Cybersecurity research is a “technological prerequisite” for addressing the numerous disruptive challenges brought on by the rapid progression of the digitalization of society. That sentiment is the basis for a comprehensive cybersecurity research project that has led to the development of the SecUnity-Roadmap, Cybersecurity Research: Challenges and Course of Action. SecUnity is a joint project organized by five institutions focused on IT security research. A total of six research institutes with seven groups participated in the SecUnity project.

The roadmap, which was officially released in Brussels on February 5^th, was the creation of approximately 30 European researchers from academia and industry, who have collaborated on the project since early 2016. Over that period, the researchers exchanged their expert points of view on the pressing problems over the course of several workshops and integrated their consensus into the roadmap.

According to Joern Mueller-Quade, Spokesman of SecUnity and one of the co-authors of the roadmap, the researchers agreed “that effective security and privacy measures require a systematic and holistic approach which considers security and privacy from the ground up.” Professor Mueller-Quade, Director, FZI - Research Centre for Information Technology, & Professor, KIT Karlsruhe Institute for Theoretical Informatics (ITI), is also well known to Wibu-Systems as one of the collaborators on the Blurry Box cryptography project which produced the revolutionary encryption mechanism that has been incorporated into Wibu-Systems CodeMeter Protection Suite.

The traditional and new cybersecurity research fields and challenges examined by the group included securing cryptographic systems against emerging attacks, trustworthy platforms, secure lifecycle despite less trustworthy components, quantifying security, IT security and data protection for machine learning, and big data privacy. Each area underwent a thorough examination of potential and real-world scenarios. The roadmap also provides recommendations for courses of action to achieve short, mid-, and long-term goals in each area.

While Wibu-Systems is involved in many aspects of cybersecurity, one particular area of interest to us in the roadmap was the discussion around trustworthy platforms. The researchers noted that the long-standing concepts of perimeter-based security architectures with well-defined trust boundaries used in IT security up to now have been outgrown by the reality of today’s digital transformation. They pointed out that even on single devices, multiple (potentially untrusted) third-party applications are integrated and interact with each other. Such interactions occur inside smart phones as well as in virtualized cloud data centers and, in the future, will be found in smart factories and other critical infrastructures. They concluded that to address these rising challenges, it is necessary to reliably assess the identity and integrity of each involved entity and then to provide strong means for data secrecy and privacy using hardware-based trust anchors such as Trusted Platform Modules (TPMs) which would enable the design and integration of trustworthy applications and protocols.

To broaden our support for secure elements in connected devices, Wibu-Systems joined the Trusted Computing Group (TCG) in 2016, a not-for-profit organization, formed to develop, define, and promote open, vendor-neutral, global industry standards, supporting a hardware-based root of trust. In cooperation with the TCG and its member organizations, our CodeMeter hardware secure elements now support TCG specifications which will streamline software licensing to all TPM 2.0 users.

At the upcoming Embedded World 2019 meeting in Nuremburg, Feb. 26-27, we will participate with two other TCG member companies, OnBoard Security and Wind River, and demonstrate solutions for IoT and embedded security based on TCG specifications and technologies with a root of trust. One part of the demonstration will explain how to manage licenses with CodeMeter using TPMs as alternative safe repositories for encrypted code keys.