TUM Logo

Certificate Transparency for Third-Party-Operated Industrial PKIs

Certificate Transparency for Third-Party-Operated Industrial PKIs

Supervisor(s): Michael Heinl, Adrian Reuter
Status: open
Topic: Others
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Master’s Thesis
Certificate Transparency for Third-Party-Operated Industrial PKIs
As one of the leading research institutes for applied and integrated security, Fraunhofer AISEC operates laboratories in the field of industrial security. To research the security of industrial automation and control systems (IACS), one of our laboratories is equipped with a fully functional production line.
An on-site public key infrastructure (PKI) for the production line was implemented to experimentally investigate certificate-based defenses for IACS.
However, in practice, asset owners and device manufacturers rely on hybrid or even fully outsourced PKIs for their IACS and/or components. While this can be a cost-effective and superficially secure approach considering the experience such providers usually have, questions regarding trustworthiness and control mechanisms to maintain the owner’s / manufacturer’s sovereignty arise.
For the WebPKI, such a control mechanism is realized by Certificate Transparency (CT), enforced by the major web browsers. Can CT or a similar mechanism also help owners/manufacturers of IACS?

Answering this and related questions is the goal of this thesis. First, an in-depth analysis of CT, its ecosystem, empirical use cases, and related technologies has to be conducted. After this preliminary research, a domain-specific concept for certificate transparency has to be developed, giving asset owners and manufacturers tamper-resistant visibility over their PKI - even if it is operated by a third party. Last but not least, a proof of concept to evaluate the results has to be implemented.

• Self-initiative and the ability to work in a self-directed way;
• Knowledge in the field of security;
• Programming experience, ideally with devices such as Raspberry Pi, Arduino etc.;
• First experiences with (the security of) automated and interconnected industrial environments (Industrie 4.0) and/or digital certificates / PKIs would be ideal but are not a must.

Please attach a current grade sheet and a short CV to your application.

Michael Heinl,  Adrian Reuter
Phone: +49 89 322-9986-125,  Phone: +49 89 322-9986-1001
E-mail: michael.heinl@aisec.fraunhofer.de

E-mail: adrian.reuter@aisec.fraunhofer.de

Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security
Lichtenbergstraße 11, 85748 Garching near Munich, Germany