be solved faster and at the same time this means more Bitcoins, Moneros and co. Here, lot of system resources are used, which is why the graphics card and the processor are put under considerable stress. In addition, the computationally intensive process brings with it immense power consumption. Conversely, this leads to high electricity prices and the heavy wear on hardware often makes crypto mining unprofitable – especially when the exchange rate is just not playing along.

    High profit margins thanks to botnet

    As a result, criminal crypto miners have developed various methods to circumvent the high electricity prices found in industrialized countries in particular. One variant is the large-scale mining of cryptocurrencies in countries with extremely low energy prices. For this purpose, entire data centers are set up in countries such as Iceland, Georgia and Venezuela, which are only used for the generation of cryptocurrencies.

    Due to the immense power consumption, crypto mining, especially in this country, can only be deemed “lucrative” with the help of botnets. The idea behind this is that cybercriminals can combine the computing power of the computers embedded in a bot network and use them for free. Through a command-and-control server, they gain central control over all devices integrated in the bot network – but how do they do it?

    How Cybercriminals send a crypto-miner into the system

    In order to make a computer part of a botnet, cybercriminals first have to get “dropper” software into the computer. Regarding the distribution channels, there are no limits to the creativity of digital criminals. The dropper usually reaches the targeted devices via infected websites, but combining it with spam emails is also a popular distribution channel. Here, cybercriminals send spam to a large number of email addresses, hoping that recipients will click on the link contained in the email. On the infected web pages, the dropper is silently downloaded in the background and then executed. The dropper itself does not pose the real danger, because it first downloads the crypto miner and a special tool, which gives instructions to the miner.

    For example, the tool can tell the crypto miner to slow down its activities as soon as a resource-hungry application starts. So it is less likely that the victim will notice the fraud. But that’s not all: Some versions of the malware even have the ability to disable antivirus programs and restore the miner when an application tries to remove it. IT security experts believe that some bot networks can sometimes bring in up to $200,000 per month.

    What is the current threat situation?

    As late as 2018, crypto miners were right at the top of cybercrime’s malware popularity scale – ahead of the well-known blackmail ransomware scam. A crypto miner is used in 9.7% of all recorded malware attacks overall, according to the cyberthreat report by Hornetsecurity. In numbers, that equates to around 29 million out of a total of 300 million malware attacks worldwide. At AV specialists GDATA, three versions of crypto miners were among the top 10 repelled malware programs. But currently the cryptocurrencies are weakening. In particular, the Bitcoin price is like a rollercoaster ride. As a result, the use of crypto mining for cybercriminals is of course not nearly as effective as the previous boom of Bitcoin and co. in December 2017 – but at the same time does this mean that illegal crypto mining is just a fad and the great hype is long gone?

    Quite the contrary, because renowned financial experts are sure: At the moment, it is simply a bubble and as soon as it bursts, the investment in digital money will skyrocket again. Bitcoin expert Aaron Lasher goes even further: He believes that a Bitcoin could be worth about 200,000 euros in ten years.

    Crypto Mining Infographic by Hornetsecurity

    Harvard expert Dennis Porto, who has calculated that the Bitcoin price will rise in the next five years to up to 100,000 euros, backs this up. As crypto mining and the price of cryptocurrencies go hand in hand, illegal crypto mining activities are also likely to increase considerably with the occurrence of this scenario.

    Protection in case of emergency: How do I effectively protect myself against crypto miners?

    A traditional antivirus program is far from sufficient when protecting against complex malware. You are therefore advised to take other precautions. Since crypto miners can only start their work when an infected file or website is opened, access should be prevented ideally in advance.

    This can be ensured in companies, in particular through the use of managed security services. To effectively close the gateway, a combination of spam filters, web filters and Advanced Threat Protection is advised. The spam filter ensures that suspicious emails containing links to infected websites are rigorously filtered out. This way the recipient cannot accidentally click on the malicious link, because the email does not even reach their email inbox.

