According to an old proverb, security is a process, not a goal. The entire IT team from software developer, system administrator up to the management, need to be aware of this. Your entire IT staff needs to defend hundreds or thousands of potential risks, while an attacker is full of joy once he finds a single loophole.
Our increasingly diverse infrastructure for home and business use makes this defense harder and harder every day. Security is the fine line to walk while at the same time making all information easily accessible to all authorized users with imperceptible hurdles from all around the world on all kinds of devices; while at the same time creating impenetrable walls and moats against potential intruders.
To make security manageable, the different devices and applications from various vendors should be easy to manage. Ranging from
- cyber-phisical systems (CPS) in business environments (plant controls, building management etc.) over
- home-level Internet-of-Things (IoT) devices including thermostats, oven controls, or security cameras to
- web applications accessed from remote Internet cafés,
the threats are overwhelming, especially as vendors even on the same platform rarely obey to standards or provide fast responses to security problems.
Our research provides a three-pronged approach at solving security threats:
- Create a generic application security manager, which takes existing, unmodified applications and hardens their security settings. This is based on our work on TLS Interposer.
- Provide new, general, low-overhead and user-friendly ways for two-factor authentication to sensitive web applications, again without the need to modify the application. This will use technology from our TLS Interposer and opDNS security research.
- Secure Wireless Personal Area Network (WPAN) and IoT devices by ensuring they communicate only securely with pre-defined devices. Our goal here again is to minimize the changes necessary to existing applications and devices.
- Marcel Waldvogel, Thomas Zink: Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination. NetSys 2015, Gesellschaft für Informatik, 2015.
Marcel Waldvogel, Jürgen Kollek: SIEGE: Service-Independent Enterprise-GradE protection against password scans. In: Müller, Paul; Neumair, Bernhard; Reiser, Helmut; Dreo Rodosek, Gabi (Ed.): 7. DFN-Forum Kommunikationstechnologien -- Beiträge der Fachtagung, Gesellschaft für Informatik, 2014.