Quantum computers could be able to break the asymmetric cryptographic methods currently in use by 2030, creating a need for quantum-resistant encryption standards. The financial sector faces challenges in transitioning to more agile and hybrid cryptographic protocols due to its many players, different components and regulatory requirements. The project aims to overcome these challenges through the development and application-oriented implementation of protocols that meet the performance and security requirements for different components and regulatory requirements. Furthermore, demonstrators will be created to prove the feasibility of the developed concepts and solutions, migration concepts will show how the protocols can be integrated into existing infrastructures and the security evaluation for components in the financial sector will be prepared during development.
The goal is to develop cryptoagile and hybrid protocols for the EBICS and pushTAN use cases in cooperation with the partners in the network, which take into account the performance and security requirements for various hardware and software components used in the financial sector; DFKI will make a significant contribution here through the formal verification of cryptographic core components. Another goal is to prepare the evaluation of the solutions with regard to security in order to fulfil the corresponding regulations to which the financial sector is subject. In the context of PQC, the certification processes and schemes are currently in the process of being developed due to the still young procedures. The use of new cryptoagile and hybrid protocols in particular complicates the evaluation and certification work, so that early involvement of the actors involved and consideration of the necessary security requirements, e.g. resistance to side-channel and error attacks, is already necessary in the development process.
Partners
- Freie Universität Berlin
- Technische Universität Berlin, Lehrstuhl für Security in Telecommunications
- Ruhr Universität Bochum, Lehrstuhl für Security Engineering
- D-Trust GmbH, Berlin
- Finanz Informatik GmbH & Co. KG, Frankfurt
- TÜV Informationstechnik GmbH, Essen
- Utimaco IS GmbH, Aachen
Prof. Dr. Christoph Lüth
