Sie fragen sich über was wir uns den ganzen Tag den Kopf zerbrechen? Welche Themen uns beschäftigen?
Hier finden Sie eine Übersicht von Themen die bei uns durch die Köpfe geistern.
- Industrie 4.0 (H.-G. Koch)
- Perfide Attacken durch Stegano-Malware laufen seit Jahren weitgehend unbemerkt - und unbeachtet (H.-G. Koch)
- The internet of things: an overview (H.-G. Koch)
- Post-Quantum Secure Cryptographic Algorithms (X. Bogomolec)
- Post-Quantum Secure Cryptographic Algorithms (X. Bogomolec)
- Towards post-quantum symmetric cryptography (X. Bogomolec)
Perfide Attacken durch Stegano-Malware laufen seit Jahren weitgehend unbemerkt - und unbeachtet
Die Fähigkeit, kleinste Informationen in einem Pixel in einem Bild zu verstecken, sind seit einem James Bond Film der 90er Jahre bekannt - und faszinieren auch heute noch. Dass man aber via Steganografie auch Malware intelligent in Rechner übertragen kann ist vielen Nutzern bis heute nicht gegenwärtig. Und kaum jemand tut etwas dagegen.
Die Übertragung von Malware durch Steganografie ist ein Vorgehen, welches seit Jahren erfogreich durchgeführt wird. Doch nur wenigen ist bekannt, wie ausgeklügelt in der Zwischenzeit die Methode verfeinert wurde - und wie wenig dagegen gemacht wird. Über den Alphakanal von Bildern werden intelligente Scripts u.a. In Werbebannern oder Bildern platziert, die sich der Erkennung durch ein Security Tool durch Nutzung einer Lücke im Internet Explorer entzieht. Durch diese Lücke prüft das Script, ob das System in diesem Moment überwacht wird. Ist das nicht der Fall, wird der eingelagerte Schadcode ausgeführt und mittels dreier Sicherheitslücken in Flash als Payload einer GIF-Datei ausgeführt. Somit geraten Trojaner, Backdoors, Spyware und andere Malware gezielt auf den Rechner.
Wo findet so etwas statt? Meist werden Nachrichtenkanäle/-Websites und Banner für Werbezwecke. Also genau dort, wo über 90% aller User bestimmt surfen werden. Stellt das Script allerdings fest, dass gerade eine Sicherheitsanwendung läuft oder in einer VM, tut es nichts - es wartet als Schläfer weiter auf seine Chance.
Bekannt ist seit 2014 bereits ein Produkt, welches Hacker dafür einsetzen: Das Stegano Exploit Kit. Maßnahmen dagegen sind schwierig, Lösungen sind wohl nur durch die intelligente Vorgehensweisen auf Userseite und Installation besserer Sicherheitsanwendungen möglich. Denn, wer verzichtet schon gerne ganz auf Bilder oder Banner in seinen täglichen Nachrichten?
Autor: Hans-Günther Koch, DieDefa GmbH
The internet of things: an overview
Despite security and other concerns, there are many benefits associated with embracing the internet of things
The internet of things (IoT) is a computing concept that describes a scenario where everyday physical objects are connected to the internet and can identify themselves to other devices or processes, via an IP address.
The IoT is significant because an object that can represent itself digitally becomes something greater than the object by itself. No longer does the object just relate to the process; it now connects to surrounding objects and database data, permitting “big data” analytics and insights.
In particular, “things” might communicate autonomously with other things and other devices, such as sensors in manufacturing environments or an activity tracker with a smartphone.
IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems, microservices and the internet.
This convergence has torn down the walls between operational technology and information technology, allowing unstructured machine-generated data to be analysed for insights that will drive improvements.
Consumer IoT took another revolutionary path, either by becoming connected – for example, speed sensors on a bike – or being newly invented. In other instances, such as in healthcare, things have been there but not widely used, such as patient health status.
IoT: countless use cases
There are countless use cases where IoT can be deployed, such as in manufacturing, vehicles and even future cases such as smart cities and energy.
Manufacturing, as an example, has been operating shop floor equipment for decades with sensors that control machine processes, but these sensors have been relatively dumb, have not been IP enabled nor have they been able to communicate beyond their local process.
This situation is changing; manufacturing equipment is now being produced with sensors that are IP-enabled, can communicate with each other, collect and disseminate data in real-time.
There are many benefits to the manufacturer such as: control of product rotation, automate restocking processes, production line monitoring, quality assurance real-time alerts etc.
