35th Chaos Communication Congress: PHYSEC presents details on the application of their technology

35th Chaos Communication Congress: PHYSEC presents details on the application of their technology

At the 35th annual conference of the Chaos Computer Club (35C3), the largest international hacker meeting in Europe, Christian Zenger, David Holin and Lars Steinschulte presented PHYSEC’s Enclosure-PUF technology.

This year’s Cha­os Com­mu­ni­ca­ti­on Con­gress attrac­ted more than 16,000 visi­tors to the exhi­bi­ti­on halls in Leip­zig on three days. Under the mot­to “Refres­hing Memo­ries” it was the venue for important deba­tes, lec­tures and work­shops on tech­ni­cal and socio-poli­ti­cal topics.

It was the first time that we gave insights into the PHYSEC tech­no­lo­gy. With Enclo­sure-PUF we pre­sen­ted an inno­va­ti­ve tech­no­lo­gy that makes it pos­si­ble to veri­fy the authen­ti­ci­ty, inte­gri­ty and phy­si­cal sta­te of a phy­si­cal object and to pro­ve cor­re­spon­ding state­ments via digi­tal chan­nels.

In public envi­ron­ments, data extrac­tion from or mani­pu­la­ti­on of com­pu­ter sys­tems is easy to per­form as it requi­res only phy­si­cal access. The aim of the talk was the­re­fo­re to demons­tra­te exem­pla­ry tam­per resis­tan­ce by means of a (very inex­pen­si­ve) self-built test bed in order to pro­tect secret infor­ma­ti­on wit­hout attack detec­tion or data era­su­re cir­cuit. The use of elec­tro­ma­gne­tic waves (or their pro­pa­ga­ti­on beha­viour) enab­les the pro­tec­tion of indi­vi­du­al small com­pon­ents to be exten­ded to the ent­i­re peri­phe­ry of a sys­tem. This in turn leads to the detec­tion of mani­pu­la­ti­ons so that sui­ta­ble coun­ter­mea­su­res can be taken in good time. The pro­tec­tion can be used fle­xi­b­ly with regard to size and app­li­ca­ti­on.

In 2018, we were awar­ded the Ger­man IT Secu­ri­ty Pri­ze of the Horst Görtz Foun­da­ti­on for the deve­lop­ment of the Enclo­sure PUF.

David Holin, Lars Steinschulte and Christian Zenger (f.l.t.r.) from PHYSEC during the talk at the 35C3 in Leipzig

Mis­sed the talk? Click here for the record­ing.


Innovations from Bochum: MIT Technology Review names Christian Zenger “Innovator under 35” in Europe!

Innovations from Bochum: MIT Technology Review names Christian Zenger “Innovator under 35” in Europe!

After we had the pleasure of receiving his award as “Innovator under 35” in Germany only in July, Dr. Christian Zenger has now received further recognition: He is one of the Europe-wide “innovators under 35”!

Innovators Under 35” is the world’s leading community of innovators, pioneers and social pioneers. Since its inception, MIT Technology Review has annually published the list of the most brilliant innovators under 35 years of age who are making groundbreaking advances and actively shaping their research areas. The European programme highlights the work of the most talented young technology leaders and strengthens the international innovation community. The innovators were selected by the jury from over 1000 candidates.

With PHYSEC, Christian Zenger creates a system that detects small changes in the signals of encryption devices and could thus ensure an impenetrable and above all secure Internet of Things. According to Mahvash Siddiqui, Environment, Science, Technology and Health Officer at the United States Embassy in London (United Kingdom) and member of the jury for innovators under 35 in Europe, the young German innovator shows an “impressive combination of entrepreneurial and scientific-technical skills” and develops a technology “with the potential to change the world”.

Innovators Under 35” is an annual list that recognizes outstanding innovators under the age of 35. The awards cover a wide range of areas, including biotechnology, materials, computer hardware, energy, transport, communications and the Internet. The Technology Review magazine is published by the Massachusetts Institute of Technology (MIT). It reports on technological innovations from various fields that have the potential to change the world.

More information on the innovators can be found here.



Innovation “made in germany” – PHYSEC wins the 7th German IT Security Award

Innovation “made in germany” – PHYSEC wins the 7th German IT Security Award

Every two years, the Horst Görtz Foundation honors the best future-relevant innovations in IT security. We received first prize for the development of the Enclosure PUF. The concept makes it possible to verify the integrity of computer systems and their peripherals by using electromagnetic wave propagation effects. The award ceremony took place today at the it-sa trade fair in Nuremberg, the largest IT security trade fair in Europe. The German IT Security Award is the most renowned and highly endowed award in the industry and is determined in a two-stage process by a jury of experts.

