The digitalization of urban infrastructures is a complex undertaking, taking place in an environment typically ill-prepared for it and facing multiple challenges itself. This applies in particular to cybersecurity and privacy protection in the newly emerging information and communication infrastructures and large data collections. Cybersecurity and data protection are also the keys to the society’s acceptance of the urban infrastructure solutions. At the same time, only when stakeholders approach technology and governance do smart city projects have a chance of success.
SecArch identifies cybersecurity and privacy requirements for urban infrastructures as well as researches criteria for their effective deployment. This is done on the governance, technical and economic level, resulting in processes, structures and an architecture for cybersecurity and privacy of urban infrastructures.

Project Coordinator: Dr. Haya Schulmann, E-Mail

Location-based systems, such as GPS in smartphones and trackers like Apple AirTag and Samsung SmartTag, have become common in our society. However, location data is sensitive and can reveal a person's daily activities and personal information. Previous studies have shown that it is difficult to anonymize location data, as a few common locations are enough to identify an individual.

An intriguing development in the domain of location-based systems involves phone-to-satellite communications.

Given that this is an emergent data transmission medium, it necessitates in-depth research to address associated security concerns, encompassing confidentiality, integrity, and availability. SPLocS aims to evaluate the security and privacy of location-based systems in terrestrial and satellite-based systems, as well as the end-system aspects and their application for location-based services.

Project Coordinator: Prof. Matthias Hollick, E-Mail

The sabotage of pipelines and train lines in Germany has brought attention to the critical communication infrastructures. These include terrestrial and sea-based wired networks, satellite technologies, data centers, and radio masts, which form the backbone of the Internet. Failures in these data-transmitting components can be caused by environmental, accidental, or intentional damages, posing threats to internet access.
Project SecFOCI focuses on fiber-optic critical infrastructures (FOCI), as fiber-optic cables currently play a crucial role due to their high bandwidth, low latency, and cost-effectiveness. The goal of the project is to assess, map, and counter the emerging vulnerabilities of the material internet infrastructure. Questions such as "How are fiber optic Internet infrastructures currently protected and investigated?", "What threatens the functionality of Internet infrastructures and how likely are these threats?", or "What measures can be taken to strengthen the resilience of global and local transmission networks?" are to be answered.

Project Coordinator: Prof. Christian Reuter, E-Mail

Safety and security interact with one another in a wide range of industries, especially in critical urban infrastructures.
An example concerns hospitals where medical records are encrypted by malware: This can disrupt medical treatments, disable medical equipment endangering patients’ lives and thereby compromise safety.
Insecure always means unsafe. Inversely, too much security often impairs safety. Integrating these two concepts and addressing potential implications remains an open challenge. Additionally, keeping the human in a loop is an important contributing factor to the resilience of the system.
SaSec therefore seeks to firstly address the safety dimensions of security-relevant applications developed by other projects of SecUrban and secondly empower humans by visualization and other appropriate measures to promote resilience of the systems as well as encourage secure and safe behaviors.

Project Coordinator: Prof. Joachim Vogt, E-Mail

Through digitization, intelligent cities offer a multitude of advantages and development opportunities for the administration, economy and civil society. However, digitization also increases the attack surface of smart cities and their infrastructure. As attacks and failures are inevitable, concepts are required that increase the resilience of smart cities.

In this context, SeMS provides a simulation and optimization platform that allows stakeholders to “experience” and understand their roles within smart cities. This platform shall then provide a basis for discerning interdependencies between stakeholders and investigating consequences of their decision-making during challenging situations (including attacks and failures) in a safe environment. Ultimately, advancements in this project aim to support city planners and decision-makers alike by supporting them in the planning of resilient infrastructures and the development of problem mitigation strategies.

Project Coordinator: Prof. Max Mühlhäuser, E-Mail

With the increasing militarization of cyberspace as well as proliferation of malware among non-state actors and cybercriminals, urban infrastructures are an attractive target with potentially devastating intended and unintended consequences. Since these heterogeneous infrastructures are marked by a highly automated flow of different services which rely on each other’s functionality, they provide a broad range of attack vectors that are hard to secure.

To reduce the risk of escalating conflicts in cyberspace, SecAttack analyzes these dependencies and develops tools that helps to increase transparency around state-owned arsenals of exploits to incentivize their reductions and foster secure IT systems. In addition, the project investigates knowledge-sharing and open-source intelligence about cyber threats to urban infrastructures.

Project Coordinator: Prof. Christian Reuter, E-Mail

The critical infrastructure Information and Communication is the basis for proper operation of all other critical infrastructures. Smesh considers a break-down of the primary communication system due to ongoing cyberattacks and how backup networks can offer secure and resilient operation, potentially with degraded or delay-tolerant service.
Current secure-by-design network protocols which also protect the availability of communication suffer from abysmal scalability properties and limited DoS protection.
Smesh therefore seeks to investigate latency and reliability requirements for selected critical infrastructures, perform a requirement analysis under a strong adversary, design and implement on this basis a prototype and study the performance of this solution in simulation and practice, including performance under attack.

Project Coordinator: Prof. Matthias Hollick, E-Mail

Smart cities have an increasing number of sensors to measure all kinds of data like weather conditions or traffic density. At the lower levels of a smart city there are even more sensors in the form of personal sensors and wearables. While the aggregation of all these sensors and IoT devices present new vectors of attack, they also provide new chances to generate big datasets to benefit smart cities.

SiAware seeks to leverage these big datasets to detect abnormal situations that can occur in smart cities with methods of machine learning. A particular focus lies on intrusion detection which is a subdomain of the detection of abnormal situations. An enhancement of the possibilities and accuracy of situation awareness in smart urban areas thus leads to enhanced security of infrastructures and individuals. Privacy requirements are taken into account.
The output of this project can also be fed into the design process of new infrastructures.

Project Coordinator: Florian Kirchbuchner, M. Sc., E-Mail