A smart city is defined as a city that monitors and integrates conditions of its entire critical infrastructure, such as roads, bridges, tunnels, rail, airports, seaports, water, power and major buildings.
With the use of IoT technology, the city planners can better optimise their resources, plan preventive maintenance, monitor security and control emergency response, through advanced monitoring systems and built-in smart sensors with data collected and evaluated in real-time.
Increasingly, there will be a focus on energy consumption behaviour. Because of the volatile nature, such supply demands an intelligent and flexible electrical grid which is able to react to power fluctuations by controlling electrical energy sources, either generated or stored, and by suitable configuration.
A network of intelligent devices and grid infrastructure will be largely based on IoT concepts. The smart grid will be implemented on a type of “internet” in which every energy packet is managed in a similar fashion to a data packet, across routers and gateways that can autonomously decide the best pathway for the packet to reach its destination, based on standard and interoperable communication transceivers, gateways and protocols.
The connection of vehicles to the internet gives the context of the internet of vehicles (IoV) connected to the concept of internet of energy (IoE) that will represent the future trends for smart transportation and mobility applications. Creating new mobile consumer-centric transactions and services will deliver new mobile ecosystems based on trust, security, mobility and convenience.
IoT can play a role in health care with smart devices used for many cases. The elderly or disabled could live independently with fall detection devices and/or physical activity monitoring through body sensors; patient surveillance sensors for hospitals or care homes, smart sensors to control conditions in medical storage units and devices to monitor ultraviolet radiation on people.
How things can communicate
From the operational perspective, smart devices can communicate via several models, such as device-to-device This is where two or more devices can directly communicate with each other through various network protocols, including internet protocol (IP), Bluetooth, Z-Wave or ZigBee. This type of protocol is typically used with low data rate requirements such as light bulbs, light switches and door locks.
Another way of communicating is by device-to-cloud. An IoT device connects directly to an internet cloud service to exchange data. It typically uses wired Ethernet of Wi-Fi connections between the device and the IP network. This type of connection is used by Smart TVs.
Device-to-gateway is a method where the device connects through an application-layer gateway as a conduit to reaching a cloud service. The gateway provides security and other functionality such as protocol translation. A typical use is a smartphone running an app to communicate with a device, such as a fitness band, and relay data to a cloud service.
Finally, back-end data sharing refers to a communications architecture that enables users to export and analyse smart object data from a cloud service in combination with data from other sources. The back-end sharing architecture allows the data collected from a single IoT device data streams to be aggregated and analysed.
Smart devices have used internet protocol, IPv4, that is running low on available IP addresses. This is being replaced by IPv6 that will provide sufficient IP address possibilities for the foreseeable future.
The security, privacy, legal and regulatory implications of IoT
IoT is highlighting a number of security, privacy and regulatory concerns, many of which existed prior to the growth of IoT. A selection of top concerns relating to smart devices include the following:
- Privacy – the clear majority of devices collect personal information through the device, the cloud or the device’s mobile application.
- Insufficient authentication/authorisation – either no passwords or weak and simple passwords.
- Transport encryption – the majority of devices use unencrypted network services.
- Web interface vulnerabilities – persistent cross-site scripting, poor session management and weak default credentials.
- Insecure software – a majority of device software updates not encrypted during download.
- Lack of control and information asymmetry – the generation, storage and sharing of IoT pushed data over which the user has no control and where many IoT devices do not contain an obvious point where the user can give consent.
- Extrapolation of inferences from data and repurposing of original processing – disclosure of information to third parties and the regeneration of data for new purposes.
- Limitations on the possibility of remaining anonymous – wearing IoT devices that are close to the data subjects result in a range of identifiers being available.
Notwithstanding the above concerns, there are many benefits associated with embracing a connected world.
Some of the major opportunities are: sensor-driven decision analytics, process optimisation, instantaneous control and response to complex autonomous systems, tracking buying behaviour for real-time marketing, energy distribution, utilisation and reporting, smart home devices and health care monitoring.
A business must take advantage of useful analytical IoT data for actionable insights to stay ahead of the curve by predicting business trends, reduce operational failures and ensure smooth operations.
With the plethora of IoT devices coming onstream, the business must develop a holistic approach to IoT management, including IoT security, to ensure that IoT is both an enabler and secure.
Business transformation is incorporating IoT and cloud computing is becoming the foundation for IoT data management, hosted by service providers, to reduce the complexities associated with large and diverse data collection pools.
Businesses need to embrace IoT if they want to stay competitive and not fall behind.
Quelle: Bruce Hughes, Senior analyst - KuppingerCole