More information about the award can be found here.

The Foun­der and the Award Win­ners ( © 2018 Nürn­berg­Mes­se GmbH)


Christian Zenger is one of Germany’s innovators under 35

Pioneering ideas for the Internet of Things make Christian Zenger an ‘innovator under 35’

Exciting news for PHYSEC GmbH: Our cofounder Christian Zenger was awarded as one of the leading innovators under 35 in Germany for his research in the field of IT security in the Internet of Things (IoT).

PHYSEC com­bi­nes digi­tal cryp­to­gra­phy with infor­ma­ti­on theo­re­ti­cal phy­si­cal lay­er secu­ri­ty and thus crea­tes IT secu­ri­ty solu­ti­ons that eclip­se all pre­vious­ly known methods. Unpre­dic­ta­ble elec­tro­ma­gne­tic chan­ges bet­ween devices are used for encryp­ti­on: By two devices forming a cou­pled sys­tem, a new, com­mon key can be gene­ra­ted at inter­vals of seconds, which can­not be read by exter­nal atta­ckers. It can also be used to crea­te device-spe­ci­fic digi­tal fin­ger­prints.

Dr. Chris­ti­an Zen­ger has the­re­fo­re recei­ved one of ten “Inno­va­tor under 35” awards in Ber­lin for his visio­na­ry tech­no­lo­gy. The Young Talent Award is pre­sen­ted annu­al­ly by the Tech­no­lo­gy Review and honors inno­va­tors who, through out­stan­ding rese­arch, have a decisi­ve influ­ence in their respec­tive fields and have the poten­ti­al to use new approa­ches to shape the future of sci­ence and tech­no­lo­gy in a sustainab­le man­ner.

The com­pe­ti­ti­on was initia­ted in 1999 by the US edi­ti­on of MIT Tech­no­lo­gy Review. Well-known for­mer pri­ze­win­ners inclu­de Mark Zucker­berg, Ser­gey Brin and Dani­el Ek. It is one of the most pres­ti­gious awards for young rese­ar­chers, deve­lo­pers and com­pa­ny foun­ders.
The award was pre­sen­ted yes­ter­day at the Tele­fó­ni­ca Base­camp in Ber­lin.

The ten inno­va­tors under 35 from Ger­ma­ny at the award cere­mo­ny in Ber­lin. (© Hei­se Medi­en)


Outstanding success for young companies

Outstanding success for young companies

PHYSEC GmbH has been awarded the main prize of the largest and most renowned business plan competition in the German digital economy as ‘Digital Start-up 2018’.

At the CeBIT in Hano­ver, PHYSEC GmbH was awar­ded the “Digi­tal Start-up 2018” pri­ze by the Federal Minis­try of Eco­no­mics and Ener­gy (BMWi) as part of the nati­on­wi­de com­pe­ti­ti­on. The pri­ze was awar­ded for the first time and was aimed at young com­pa­nies that have been par­ti­cu­lar­ly suc­cess­ful in imple­men­ting their foun­ding ide­as. The pri­ze-win­ners recei­ved their awards during the “Start-up Talk: Digi­tal Inno­va­tions” con­gress by Tho­mas Jar­zom­bek, the Ger­man government’s coor­di­na­tor for aero­space.

PHYSEC convinces with security for the Internet of Things

PHYSEC could con­vin­ce with the solu­ti­on IoTree, the tech­no­lo­gy for secu­re and user-fri­end­ly encryp­ti­on of com­mu­ni­ca­ti­on bet­ween net­wor­ked devices in the Inter­net of Things. IoTree uses infor­ma­ti­on from the com­mon envi­ron­ment of two devices so that encryp­ti­on can­not be recon­struc­ted after­wards by poten­ti­al exter­nal atta­ckers.

More infor­ma­ti­on about IoTree and pos­si­ble app­li­ca­ti­ons can be found here.

The prize provides growth capital for young companies

The pri­zes of the com­pe­ti­ti­on are endo­wed with a total of 100,000 euros – first place goes to 50,000 euros, second place to 30,000 euros and third place to 10,000 euros each. Other award win­ners inclu­de COMPREDICT GmbH, enve­lio GmbH and RIPS Tech­no­lo­gies from Bochum. The pri­ze money is to be invested in the start-ups as growth capi­tal.

