How can data from networked vehicles be evaluated in a legally compliant manner? And what other applications are there for a highly secure cloud platform? At the first IoT Security Congress organized by the TÜV SÜD subsidiary Uniscon, everything revolved around IoT, data protection and IT security.
The Who's Who of the IT security industry met end of 2018 at the first IoT Security Congress at TÜV SÜD headquarters in Munich. Together with some partners such as Continental AG, Deloitte, Fraunhofer AISEC, the University of Bonn-Rhein-Sieg and the German Aerospace Center, the Munich cloud security experts from Uniscon presented among others the results of the project CAR-BITS.de.
A total of around 150 distinguished visitors took part in the event, including top decision-makers from business, research and politics. The congress was opened by TÜV-SÜD CEO Dr Axel Stepken.
Legally compliant evaluation of car data - CAR-BITS.de
One of the main topics of the afternoon was the data protection research project CAR-BITS.de, funded by the German Federal Ministry for Economic Affairs and Energy (BMWi). The aim of the project is to evaluate data that is collected from the cars in a legally compliant manner and make it available to different application areas through a service Platform.
With respect to this, the TÜV SÜD Data Trust Center may represent a possible candidate for such a platform. According to TÜV-SÜD CEO Division Mobility, Patrick Fruth, "as a ‘trustee’, the Data Trust Center should provide secure, neutral and non-discriminatory access to the data of modern and highly automated vehicles". For this purpose, the data from various vehicle manufacturers could be collected neutrally on the platform and made available anonymously to third parties such as service providers, insurers or authorities.
CAR-BITS.de is based on Uniscon's highly secure big data solution Sealed Analytics, which in turn is based on Uniscon's patented Sealed Cloud technology. The Sealed Cloud provides a set of purely technical measures to ensure that both data and metadata are reliably protected not only during transmission, but also during processing in the data Center.
Between data protection and innovative business models
With its tamper-proof technology, the Sealed Cloud not only makes possible that the evaluation of data collected from the cars comply with data protection regulations, but also enables further critical IoT applications and new digital business concepts. This topic also concerns Dr Frank Försterling, Head of Predevelopment at Continental AG, whose presentation addressed the balancing act between data protection and innovative business models and how to manage it.
New approaches to access control
In addition to the secure infrastructure, access control also plays an important role in the discussion about a secure IoT and, as it was made clear during the event, is in need of a new approach. “The previous paradigm of access control simply means that a decision is made as to who can access data and when," Dr Julian Schütte from Fraunhofer AISEC explained. "This no longer works in the IoT because data is no longer located at only one position, but flows," he said.
The policy system "LUCON" (Label-Based Usage Control) from Fraunhofer AISEC is a software solution that detects data protection violations before they occur. The software classifies data at the place where it originates and determines how it is to be handled. In this way, data protection requirements, for example, can be directly implemented in the technology, as it is done in the project CAR-BITS.de.
"CAR-BITS.de can obtain valuable information from the collected data and make it available. However, this information is no longer personally identifiable," Uniscon CTO Dr Hubert Jäger explained, “since it is not possible to identify a person even when processing the data, Big Data can be used in conformity with law”.