Strategy: Security Operations Center

One of the largest media houses in Germany, the NOZ / mh:n media group with over 3000 employees, pursues a multi- cloud strategy, wherein the security of the operational business of print and online publishing enjoys the highest priority. We analyze the security properties of the cloud services and applications used by NOZ / mh:n and develop a strategy for operational IT security. At its core lies the conception of a Security Operations Center (SOC) in the distributed IT landscape. We develop a planning methodology for the tasks of a distributed SOC and the integration of appropriate service providers, draft a statement of work and accompany a provider selection.

Read our case study.

Planning Security Operations Center
ZIM Projekt: Wissensbasiertes Systemmonitoring

Innovation and Funding Acquisition

A medium-sized IT service provider has been providing competent services in the field of system monitoring and maintenance for years. In order to make the existing knowledge and know-how usable, we develop the idea for the innovation of knowledge-based system monitoring. The core concept - predictive detection of technical incidents and automated provision of a comprehensive knowledge context on an incident - leads to significant increases in efficiency for the technical service staff.

We identify the Zentrale Innovationsprogramm Mittelstand of the Federal Ministry of Economics as a suitable source of funding for the project and comprehensively support the customer in the successful grant application. We accompany the SME throughout the implementation of the project until completion and further develop an exploitation and market launch concept for the emerging technology.

Research Project: TrustProp

Research: Trustworthy IoT Devices

Securing the myriad of different connected devices is critical to the success of the Internet of Things (IoT). Together with our academic partners from the Research Group for Network Security, Information Security and Data Protection of the Frankfurt University of Applied Science, we carried out research and development projects in the field of IoT security. Goal of the project TrustProp, funded by the Federal Ministry of Economics as part of the Zentrales Innovationsprogramm Mittelstand, was to ensure the trustworthiness of IoT devices and towards other participants in the IoT network (Trust Propagation). Core elements of the innovative TrustProp technology are:

  • Virtual representation of devices on a trusted edge gateway
  • Policy-based filtering of IoT communication by the gateway
  • Trusted Computing Technology (RIoT) for attestation of device states
  • An authentic, global inventory of device states on the blockchain

Technology: Smart OpenID

Federated Identity management (IdM) has great potential for application on small foot-print mobile devices and is attracting much attention in industry and standardization. Smart OpenID is a method for Single-sign-on (SSO) to web services using OpenID authentication with mobile devices, which combines ease of use, efficiency, and scalable security.

OpenID has been adopted by major industry players as a preferred IdM protocol. However, the wide range of use case scenarios that can emerge if key OpenID functions are smartly distributed across the mobile network infrastructure, devices, and smart cards, has been explored by Novalyst IT as a world-wide leader.

Benefits of Smart OpenID

Distributed implementation of OpenID entities enables security to be scaled with improved network efficiencies. We focus on the concept of partial representation of OpenID authentication server functions on a Smartcard or a UICC or other secure element. This has immediate benefits to mobile operators, service providers, and users. Operators can address new business opportunities by exploiting their existing infra-structure for accounting and charging with minimum CAPEX for deployment. Service providers benefit from enhanced trust and a large user base without catering for special ‘mobile network’ access capabilities. Users gets a seamless and secure federated log-in experience for mobile services, with control over the smart card and device located credentials – providing greater incentives to participate in the rich mobile Internet experience.

More details can be found in our paper at the 27th IFIP SEC Conference and our Whitepaper. See also the related patent.

Smart Card Based OpenID