04/2019 – 03/2021
Objective of the project: To demonstrate an IoT system that takes end-to-end security in terms of confidentiality and integrity to the next level as required for future digital applications.
Potential applications can be found in a variety of domains. The focus here will initially be on two specific implementations: a privacy-friendly dashcam for cars and video recordings of technical tests or inspections in the field of critical industrial infrastructures. The infrastructure to be created for privacy-compliant access to the sensitive data will itself become a critical infrastructure, posing particular challenges for IT security.
The objective of the Privacy BlackBox project is to enable secure storage and evaluation of sensitive data, especially videos, in compliance with data protection regulations. Possible applications can be found in a variety of domains. The focus here will initially be on two specific implementations: a privacy-friendly dashcam for cars and video recordings of technical tests or inspections in the field of critical infrastructures. The infrastructure to be created for privacy-compliant access to the sensitive data will itself become a critical infrastructure, posing particular challenges for IT security.
Quality assurance in the form of technical inspections and controls by appropriate inspection bodies is indispensable for safe operation of critical infrastructures. In the field of IT security, ISO 62443 is establishing itself as the standard. However, due to increased integration of previously “unintelligent” components, the IT security of components cannot be viewed in isolation and holistic functional tests of complex systems must also be carried out and verifiably recorded. The data collected, for example in the form of image, sound, and video recordings, can be used to eliminate identified defects or to identify malfunctions or accidents and is therefore of great value both for the operator of the infrastructure concerned and for the verifier. At the same time, such data is often a trade secret that must not fall into the hands of unauthorized third parties, which is why it needs to be protected from unauthorized access and tampering.
Image and video data collected in public spaces, in road traffic or during technical checks and inspections may also contain personal data. Particularly in Germany, a keen awareness of data protection as an essential component of personal freedom and of a democratic society governed by the rule of law has become established and has grown over the years. It is in the interest of each and every member of our society to carefully preserve and protect this awareness. For this reason, despite its undoubted usefulness, such data must not be collected and stored without restrictions. Thus, privacy concerns must be regarded as the decisive inhibition threshold for the evaluation of sensitive data.
There is currently no technical solution available for the problem described; instead, the benefits of data evaluation must be forgone in many cases. In this research project, the technical potential that comes with the current state of the art will be unlocked and expanded to create technical resources for reliably protecting sensitive image, sound, and video data from misuse and only permit evaluation for specific purposes and on specific occasions in justified individual cases. In addition, access must be logged transparently and digital signatures will be used to detect falsification of data. These properties can only be fulfilled by an infrastructure that combines innovative use of multiple components and technologies. In particular, the application of suitable encryption algorithms and protocols, trusted computing techniques for increasing system security, and secure key generation and storage are planned. This technical implementation will help companies to expand and deepen existing business scenarios and open up new business models and markets. When developing new approaches in this area, it is important to duly consider compliance with the applicable German and European legislation.