    Advanced Threat Protection intervenes when there is an infected file in the attachment of an email containing, for example, the “dropper” of a crypto miner. The intruder is quarantined and blocked from entering the email inboxes, just like spam emails. When surfing the Internet, a web filter provides security against harmful content. It reliably blocks access to dangerous sites, such as those on which a crypto miner is installed, and informs the user about the threat that lurks there.

    The gold rush fever among cybercriminals does not simply have to be accepted like this. The worse it is for cryptocurrency prices and the more users hedge against crypto miners in advance, the less likely one is to fall victim to the scam.

    Internet of Things: More time for security in the era of innovation

    Internet of Things: More time for security in the era of innovation

    A life in the smart home through connected devices

    It’s 6:18 am, the smart light alarm clock gently brings its owner out of his slumber to start the day and the morning routine full of energy. Since the alarm clock is linked to various devices in the house via the Internet, the heater heats the bathroom to the desired temperature of 21 degrees at 6:20 am. The coffee is also ready on time at 6:35 am. Even the way to work is monitored by the smartphone app, reporting that a traffic jam may mean delays. When leaving the house, energy consumption is reduced as both the heating and lights are automatically turned off.

    Devices that are equipped with an Internet connection and can communicate with each other make such a smart home possible. And the number of these devices is increasing year by year: The market researchers of the American IT consulting institute Gartner estimate that by 2020, around 20 billion networked devices will be used worldwide, both by private users and by companies. Known as the Internet of Things, the devices create a kind of global infrastructure for technologies that link together physical and virtual objects.

    Introduction to the Internet of Things (IoT)

    What does Internet of Things actually mean and how did it come about?

    “The Internet of Things (IoT) is a network of physical objects that contain integrated technology to communicate and capture things, or to interact with their internal states or the external environment.”(Gartner)

    Ten years after the invention of the World Wide Web, British technology pioneer Kevin Ashton coined the term “Internet of Things”. Ashton is considered the co-founder and developer of the so-called radio-frequency identification (RFID) technology. A device that is equipped with an RFID transponder, receives its own “identity” and is able to receive and submit information – in order words “communicate”. In 1999, Ashton first used the term Internet of Things in a presentation demonstrating RFID technology and its relationship and importance to logistics. RFID is therefore considered the basis of the Internet of Things.

    The ultimate goal of the “Internet of Things” is to unite the real world with the virtual to make it more comfortable, efficient, economical and secure. For example, devices connected to the Internet are used in a variety of private, economic, but also scientific and political fields. American technology company Leverege, which specializes in IoT, divides the world of the Internet of Things into three categories:

    • Things that collect information and send it (to a server).
    • Things that receive information and act accordingly.
    • Things that can be assigned to both category 1 and 2.

    How does an IoT system work?

    The applications of the Internet of Things are diverse and extend across a wide range of industries – but building an IoT system always consists of the same four components:

    1. Sensors/Devices
    An important part of the Internet of Things is data. Accordingly, sensors or devices are necessary, which as a first step collect data from their environment. These can be as simple as a temperature measurement or as complex as a full video transmission.

    2. Connectivity
    In order to send or exchange the collected data, a connection from a sensor to a server or to the cloud is required. The devices can, for example, be connected to the cloud via mobile, Wi-Fi, Bluetooth or satellite.

    3. Data processing
    In order to process the sent data for information, a server is needed which connects to the device and “communicates”. Processing takes place in most cases via the cloud.

    4. User interface
    The information collected must be made useful to the user in some way or displayed and made accessible. Therefore, an interface is required that outputs the information, for example, via notification by text, voice or sound. Depending on the IoT application, the user can also perform an action and influence the system, or the system automatically executes actions through predefined rules.

    Hornetsecurity News

     

     

    Stay in touch

     

    Sign up to get the latest News about Cloud Security.

    Why is the cloud so important to the Internet of Things?

