#WeKnowCybersecurity
How can security be achieved throughout the entire lifecycle of smart systems – covering the range from security by design to compliance to EU regulations? Submit your paper by March 9 and take part in the LIFESEC workshop on June 22, 2026, in Messina (Italy) and help to shape the cybersecurity of smart systems.
Modern cars are interconnected systems of software, sensors, and cloud services. As automotive companies divide their work across engineering, production, and backend divisions, cybersecurity risks often fall through the cracks. While standards such as ISO/SAE 21434, the ISO/IEC 27000 family, and the IEC 62443 series provide important building blocks, none fully explain how to align cybersecurity across divisions. Our research at Fraunhofer AISEC reveals the consequences: hard-to-compare risk assessments, unclear communication, and fragmented security strategies. The solution lies in a cross-divisional approach that connects processes, tools, and terminology. Based on a structured analysis of key cybersecurity standards and interviews with experts from six automotive manufacturers, this article contrasts what the standards expect with how organizations work today – and outlines concrete steps to close the gaps.
In the face of growing complexity and regulatory requirements, the security of cloud services is becoming increasingly challenging. However, conventional certification procedures require considerable financial and time investment to meet these requirements. That is why the EU research project EMERALD is pursuing a new approach: It is developing a framework for continuous, automated security certification based on semantically structured evidence. This article will discuss the concepts, methods, and validation approaches of the EMERALD platform.
In this post, we explore the possibility of accelerating the formal verification of classical programs using quantum computers. Common programming errors, such as null-pointer dereference and out-of-bound access, are prevalent sources of security flaws. Our approach involves generating a Satisfiability (SAT) instance from code snippets, which is satisfiable if the undesired behavior exists. This instance is then converted into an optimization problem, solved using quantum algorithms, thus potentially achieving asymptotically polynomial speedup.
Modern manufacturing is rapidly digitizing, unlocking new business models and unprecedented efficiency. While remote operation has become commonplace, machine safety has still required hands-on, local intervention — until now. Our latest work at Fraunhofer AISEC bridges this gap with a secure, authentic remote reset system for safety events, blending future-proof cryptography and robust safety design. Here’s how we’re redefining the boundaries of safe, remote manufacturing.
How can machine learning respect privacy without sacrificing fairness? Discover DPPL, a prototype-based method that provides strong privacy guarantees while boosting accuracy for underrepresented groups. By addressing bias in differentially private models, this approach ensures ethical and inclusive AI development without compromising performance.
In 2016, the National Institute of Standards and Technology (NIST) announced a standardization process for quantum-secure cryptographic primitives. The goal was to find secure key encapsulation mechanisms (KEM) and signature schemes. One unique approach was the PICNIC signature scheme, a scheme utilizing the MPC-in-the-Head (MPCitH) paradigm. This made PICNIC an interesting approach, since its security relies on well researched block ciphers and hash functions. PICNIC was announced as an alternative candidate by NIST. A lot of follow-up schemes based on PICNIC, like BBQ, Banquet, and FEAST, were proposed using different block ciphers and variations on the original construction paradigm. In 2022, NIST announced a second call specifically for signature schemes. MPC-in-the-Head-based signature schemes became their own category, with multiple submissions in this call. This articel explains the core idea and functionality of early MPCitH based signature schemes and how we at Fraunhofer AISEC make use of the concepts.
Deepfakes are a significant threat to democracy as well as private individuals and companies. They make it possible to spread disinformation, to steal intellectual property and to commit fraud, to name but a few. While robust AI detection systems offer a possible solution, their effectiveness depends largely on the quality of the underlying data, simply put: »Garbage in, garbage out.« But how do you create a dataset that is well suited to identifying the ever-evolving deepfakes and enables robust detection? And what constitutes high-quality training data?
Digital certificates like X.509 are essential for secure internet communication by enabling authentication and data integrity. However, differences in how they are parsed by various TLS libraries can introduce security risks. A recent study by Fraunhofer AISEC analyzed six widely used X.509 parsers with real-world certificates. The findings reveal inconsistencies that could impact security-critical applications. In this article, we summarize the key results and explain why companies need to scrutinize their cryptographic libraries.
Cybersecurity threats are evolving, and cryptographic implementations face growing risks from fault injection attacks. Fraunhofer AISEC’s research introduces Impeccable Keccak, a new approach to secure SPHINCS+, a post-quantum cryptography digital signature scheme that has been standardized by NIST in 2024. By leveraging impeccable circuits and ensuring active security, this represents a new approach to fault-resilient cryptography.
