The key to a secure Internet

This article was published in our newsletter. Sign up here.

researchers have plugged one key IT security hole

Have you ever had the feeling that a stranger is reading your e-mails? Or taking an uninvited look at your private photos? Even the mere thought of it is unpleasant. Regrettably, such IT security holes do in fact exist – and not only in the private domain, but also in the political and economic spheres. Such espionage attacks on computer networks tend to be discovered by chance, but by then the attackers have often already smuggled in malware and siphoned off information thought to be secure: knowledge has fallen into the wrong hands. A cyber-attack in August 2015 resulted in the computer system of the German Bundestag and its more than 20,000 workstations having to be shut down and reconfigured.

“Pass the hash” security hole

One of the gateways into Windows networks is a security hole known as “pass the hash”, discovered by hackers as long as 15 years ago. In attacks of this type malware is used to steal the security codes – known as “hashes” – which authenticate legitimate computer users within the network.

Constant identity checks

Dr Frank Gerd Weber hopes to render such stolen “hashes” harmless in future. At the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt, he has spent the past two years working together with a group of IT experts and engineers to develop a security mechanism called the Hash Guard. The prototype is now ready. Users are provided with a chip card and card reader which allow them to log onto computer networks employing Hash Guard. Hash Guard then transmits a mathematical problem which the algorithm stored on the chip card has to solve, thereby authorizing the user. The process is also repeated every time a request is subsequently made of the computer system, e.g. when e-mails are sent or received and documents are uploaded or opened. The user’s identity is checked automatically time and time again. “This mechanism allows unauthorized access attempts not only to be blocked but also detected early on”, explains Dr Frank Gerd Weber.

Security experts and hackers join forces

The IT security expert believes it is unlikely that the Hash Guard could be cracked even by hackers. “The development process involved IT experts working together who know not only all about how to protect networks but also how to perpetrate such hacker attacks”, says Dr Weber, who has a PhD in electrical engineering. “If both sides contribute their knowledge and agree on a solution, the resulting product will also be capable of resisting external attacks.”

“Volksverschlüsselung” – e-mail security for all

Hash Guard is designed to be a user-friendly solution for protecting Windows computer networks in businesses and institutions. The Darmstadt-based IT experts are also keen to increase security for ordinary people, however. The Fraunhofer SIT is currently working on an app which it calls “Volksverschlüsselung” – people’s encryption. Existing encryption methods are so complicated to implement that the public hardly uses them at all. It is hoped that the “Volksverschlüsselung” app will change this.

 

The Fraunhofer Institute for Secure Information Technology (SIT)

The Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt and Sankt Augustin specializes in IT security. Its more than 160 staff develop tailored solutions for all aspects of IT security. 

www.sit.fraunhofer.de