    The progress of cloud technology has a significant impact on the evolution of IoT systems. Because the devices are not only used for private purposes, but are also becoming increasingly prevalent in the industry. In such applications, hundreds of sensors and devices can be used quickly. However, this creates a large amount of data that can only be processed with the help of immense computing power.

    The cloud technology is intended for these purposes, because it consists of a large network with powerful servers. The computing power of the cloud and the resulting capabilities, such as Artificial Intelligence (AI) and Machine Learning (LM), allow the data mass generated by IoT systems to be used intelligently. The system makes “smart” decisions and is also fully scalable. So, instead of having a fixed server that has limited performance, more computing power can easily and quickly be freed up for the “communication” of the Internet of Things in a cloud system.

    What is the difference between IoT and IIoT?

    While we connect IoT in everyday life with networked vacuum cleaners, intelligent lamps and digital heaters, the Internet of Things is also used in the production environment: The Industrial Internet of Things (IIoT) is, so to speak, the industrial expansion of the Internet of Things. IIoT makes Industry 4.0 possible only to this extent. There are not two or three sensors in an industrial hall, but one hundred, two hundred or even thousands. The evaluation of this data makes it possible, for example, to detect irregularities in real time and to solve any problems that might occur, automatically and without delay.

    However, IIoT is not only used in production, because order and dispatch processes can also be optimized by smart devices. Stock about to run out? A sensor records the current inventory and informs the purchasing department. Parcel courier stuck in traffic? Thanks to GPS, the recipient receives a push message directly explaining that his package will be slightly delayed. Particularly interesting is a smart production facility if maintenance can be optimized. Routine checks are no longer necessary if the entire system is monitored by intelligent devices. An efficient and cost-effective solution for businesses – but what about the security of such networks?

    Does IoT pose a cybersecurity risk to businesses?

    Any device that has a computer chip and network connection is potentially vulnerable to hacking. This begins with a light bulb and ends with the acquisition of a nuclear power plant. In August 2019, the FBI commented on this topic: “Routers, wireless radios links, time clocks, audio / video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices could be hijacked for their computing power.”

    With inadequately secured connections, IoT devices are increasingly becoming the target of cybercriminals, for example, using the processing power of sensors to create huge botnets. The malware Mirai infected more than 600,000 IoT devices in 2016 and successfully attacked several companies via DDOS attacks. Victims included American global companies like Netflix and Amazon, whose services were no longer usable for some time. In addition to the loss of service, such attacks often result in high loss of revenue and damage to the image of the company affected. Sending spam emails, hiding network traffic or generating ad-click fraud is also possible through the unauthorized takeover of IoT networks. Most importantly, cybercriminals are looking for data: The basis of the Internet of Things is the exchange and gathering of information from and about its users. Passwords and account access credentials, as well as details about daily user behavior, are of interest to hackers who can use this information for their own purposes, obtaining it easily and quickly if the network is not be adequately secured.

    Why are IoT hacks already a real danger?

    Currently, the number of networked devices is estimated at about 7.5 – 15 billion. In the next 5 to 10 years, the number is expected to increase to around 75 – 125 billion. Alexa and Google Home alone can be found in every fourth American household.

    Big technology companies like Google and Amazon are of course eager to protect their devices from attacks. That’s why they invest huge budgets in their IT security. However, a large proportion of companies pay little attention to cybersecurity, because due to the high pressure to innovate, the main focus is on developing new devices in order to expand the product portfolio and increase sales. According to a recent security survey, some 950 of the companies surveyed invested around 13% of their IoT budgets in the security of their product or service development. Fewer than three out of five (59%) companies encrypt all data they collect or store on IoT devices.

    Lack of security interest shown by companies and users

    87% of all successful attacks on IoT devices are due to software which is not up to date, weak passwords, or a combination of both (Jason Sattler, 4/1/2019). Responsibility lies, on the one hand, with the companies, and on the other hand, with the users themselves. For example, many companies deliver their devices with a default password (e.g.: user: admin / password: password). If the user does not change or cannot change the login details, it is easy for cybercriminals to hack a variety of devices with a simple script.

