The IT-Security Lab introduces itself

Who we are:

Prof. Dr. Patrick Felke,			Frederik Gosewehr, M.Eng.
Cryptologist and specialist for IT-Security			Specialist for Embedded Systems and IT-Security

What we do:

Teaching and Training

• Red- / Blue-Teaming
• Cryptanalysis
• Basic Pentesting
• Professional IT-Training for Business and Industrial Customers

Research

• Crypto-Security and Pentesting, e.g. of wireless protocols like Zigbee or Z-Wave
• Firmware Reverse Engineering
• Symmetric Cryptography

Research Interests:

• Symmetric Cryptography
• Block Ciphers
• Lightweight Cryptography
• Post-Quantum Cryptography
• Multivariate Cryptography
• Boolean functions and more generally all the discrete structures in cryptography, coding theory and applications

A few words on today's importance of IT-Security in academic education

IT-Security plays an increasingly crucial role in everyday life and business. When talking on a mobile or satellite phone, when withdrawing money from an ATM or when buying goods over the internet, it-security plays a crucial role in both protecting the user and in maintaining public confidence in the system. Moreover, cryptography as part of it-security is often an enabler for innovative business models, e.g. iTunes and the Amazon Kindle require strong copyright protection mechanisms. Another example are IoT-solutions like those used in building automation systems (BAS) or for industrial control systems (Industrial Internet of Things, IIoT). Consequently our lab lays its research and educational focus on the analysis of cryptographic solutions, communication protocols (e.g. Zigbee, Z-Wave) and penetration testing.

After the disclosure of the NSA world-spanning spying activities and in the context of Industry 4.0, IT Security and privacy protection has been identified by the German government as a vital topic of the 21st century. Virtually all modern security solutions in mobile and satellite communication are based on stream ciphers. While great progress has been made in designing and analyzing ciphers, fundamental aspects of these ciphers are still not understood. Besides being unsatisfactory from a scientific perspective, the lack of fundamental understanding has a direct consequence on the performance of the ciphers we use. The European Telecommunications Standards Institute (ETSI) and the National Institute for Standards and Technology (NIST) speed up the transition to post-quantum cryptography, i.e. cryptography that resists not only all classical but also all known quantum computer aided attacks¹.

The security of the primitives submitted to the above competition is as well not based on strict scientific reasoning. The situation for these ciphers is even more worse since their security is much less understood as in the case of stream ciphers, which is underscored by many broken proposals. This competition has direct impact for the local industry as security solutions have to be adapted to support this new ciphers. Analyzing the above symmetric and post-quantum ciphers and their embedding in security solutions or protocols as TLS, ZigBee, Z-Wave etc. respectively offers a huge variety of conducting research or projects for bachelor and master students and is one research branch in it-security at the university of applied sciences Emden/Leer.

Moreover more general analysis of security protocols or security solutions is done. These vary from pentesting IT-solutions, pursuing attacks based on buffer overflows and the analysis of whole IT-Infrastructures of companies. The latter is on basis of ISO-27000 (BSI-Grundschutz). This way students get a deeper understanding of it-security and how to employ it in practical applications ranging from classical applications, (e.g. IoT, Industry 4.0, solutions for the government) up to initiating and maintain it-security in companies. As outlined, all topics are clearly very interesting from a fundamental scientific perspective but also comes with a need from practical applications in industry. Capturing the whole field requires skills from mathematics, computer science and electrical engineering but practical experiences. To this end we strongly cooperate with industry, research institutions and authorities national and international.