DeepSec 2019 Press Release: High-quality Randomness protects Companies
The ‘bugs’ of the’ 90s are still alive – hidden in IoT devices, integrated systems and industrial controls. Modern information security can’t manage without mathematics. It is less about statistics in the form of operational data or risk analysis. It’s about cryptography, which is constantly used in everyday life. It uses elements that build on high-quality random numbers to protect information from attacks. This year’s DeepSec Security Conference addresses key aspects of product implementation – data protection during transport and storage.
Protecting the Digital Transformation
Whether “intelligent” bulbs and illuminants, heating or building controls, tv-sets, industrial plants or entire production lines – the digital transformation covers all areas of our lives and leads to changes.
On the one hand, digitization opens up opportunities such as the optimization of processes, the more efficient use of own and external resources, the networking of value chains or digital maintenance.
At the same time, however, there are risks that should not be underestimated. Ensuring data security and authenticity as well as compliance with required security standards present many companies with major challenges. Cryptography and the associated protection of cryptographic keys play a fundamental role – who owns the keys is in control.
At this year’s DeepSec Security Conference in Vienna, experts from sematicon AG are ready to show the risks and dangers of current implementations. In addition, they will use practical examples to prove that there are suitable and simple solutions and tools for all areas of this new technology in order to drastically increase security through the use of strong cryptography. Such implementations don’t have to pass up on usability or maintainability. As a side effect, properly implemented solutions even increase speed and save power, which is of great interest for decentralized, battery or solar powered systems.
Why you should leave IT Security to Chance
Since Edward Snowden’s reports on the pervasiveness of communications surveillance, the use of encryption on the Internet has greatly increased. Hardly a well-known website still does without it. Encryption is also indispensable today for systems beyond the desktop, from intelligent sensors to large industrial plants. These keys must be generated randomly, so they can not be easily guessed. High quality random numbers are necessary. Randomness is not a “function” of a software solution, but uses special physical effects to ensure a high quality of the random numbers. If they could be guessed or comprehended the calculation of the key is not far away. The generation of the keys worth protecting is based on the principle of qualitative randomness – also known as entropy. If you need a lot of keys or you want to increase their quality, you are looking for suitable sources such as hardware security modules, also known as hardware security modules (HSMs).
At this year’s DeepSec Security Conference in Vienna, in cooperation with the Munich-based company sematicon AG, it will be shown that there are suitable solutions for all areas of technology, and that the fear of using it in one’s own company is unfounded.
Side Channel Attacks – or how to extract Crypto Keys from protected Hardware
During the DeepSec conference sematicon AG will show, among other things, how easy it is to gain access to entire company networks with Microsoft® Windows on-board tools and an incorrectly configured PKI, or how to extract cryptographic keys from supposedly protected IoT or embedded devices and thus can manipulate the firmware. In this way simple household appliances such as incandescent lamps become a gateway for hackers. It will also briefly be discussed how secrets of industrial equipment can be obtained if security has not been properly implemented from the beginning. These are by no means specially prepared systems, but rather classical implementations as they are found in the economy. It is not about “live hacking”, but about the technical expertise of crypto experts who have been working in the industry for many years and have a wealth of experience. This demonstration is intended for anyone who needs to install secure data transmission in their own infrastructure, no matter at what level.
Cryptography made easily accessible
Despite the thematic part of higher mathematics, the DeepSec Conference and the sematicon AG are concerned to communicate the importance of the methods and technologies used for practical use to a broad professional audience. The demonstrations and lectures are aimed not only at technicians, but also at project managers, managers and designers of products. All levels should be integrated as information security is an interdisciplinary undertaking. Fear of the matter is therefore completely unfounded. The lectures and events during the conference offer several ways to get started and to further training through exchange with experts. Take advantage of this opportunity.
Schedule and Booking
The DeepSec 2019 conference takes place on 28 and 29 November. The two-day DeepSec trainings will take place on the two preceding days, 26th and 27th November.
The venue for the DeepSec event is The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
Tickets for the DeepSec conference itself and the trainings can be ordered at any time at https://deepsec.net/register.html.