Start-ups from the start-up initia­ti­ves of the Federal Minis­try of Eco­no­mics and Ener­gy can app­ly for the “Digi­tal Start-up of the Year” award. In addi­ti­on to the “Start-up Com­pe­ti­ti­on – Digi­tal Inno­va­tions”, this also inclu­des fun­ding pro­gram­mes such as “EXIST – Start-ups from Sci­ence”. A fur­ther con­di­ti­on for par­ti­ci­pa­ti­on is the genera­ti­on of a mini­mum tur­no­ver of 100,000 wit­hin the past twel­ve mon­ths by the start-ups.

PHYSEC and RIPS Tech­no­lo­gies are two of the award-win­ning com­pa­nies from Bochum – the glo­bal­ly important loca­ti­on for IT secu­ri­ty.

The winners of the competition during the award ceremony at CeBit (©Andrea Janssen)

Novel technology for monitoring nuclear weapons

Novel technology for monitoring nuclear weapons

In the future, this technology might help verify if countries abide by disarmament treaties.

An inter­na­tio­nal IT rese­arch team from Bochum, Prince­ton, and Har­vard has deve­lo­ped a tech­no­lo­gy that faci­li­ta­tes the moni­to­ring of chan­ges in nuclear silos wit­hout having to reveal secret infor­ma­ti­on about the stored wea­pons. In future, it is expec­ted to help veri­fy if coun­tries abi­de by dis­ar­ma­ment trea­ties. The rooms are phy­si­cal­ly moni­to­red with radio waves; a sophisti­ca­ted cryp­to­gra­phic tech­ni­que ensu­res that the pro­cess can­not be mani­pu­la­ted.

As far as rese­ar­chers are con­cer­ned, no chal­len­ge is grea­ter than moni­to­ring nuclear wea­pons: poten­ti­al atta­ckers in this case are ent­i­re nati­ons, rather than small groups of hackers or other cri­mi­nals. The coun­tries have almost unli­mi­ted finan­ci­al resour­ces at their dis­po­sal and have access to sta­te-of-the-art offen­si­ve tech­no­lo­gy.

In the inter­di­sci­pli­na­ry pro­ject, mem­bers of the Bochum-based Horst Görtz Insti­tu­te for IT Secu­ri­ty (HGI) col­la­bo­ra­te clo­se­ly with US-Ame­ri­can col­leagues from Prince­ton Uni­ver­si­ty and Har­vard Uni­ver­si­ty. A report about the work has been published in the sci­ence maga­zi­ne Rubin.

Radio wave map indi­ca­tes chan­ges

In order to iden­ti­fy chan­ges in a nuclear silo, rese­ar­chers deploy elec­tro­ma­gne­tic waves in the radio fre­quen­cy ran­ge. As they are reflec­ted by walls and objec­ts, a uni­que radio wave map of the room can be gene­ra­ted. Every chan­ge – for examp­le if a war­head were to be remo­ved from the sto­rage faci­li­ty – would chan­ge the refle­xi­on pat­tern and could thus be detec­ted. As a result, coun­try A could moni­tor the nuclear silos of coun­try B by reques­ting radio wave maps of the room in regu­lar inter­vals.

Howe­ver, we must make sure that a coun­try can­not gene­ra­te a radio wave map of a ful­ly sto­cked nuclear silo in advan­ce and then con­ti­nues to send it to coun­try A, even after the wea­pons had long been remo­ved,” exp­lains Dr Dr Ulrich Rühr­mair from HGI. To this end, the rese­ar­chers have inte­gra­ted a so-cal­led chal­len­ge into the sys­tem, i.e. a varia­ti­on in the request for a radio wave map bet­ween the coun­tries.

Pre­ven­ting decep­ti­on

In the room that has to be moni­to­red, 20 rota­ting mir­rors are instal­led, which can be remo­te­ly adjus­ted. The mir­rors reflect the radio waves, thus chan­ging the refle­xi­on pat­tern in the room, with each mir­ror set­ting crea­ting an indi­vi­du­al pat­tern. Pri­or to sen­ding the request, coun­try A would arran­ge the mir­rors in a cer­tain way. In reply, coun­try B would have to send the radio wave map of the room with the exact same mir­ror arran­ge­ment to coun­try A. This can be done only if coun­try B mea­su­res the room live with radio waves and the cur­rent mir­ror set­ting every time. Pre­vious­ly recor­ded radio wave maps would be useless.

Coun­try A can veri­fy the reply only if the refle­xi­on pat­terns for a num­ber of dif­fe­rent mir­ror set­tings were mea­su­red and saved when the tech­no­lo­gy was first imple­men­ted.

