Fachhochschule Dortmund is developing a research environment for IT security and digital forensics that is unique in Germany. The C²PANDA (Competence Center for Packet Acquisition and Network Data Analysis) project is being funded with almost 3 million euros and aims to provide answers to pressing digital security issues.
Cloud services, online banking, digital administration - almost all sensitive data is now transmitted via high-speed networks, which are also becoming ever faster. But this is precisely where a dangerous security gap arises: "Nobody currently knows how security mechanisms behave at extremely high data speeds," explains Prof. Dr. Daniel Spiekermann, who heads the C²PANDA project. "It's like trying to carry out a traffic count that works well in a 30 km/h zone with the same number of personnel on the highway." Prof. Spiekermann teaches at the Fachhochschule Dortmund's Faculty of Computer Science.
Modern data centers are already operating at speeds of 100 gigabits - millions of data packets per second. The new research infrastructure at Fachhochschule Dortmund will be able to achieve eight times this speed: 800 gigabits per second. At such transmission rates, conventional monitoring and recording systems sometimes fail. Attacks remain undetected.
Searching for clues in virtual worlds
To make matters worse, the digital world is increasingly virtual. Computers no longer exist as physical devices, but as software simulations that can be created, moved and deleted at the click of a mouse. "I can no longer plug in a cable to record data because these devices no longer physically exist," explains Daniel Spiekermann, who worked in digital forensics for police authorities before becoming a professor.
This makes forensics a nightmare for law enforcement: how can it be determined whether a cyberattack has taken place if virtual machines can be moved to other countries in a fraction of a second? How can investigators monitor the flow of data when perpetrators operate from the cloud and work at speeds that no system can record?
Prof. Dr. Daniel SpiekermannWhat traces do attackers leave behind at high speeds? How can investigations be conducted when everything is virtual?
This is precisely where C²PANDA comes in: Fachhochschule Dortmund is building a test environment that is unique in Germany, replicating modern data centers and cloud infrastructures in miniature format - and going to the limits of what is technically possible today. Specifically, there are just three server cabinets, says Prof. Spiekermann. But the technology inside is quite something. The high-performance servers enable an environment in which realistic attack scenarios can be played out and new analysis methods can be developed - without endangering real systems. "We want to find out in this protected environment: What traces do attackers even leave behind at high speeds? How can IT security companies determine whether data has been copied? And how can investigations be conducted when everything is virtual?" says Prof. Spiekermann.
Practical research with strong partners
The project is being implemented together with leading companies and authorities: The IT security company G DATA Advanced Analytics from Bochum, the network specialist Neox Networks, Cybersense GmbH from Dortmund and the State Office of Criminal Investigation of Lower Saxony are contributing their expertise and promising detailed findings.
The results will not only benefit science: The infrastructure will also be used as a training environment for forensic scientists and IT security specialists. The methods and tools developed will be published as open source solutions so that small and medium-sized companies can also benefit from the findings.
And what does that mean for each of us?
Even if the technology sounds complex, the effects affect everyone: Anyone who uses online banking, works in the cloud or sends emails is dependent on secure networks. "Most people don't even notice this area directly, but somehow everyone uses it," says Prof. Spiekermann. With this project, Fachhochschule Dortmund is laying the foundations to ensure that companies, authorities and critical infrastructures can continue to be protected from cyber attacks in the future.
The project will run until 2028 and is being funded by the state of North Rhine-Westphalia with 2.95 million euros from the European Regional Development Fund (ERDF).