Nuremberg. How do IT security solutions become suitable for everyday use? Which updates are really necessary? Does my company have an IT emergency plan? What data does my smart home device or smart phone store and disseminate about me? On October 5, 2022, the unique research project ForDaySec will be launched at Friedrich-Alexander-Universität Erlangen-Nürnberg. The Bavarian research network will devote four years to the goal of bringing security to everyday digitization.
The unique selling point of “ForDaySec” is the targeted, interdisciplinary research into novel technical procedures for the cyber security of private households, small and medium-sized enterprises (SMEs) and public administration. With this goal in mind, “ForDaySec” researches not only solutions for increasing security for hardware and software, but also special security concepts that should be easy to use without special knowledge and at the same time take into account aspects of technical data protection. The research also includes legal studies on update obligations and sociological studies on the use of technology in everyday practice. The group is co-chaired by Prof. Dr. Stefan Katzenbeisser from the University of Passau and Prof. Dr.-Ing. Felix Freiling from the Friedrich Alexander University of Nuremberg.
“Cybersecurity plays a key role in our free society,” emphasizes Markus Blume, Bavarian Minister of State for Science and the Arts, in connection with the funding of the research network. “Digitization is permeating all areas of life. At the same time, the threat of criminal attacks on the digital infrastructure is growing dramatically. That is why we are funding the Bavarian research association ‘ForDaySec – Security in Everyday Digitization’ with around 3.3 million euros. This is a forward-looking investment in the functionality and competitiveness of Bavaria as a high-tech state.”
Five universities in Bavaria are involved in the joint project with eight subprojects. Here, computer scientists, sociologists and legal scholars, among others, work together and research how cybersecurity can be anchored in the breadth of society. The Bavarian State Ministry of Science and the Arts is funding the network with 3.3 million euros over a period of four years. “We see ourselves as a nucleus for answers to complex IT security challenges that can be implemented in everyday life. To make everyday digital life more secure, we want to lower the barriers to using IT security techniques. It is precisely through our interdisciplinary approach that we will generate new knowledge to solve socially relevant problems,” says Felix Freiling, co-spokesperson of the ForDaySec research network and professor of computer science at Friedrich Alexander University Erlangen-Nuremberg.
ForDaySec’s research focuses on four cross-cutting themes, whose questions have an impact on the subprojects:
1. Awareness: What education and knowledge transfer are necessary and how can complex IT security content be explained? Are there IT security mechanisms that run automatically without affecting the usability of the systems?
2. Updateability: Regular updates are crucial for IT security, both for software and IoT devices. What legal risks can arise if updates are not carried out? And what does that look like for devices in the low-price segment?
3. Security show case: The aim is to develop a demonstrator that makes it possible to test and evaluate research results in realistic scenarios.
4. Everyday Social Practices: How do people deal with smart devices and security infrastructures in their private everyday lives? How do small and medium-sized enterprises, large companies and organizations deal with existing security infrastructures?
The eight subprojects are being worked on in these five Bavarian universities:
Friedrich-Alexander-Universität Erlangen-Nürnberg is involved with two subprojects. Prof. Dr.-Ing. Felix Freiling and Dr. habil. Zinaida Benenson are creating a technical privacy analysis of app-controlled Internet of Things devices. In another subproject, Prof. Dr. Sabine Pfeiffer is investigating the everyday practices of users, their competence in dealing with everyday digital devices, and their institutional and organizational embedding.
The speaker University Passau contributes three subprojects. Prof. Dr. Stefan Katzenbeisser is investigating how vulnerable immutable terminals can be subsequently encapsulated and monitored. Prof. Dr. Joachim Posegga and Dr. Henrich C. Pöhls are researching how devices of the so-called Internet of Things can be securely integrated into home and corporate networks using encryption techniques. Prof. Dr. Thomas Riehm examines update obligations and rights of software manufacturers and distributors.
Prof. Dr. Claudia Eckert of the Technical University of Munich is investigating how insecure Internet of Things devices can be integrated into secure corporate infrastructures without risk.
At the Otto-Friedrich-University of Bamberg, the subproject of Prof. Dr. Dominik Herrmann investigates how the data protection competence of software developers can be strengthened by means of software components and training environments with a focus on usability and explainability.
The University of the Federal Armed Forces Munich is an associated partner of the network. Prof. Dr. Johannes Kinder is researching how firmware components can be hardened without the support of the manufacturer.