Mir­ror arran­ge­ment must not be pre­dic­ta­ble

The IT secu­ri­ty rese­ar­chers are cur­r­ent­ly tes­ting the sys­tem in a con­tai­ner at Ruhr-Uni­ver­si­tät, using dum­my war­heads and 20 mir­rors. This set­ting enab­les them to crea­te bil­li­ons of sextilli­ons dif­fe­rent mir­ror arran­ge­ments. “The chal­len­ge is to make sure that the moni­to­red coun­try doesn’t learn to pre­dict the next mir­ror set­ting over time,” says HGI rese­ar­cher Prof Dr Chris­tof Paar. Were this the case, the coun­try could gene­ra­te the requi­red radio wave map wit­hout scan­ning the room anew.

In order to pre­vent this sce­n­a­rio, the IT experts from Bochum deploy an unpre­dic­ta­ble cryp­to­gra­phic pro­to­col to align the mir­rors. “The important thing is to ensu­re that the cor­re­la­ti­on bet­ween the chal­len­ge and the reply can­not be descri­bed by a sys­tem of line­ar equa­ti­on,” says Zen­ger. “This is becau­se such sys­tems are rela­tively easy to figu­re out in mathe­ma­ti­cal terms.” The same app­lies to the phy­sics, i.e. the mir­ror mate­ri­als: their refle­xi­on pro­per­ties shouldn’t be line­ar eit­her.


IT-security for Embedded Systems

IT-security for Embedded Systems

At the Embed­ded World in Nürn­berg, the inter­na­tio­nal lea­ding fair for embed­ded sys­tems, our foun­der and CEO Dr. Chris­ti­an Zen­ger gave a lec­tu­re on it-secu­ri­ty and pro­duct pira­cy in the Inter­net of Things (IoT).

When it comes to the digi­tiza­ti­on of smart pro­duc­ts, inte­gri­ty, con­fi­den­tia­li­ty and secu­ri­ty are often not suf­fi­ci­ent­ly con­si­de­red by manu­fac­tu­rers – alt­hough espe­ci­al­ly pri­va­cy and data secu­ri­ty are con­si­de­red as cri­ti­cal suc­cess fac­tors. The chal­len­ges of deploy­ed secu­ri­ty sys­tems often lie in device authen­ti­ca­ti­on and key estab­lish­ment. Dr. Zen­ger pre­sen­ted an over­view over dif­fe­rent cate­go­ries of key manage­ment and resul­ting advan­ta­ges and dis­ad­van­ta­ges. The goal was to iden­ti­fy a solu­ti­on that redu­ces the secu­ri­ty risk, has a good cost-value ratio and is at the same time fle­xi­ble and long-term ope­ra­tio­nal.

The Internet of Things: At the area of conflict between simplicity and security

At the 13. Pader­bor­ner day of IT-secu­ri­ty Dr. Chris­ti­an Zen­ger infor­med about estab­lished and new secu­ri­ty solu­ti­ons for the digi­tiza­ti­on of IoT pro­duc­ts – ide­al­ly, sim­pli­ci­ty and secu­ri­ty are inte­gra­ted in sui­ta­ble solu­ti­ons. The con­fe­rence took place from 21.-22. March at Uni­ver­si­ty of Pader­born and offers infor­ma­ti­on and expe­ri­ence exchan­ge about chal­len­ges and solu­ti­ons for cur­rent IT-secu­ri­ty-pro­blems.

Digitization and security for the building of the future

At this year’s inter­sec con­fe­rence for net­wor­ked safe­ty engi­nee­ring at Frank­furt, Dr. Chris­ti­an Zen­ger pre­sen­ted new secu­ri­ty solu­ti­ons for the intel­li­gent key manage­ment in the IoT eco­sys­tem.


Solutions for the modern public utility industry

Solutions for the modern public utility industry

With our solu­ti­on for the effi­ci­ent remo­te readout of water- and elec­tri­ci­ty meters, PHYSEC GmbH was pre­sent at the ‘e-world ener­gy & water’ in Essen: LoRa®TLS enab­les the instal­la­ti­on of secu­re and encryp­ted radio com­mu­ni­ca­ti­ons over long distan­ces.

As a holistic solu­ti­on it is the­re­fo­re espe­ci­al­ly rele­vant for public uti­li­ties like muni­ci­pal uti­li­ties. Addi­tio­nal­ly, it is an inte­gral part when it comes to smart city con­cepts.

The pro­ject is con­duc­ted tog­e­ther with our part­ner Gel­sen­was­ser AG and was deve­lo­ped one year ago.

Get to know how PHYSEC has chan­ged sin­ce then and what role the pro­ject took in the pro­cess: