Cyber-criminals like to use wireless connections in order to steal data or infiltrate networked systems. Only comprehensive protection can keep wireless technologies safe
Cybercrime is currently one of the biggest threats for companies worldwide, as well as a serious problem for every individual computer user.
The current “Economic Impact of Cybercrime Report” from cybersecurity company McAfee estimates that the damage to companies worldwide caused by cybercrime amounts to almost USD 600 billion every year.
“The current situation poses new challenges for us. We are seeing more and more IT security incidents which are occurring at increasingly shorter intervals, and are indicative of a new calibre,” confirmed Arne Schönbohm, President of the German Federal Office for Information Security.
A particular threat is posed by wireless data connections, as they lack the physical protection offered by a line – be it a cable, wire, or fibre-optic cable.
This leads to typical issues for virtually all wireless communication systems. In order for the transmitted information to remain confidential, secure encryption techniques are necessary, strong authentication methods should prevent access to wireless communication systems by unauthorised third parties, and integrity-protection mechanisms should ensure that outgoing information reaches the recipient without having been tampered with.
Not giving the hacker a chance
The most important measure is surely the encryption of data – this way anyone hacking a wireless transmission will only understand gibberish.
The most secure encryption methods use very complicated keys (or algorithms), which are changed regularly for the purposes of protecting the data.
However, digital wireless communication involving sensitive data (i.e. in the context of the Internet of Things or autonomous driving) requires new processes which also remain secure when used with future technologies such as quantum computers.
To address this, the KIF – Cryptography integrating radio data” project carried out by the St. Pölten University of Applied Sciences is developing a new approach.
Instead of a mathematical process to generate the key, radio data is used. “In 15 years at the latest, we can expect quantum computers to have sufficient speeds for practical application.
However, for security reasons, the current processes for object/data authentication and data integrity checking will then no longer be usable.
This is why we’re already searching for a method that is compatible with quantum computers, is based on physical methods, and will remain secure even then,” says Ernst Piller, the leader of the project, as well as the Head of the Institute for IT Security Research at St. Pölten University of Applied Sciences.
The new method is based on generating and distributing cryptographic keys based on measurements of radio channel characteristics for a high-frequency radio transmission.
For both the objects (the sender and recipient respectively), vehicles for example, radio signals as well as reflective echoes of the signal and their delays are measured.
“This pattern comprising the main signal and delayed echoes is random and only identical at the two recipient sites. This can be used to create random data, which is then used for generating the key and cannot be intercepted by potential attackers,” explains Piller.
Secure identities for networked devices
In addition to encryption, preventing unauthorised user access is the second most important part of a secure wireless connection.
Authentication methods can prove and verify the identity of a user against a system. In the Internet of Things, this means that, ideally, every networked device is issued a device identification certificate when it is manufactured in order to determine its identity and to simplify authentication against the service and other devices.
Currently, the highest security standards for automatic data exchange and the protection of sensitive areas are offered by public-key infrastructure (PKI) technologies, which use a cryptographic key pair as well as an electronic certificate to identify and authenticate the user.
Wireless data transfer is not the only thing that needs to be protected
However, depending on the application concerned, security during a wireless data transfer can be far more complex, as illustrated by networked cars.
“Security affects every single vehicle component, which is why not only communication interfaces but also – and especially – safety components such as braking systems need to be protected,” emphasises Felix Bietenbeck, Head of Vehicle Dynamics at Continental.
This is why Continental is tackling cybersecurity on multiple levels. On the first level, the individual electronic system components are protected.
On the second level, communication between the in-vehicle systems is protected. On the third level, all of the vehicle’s external interfaces are protected.
And, on the fourth level, data processing outside the vehicle is protected against theft and manipulation. In the future, Continental will also equip its products with cryptography functions, which can be used to introduce security keys.
The topic of cybersecurity is an asymmetrical challenge, emphasises Dennis Kutschke, Cyber Security Program Manager at Continental.
While Continental has to keep its eyes on dozens of systems, all hackers need to do is identify a single weakness.
“It’s like a never-ending race between the people who want to protect the systems and those that want to hack into them. This is why it is so important to act as quickly as possible whenever any weakness is identified,” says Kutschke.