    The software looks similar because on the one hand, the user is obliged to regularly install updates in order to close security gaps. On the other hand, there are companies that, at worst, develop devices that are not updatable. Often older devices simply no longer receive updates. The user is ultimately the victim. Other attack surfaces include open ports and USB ports, SQL injection, insecure web interfaces, buffer overflow, network device fuzzing and cross-site scripting (XSS). The focus is on the development of new and innovative devices, but not their security. Many technologies are simply too cheap to cover the costs of IT security.

    Internet of Things without legal security standards

    The system behind a “smart device” is very different from that of a computer: The structure and operation are much more complex than, for example, that of a light bulb. In addition, a computer has much more processing power. Accordingly, there are many ways to protect the system of a computer from unauthorized access. But how do you protect a smart light bulb? Smart home appliances or networked machines have low computational power because they are often just small sensors connected to external servers. A script consisting of just a few KB therefore runs on the devices. The possibilities for a backup are therefore limited.

    The market of the Internet of Things is still quite new, demand is growing steadily and the industry is therefore fast-paced. Many manufacturers often lack the necessary expertise to protect the devices from possible cyber attacks, but time is also a factor to which security falls victim: Companies are under great pressure to bring new and innovative products to market faster than the competition. As a result, cybercriminals can develop new ways to gain access to devices faster than it takes to secure them. Another challenge for the growing Industrial Internet of Things market is that there are no legal production standards for companies. Hackers are aware of this lack of such standards and see IoT devices as easy targets. In addition, hackers can establish a broad reach with minimal effort through the growing number of smart gadgets.

    But where there is no plaintiff, there is no judge: There are currently no laws or established security standards regarding the form in which IoT and IIoT must be protected. This leads to disorientation for both the manufacturer and the buyer alike, because both ask the same questions: Is the device secured well enough? And: How well is the device protected compared to other devices?

    Foundations for a secure Internet of Things

    The most important measure for more security in the IoT and IIoT domain is to make the manufacturers of smart products responsible. In view of the increasing risk, the British Government, in cooperation with the European Committee for Standardization, the European Telecommunications Standards Institute and the Cybersecurity Tech Accord, published a document in February this year entitled ETSI TS 103 645. An essential element of the 16-page document is provided by 13 paragraphs or arrangements addressed to companies that should serve as a guide to IoT consumer safety in the manufacture of smart devices. These include the following items:

     

    1. No universal default passwords

    2. Implement a vulnerability detection tool

    3. Implement regular software updates

    4. Ensure secure storage of access data and sensitive information

    5. Enable secure communication (encryption)

    6. Reduce exposed attack surfaces

    7. Ensure software integrity

    8. Ensure protection of personal data

    9. Ensure fail-safe design of systems

    10. Monitor system telemetry data

    11. Make it easier for consumers to delete personal data

    12. Ensure easy installation and maintenance of equipment

    13. Ensure validation of data entry

     

    However, the paragraphs are only “suggestions” and are not yet mandatory – they could at least serve as the basis for an IoT certification process.
    In addition, new tools such as “AutoSploit” enable potential security vulnerabilities to be found already during production. Thanks to artificial intelligence, the tool performs fully automatic searches for code errors that could lead to cyberattacks (Dan Mosca, 2018). The following continues to apply in the IT industry: Secure by Design.

    How do I protect my company from IIoT attacks?

    According to the current situation, as a user, whether privately or at work, you cannot assume that networked devices are secure. In the area of digitization, many companies use the Internet of Things as part of their digital transformation. To do this, they are connecting a growing number and variety of IoT devices to the corporate network. These interact or communicate with other valuable IT resources and often process sensitive information. Precisely for this reason, companies must take precautions to ensure IT security, to protect access and data, but without losing touch with the digital future at the same time.

    Cyber risk analysis
    Before an IoT system is introduced, cyber risk should be analyzed and integrated into the company’s risk management. Assessing security for all planned IoT services and products is essential. In addition, regular reviews and certificates from IoT services provide customers with qualified proof that companies and manufacturers protect personal data well and process it transparently for users.

