Verifying the integrity of devices, systems and locations.
In 2018, we won first prize at the 7th German IT Security Award for our technology and the development of the Enclosure PUF. The concept enables the integrity of computer systems and their peripherals to be verified by using electromagnetic wave propagation effects.
We present an innovative solution to verify the authenticity, integrity and/or the physical state of an object through electromagnetic wave propagation and physical unclonable function (PUF)-concepts. Especially they enable manipulation tests of bigger structures e.g. commercial computers and their peripheral. Our solution protects secret information without using an attack detection circuit or data erase circuit, known as a difficult and yet unsolved problem. We offer a solution that extends existing chip- or PCB-level tamper proofs and can be easily retrofitted.
What is the project's goal?
Cyber-physical systems increasingly dominate everyday life and are often found in untrustworthy environments in which sensitive data worth protecting are processed. In spite of secure communication, data extraction and/or manipulation is often easily possible with physical access to the components. The aim of our project is to verify the integrity of such systems and to detect attack attempts and initiate appropriate countermeasures.
What is so innovative about it?
The propagation behaviour of electromagnetic waves enables the protection of individual components to be extended to the entire periphery of a system. This enables attacks, such as drilling into an ATM, to be detected. In addition, by deriving cryptographic key material from the unclonable complexity of the environment, protection is created which protects secret information without attack detection circuitry and data erasure circuitry.
Well-known application scenarios are...
• Critical infrastructure systems located in remote places such as transformer stations, wells or sewage works
• Defense and internal security, for example satellites, communication systems of any kind or armories
• Banking, e.g. server and cash dispenser/ATMs
• Industry 4.0, e.g. pay-per-use applications
What is the added value of the project?
Due to its generic orientation, the protection can be used flexibly in size and application and is characterized by the following aspects:
• Cumulative fulfilment of the requirements for the ideal protection of computer systems.
• Extension of security to the entire computer periphery.
• Simple reinitialization of the protection system.
• Consideration of missing power supply and offline scenarios.
• Versatile range of applications and retrofittability of existing systems.
Dr. Christian Zenger is CEO and founder of PHYSEC GmbH. He is born in cologne and came over Bosten to Bochum. Dr. Zenger developes information-theoretical and radio channel-bases security solutions and is inventor of various wireless physical-layer-security procedures for the IoT ecosystem.