Security and privacy: Working for data sovereignty and against cybercrime
Bosch Research is developing solutions for the networked world that protect against hackers and preserve privacy.
Digital connectivity is making our homes smart, factories more productive, and vehicles autonomous. All over the world, Bosch is connecting sensors, devices, and machines with users and enterprise applications to make our lives more convenient and work easier. With this positive development comes a great responsibility that Bosch Research is pioneering: we need to ensure the security of our products, services, cyber-physical systems, and Internet of Things (IoT) applications and devices, as well as the privacy of personal and corporate data. In our research projects, we at Bosch Research create the technological foundations for the connected world. We develop solutions that fend off threats from cyberspace and strengthen data sovereignty.
Safety versus security: Closing security gaps — earlier, faster, more precisely
In German, there is only one term for both safety and security — it encompasses both physical-technical security, in other words the safe functioning of products, for example autonomous driving functions, and cyber-physical, information technology (IT) security. The more our products and services are networked via the Internet, the more important the second point, security, becomes. Hackers regularly exploit vulnerabilities in software and hardware systems, for example, to spy on secret data. At Bosch Research, we counter this danger by implementing IT-related security measures in all lifecycle phases of our software. “DevSecOps” in this context is a development paradigm that automates security and integrates it into every phase of product development — from initial design through implementation and validation to delivery. The information technology security of networked products is thus not considered at the end, but rather from the very beginning and throughout the entire lifecycle of the products. The experience gained from the use of the software and the data generated are continuously incorporated into the improvement of the software.
Automated troubleshooting — before and during operation
In software development, troubleshooting does not start when the product is fully developed, but is considered from the very first line of code. With the technology “Automated Security Testing” we identify vulnerabilities in the code automatically during development. One of these dynamic testing methods is “fuzzing” or “fuzz testing”: in order to find errors early in the development process, the software is executed and tested again and again with randomly generated inputs. This allows us to close security gaps ever more quickly and precisely.
At Bosch Research, however, security does not stop at the factory gate: for the secure operation of networked products in the field, we are working on so-called “intrusion detection systems” (IDS). These are systems that can automatically detect attempted cyber attacks from outside based on specific patterns — even if the networked product is already in use by customers. An IDS can be installed as stand-alone hardware in a network or implemented as a software component on an existing system. IDS open up new possibilities for continuously monitoring IT systems (security monitoring), for detecting attacks, assessing the threat situation, and initiating countermeasures. At Bosch Research, we are creating better software solutions for Bosch's networked products.
Another research focus is on “Computing on Encrypted Data” (CoED) technologies. These keep data encrypted during processing. One of these cryptographic methods is “Secure Multiparty Computation” (MPC). It allows multiple actors to perform computations jointly without disclosing the data used. In combination with other encryption methods, it can be used to protect confidential information throughout its lifecycle: during processing, transmission and storage. In digital services, for example, the service provider never gains insight into user data in this way. One implementation of these methods for the cloud is the IT project “Carbyne Stack” initiated by Bosch Research, one of the winners of the German IT Security Award 2022. Carbyne Stack enables a scalable infrastructure for cooperative data processing, for example for large companies or research projects.
Secure data in the smart home and automated driving
So more and more networked products and services are generating more and more data. “Privacy engineering” is concerned with the development of systems that preserve privacy. At Bosch, we are convinced that people themselves should have control over their data. Our research in “Security and Privacy Enhanced Computing Services” (SPECS) aims to take this data sovereignty to a new level. To protect data, Bosch Research is developing a variety of privacy-preserving computing technologies (PPCT). This means that data remains encrypted throughout transmission, storage, and processing. This means they are protected throughout the entire processing chain. At the same time, we can use them anonymously to improve our products and offer users new applications — for the smart home and automated driving, for example. To protect data, Bosch Research is developing a variety of privacy-preserving computing technologies. In this way, we enable intelligent, trustworthy products in all Bosch business sectors. Overall, the protection of personal and company-related data is a core concern for us at Bosch Research. In order to bundle our competencies across Bosch, we have therefore established an internal competence network: the Bosch-internal “Privacy Engineering Guild”. In exchange with internal and external privacy experts from science and industry, its task is to solve current and future privacy challenges across business units.
To achieve the best possible results, we also maintain various collaborations with universities, industry partners, and start-ups.