    Regular inspection by a responsible person
    During operation, there must be regular checks on the security of networked devices. For this reason, it is important to appoint a responsible person who guarantees the security in the long term going forward. Thus, this person must regularly check whether all updates have been installed, when the last update was made available, and which hacks have appeared on the Internet and could possibly pose a threat to the company’s system. Tools like Shodan control whether devices from their own network are visible on the “free” Internet.

    How do I as a private person protect myself from a hack of my smart home?

    Even for private end users, there is currently no quality seal as a guide for comparing the IT security of IoT devices. Therefore, the buyer himself must take security precautions. The following tips should be followed to increase the security of your IoT systems:

    Only buy devices that you can update

    Regularly install software updates

    Change the default password of a device immediately after commissioning

    Passwords for all IoT devices in the house should be different

    If possible, periodically scan all devices and the network for viruses

    Limit the access of associated apps to a minimum

    Keep up to date on recent cyberattacks

    Close ports in the network not currently required

    Avoid IoT systems with a technically outdated web interface

    Data should be encrypted via SSL / TLS

    Some of these tips require some technical know-how. However, you can already increase security with little effort: Up-to-date software and secure credentials are the most basic recommendations to prevent your IoT system from being hacked.

    Conclusion: Maintain progress and guarantee security

    The possibilities offered by the Internet of Things are incredibly broad. Although IoT devices have already arrived in everyday life, we are only just scratching the surface of huge technical progress. Although innovation is a top priority among market participants, protection of IoT technologies should never be overlooked, as reported incidents have made very clear. In times of current and ever increasing cybercrime, security may be something that provides a competitive advantage over rivals and helps increase customer acquisition.

    Experts interview: Dr. Yvonne Bernard about Artificial Intelligence

    Experts interview: Dr. Yvonne Bernard about Artificial Intelligence

     

    Currently the topic of artificial intelligence dominates every discussion about digitization. As a former researcher on open systems and trust- and security mechanisms, this development has prompted our Head of Product Management Dr. Yvonne Bernard to take a closer look. In her recently published article „AI – the same procedures as last century?“ she provides a view behind the current hype. In the following interview with Yvonne, we will explore the background of this innovative technology, take a look at the implementation of artificial intelligence in an entrepreneurial context, and in conclusion discuss its potential in IT security.

     

    So, what made you decide to take a further look at AI?

    Especially in recent years, I have seen an enormous increase in AI technologies applied and – perhaps more importantly – advertised by technology companies and vendors around the world.
    Since I have been dealing with this topic in research and teaching for several years, I was really curious: Have the mechanisms that I used and taught at Leibniz Universität Hannover developed further? Basic research takes up to 20 years, as they say, to be separated (if at all) from basic research in business-relevant technology, but to be honest, some of the features we used back then, such as artificial neural networks, were already older than me.

     

    If you say this technology has been around for decades, why is it actually being applied just now?

    Nowadays, what makes the implementation of AI technologies really worthwhile is the possibility to store and process large amounts of data and to adapt the processing schemes if necessary. Big data doesn’t mean storing everything and then looking at what you do with it: you have to think about data types in order to calculate efficiently and effectively on the basis of these data volumes. Also, the promotion of these technologies, which have been in use for years, has of course made its contribution to the hype. Furthermore, the growing number and quality of libraries that are available to the public and not only to researchers is a further aspect. You don’t have to spend much time looking for suitable software or frameworks to realize your AI ideas in functional code. Frameworks such as TensorFlow, Caffe and CNTK can be mentioned here. Thus, AI is increasingly used for the fast and (nearly) optimum solution of real problems.

    Hornetsecurity News


    Stay in touch

    Sign up to get the latest News about Cloud Security.

     

    What has made the use of AI possible in companies and what is the necessity?

    As already mentioned, the increasing number and quality of libraries and the possibility to work with large amounts of data are the main growth drivers of the use of AI in the business environment. In addition, completely new and additional techniques such as supervised machine learning can be applied. In this case, a certain amount of the available total data is used, which is assumed to be very similar to the data for which the algorithms are trained for. An “unlearning” of desired characteristics is thus to be excluded.
    To compare: In research laboratories, it is always important to make sure that the algorithms to be applied are well parameterized and suitable for the targeted data set. In business life one often does not want to and cannot spend this time to evaluate every possible parameter set. Moreover, a learning algorithm that learns something unexpected is great for a researcher but cannot be tolerated in business.

     

    In which industries and processes do you see the greatest opportunities for the application of artificial intelligence?

    It is safe to say that AI will not be the only solution to each of today’s problems. But there are areas where AI techniques are easier and more accessible than ever, and nothing should prevent developers and system developers from using the former pure research technology in any way that helps them find a good (or if possible the best) solution to their real problems. I would like to emphasize that – also at Hornetsecurity – many procedures from the quantity of AI methods have already been used successfully for years. In the past, however, such techniques were not advertised consciously, whereas today AI is perceived as a quality criteria or at least as an innovation. In general, the application is generally widespread in the area of optimization procedures and is also recommended, since simple heuristics are often not sufficient in terms of quality, but the determination of the optimal solution would not be possible in the desired time due to the complexity of processing times. Suitable learning methods can achieve excellent results in a short time – if you know how to use them wisely. Optimization processes can be found in almost all industries.

    And finally: Do you think that artificial intelligence will influence and change IT security?

    Yes, absolutely, but in both ways: Not only security research, but also attackers will increasingly use the accessibility of these technologies. With our comprehensive understanding and many years of experience in this field of algorithms, Hornetsecurity is well prepared for this “Arms Race”.

    Ghidra – Reverse Engineering Tool of the NSA

    Ghidra – Reverse Engineering Tool of the NSA

    On March 5, 2019 the long-awaited Reverse Engineering Tool of the US Secret Service NSA was presented at the RSA Conference. Our Head of Product Management Dr. Yvonne Bernard was there live at the event and shares her impressions in the following.


    Ghidra! – Even our Security Lab is curious to see what the tool, which the NSA will publish as “Open Source Software”, has to offer. Reverse engineering tools are rare and expensive – but essential for security researchers and malware analysts to get to the bottom of suspicious files. The rush to the lecture by Rob Joyce, Senior Advisor for Cybersecurity (NSA), was therefore enormous, so that the lecture room had to be enlarged. Rob Joyce started his lecture with a touch of humor, because he realized that half of the audience was only present because “NSA” appeared in the title.
    Straightaway, he clarified that the tool has no backdoor; if there is a community where you can’t permit it, it’s this community. If applicable, different from open operating systems – “Each of your Android phones has a little bit of NSA in it”. However, some rumors in the web disprove the statement about missing backdoors at Ghidra – the Java debug port is currently under discussion.

    Hornetsecurity News


    Stay in touch

    Sign up to get the latest News about Cloud Security.

    Ghidra offers a wide range of useful features for security researchers and has been designed for collaborative use: Analysts can collaborate on a project basis and share information easily and globally. This is one of the purposes which the secret service set itself with the release.
    Due to the simple extensibility, researchers can add their own tools and integrate their own small applications, e.g. in Java or Python.
    A generic processor model (Sleigh) in the background makes it possible to observe the effects of changes of single parts in the binary in all levels directly and thus to understand foreign software better. In addition to the interactive user interface, Batch processing is also possible to perform large quantities of analyses simultaneously.

    Another important feature is the Undo/Redo function, which can be applied to undo certain actions without understanding the complete analysis results. It can also be used to transfer actions to other samples.
    The first impression of the tool is very promising, but Hornetsecurity only tests the software in isolated secure environments for data examples that are suitable for this purpose – because some skepticism remains.

    Some impressions of the Ghidra-Presentation