When we talk about IoT, we can’t ignore the part about IoT Security. Because when we talk about such an inter-related system of networks, security is imperative. IoT security is important so that the developers can protect the data from all kinds of breaches and vulnerabilities.
Founded by Christian Zenger, PHYSEC GmbH is a company that specializes in security solutions for IoT based applications.
In this interview with The Enterprise World, Mr. Zenger tells us more about the inception of the company and its products and services, and their benefits to their customers.
Tell us about the company.
PHYSEC GmbH is a spin-off of the Horst Görtz Institute for IT Security (HGI) in Bochum, Germany. Through a unique combination of applied cryptography and radio-wave engineering, PHYSEC offers innovative security solutions for IoT applications based on latest research results. PHYSEC’s current product “IoTree” is an IoT security service platform, which uniquely provides provable secure physical statements of complex 3D objects. In other words, we can remotely assess the physical integrity of an entire IoT device including its periphery. Examples for this are devices in unsecure operational environments, such as, edge server, charging stations, ATMs, card reader, and so on as well as devices or machines in semi-trustworthy pay-per-use business models. Furthermore, IoTree enables highest protection for the secure communication challenge in the IoT. IoTree enables asset discovery with an effective monitoring system for IoT devices. All information about device identity and key management are available with real-time visibility and control. Communication security includes data security through mutual authentication and end-to-end encryption including key provisioning. Therefore, with IoTree we are able to answer the following question for the first time. How can applications that consist of both digital and physical components, as they become increasingly important in the context of the IoT, be secured?
PHYSEC extends the IT-security to cyber-physical security, which considers the entire system level and therefore enables secure processing in less-secure operational environments.
Providing physical-layer security for infrastructure components and IoT-devices is the key security challenge for rising markets. Edge computing (5G), sensors and infrastructure in untrusted environments and many more use cases can be captured by this technology. Device security is achieved due to PHYSEC’s proprietary hardware modification detection modules, which are the focus of this project. Since its foundation, PHYSEC has received widespread recognition, e.g.: founder Christian Zenger is one of the winners of the MIT Innovators Under 35 Europe 2018 awards (category: Pioneers); PHYSEC has been awarded the prize as ‘Digital Start-up 2018’ by the most renown business plan competition of the German digital economy and PHYSEC won the 1. Prize of the highly decorated 2018th German IT Security Award.
What were the initial challenges you faced?
The IoT paradigm, ubiquitous computing, and edge computing heighten the security risk because they involve distributing compute and storage processes away from one centralised location to a higher number of dispersed locations and endpoints, all of which must be secured. Because these distributed locations are more likely to be exposed to shared or unauthorised physical access, it will be much harder to guarantee the security of any data that is held across this less secure environment. Furthermore, since secure communication becomes a standard, adversaries will be more and more forced to attack the hardware. This makes supply chain security, countermeasure against hardware Trojans, and the overall physical integrity to hidden, but fundamental, topics of our knowledge society.
Hence, a transition from the reactive “prevent & protect” security paradigm to a proactive “detect & respond” approach is necessary and possible. PHYSEC extends the IT-security to cyber-physical security, which considers the entire system level and therefore enables secure processing in less-secure operational environments. Our Physical-Layer Intrusion Detection System discovers hardware modifications even after the fact (a system was attacks in an offline status), which includes a crucial paradigm shift in the international security market.
Which was that point that triggered the growth of the company?
As a spin-off of the Horst Görtz-Institute for IT-security PHYSEC’s first revenues are generated through design, implementation and integration of tailor-made IoT security solutions. Fundamental requirements were identified in the context of these customer projects. In combination with our research results, we were then able to develop products that are precisely tailored to the needs of customers and at the same time reflect the latest research status. Specifically, we did this with our first product, IoTree – an IoT security platform, about 3.5 years ago, which made the first significant growth spurt possible. At the beginning of this year we finished our second product, a remote manipulation protection for IT and IoT devices, and we are now launching it on the market. As a result, we expect further strong growth in the near future.
How have the company graphs changed since the foundation? Can you share a few statistics?
What is the reason behind your company’s long-standing success?
We are now the fifth year on the market and have been able to achieve strong growth on the sales side with simultaneous intensive product development and improvement. These two aspects are fundamental to the success to date and should also form the basis for further growth. In particular, the investments in our products over time are crucial to enable scalable and sustainable success.Added to this is the technological edge that we have thanks to our strong research background. The associated network enables the latest findings to be taken into account directly in our own product development.
Excellence in engineering or if not in engineering: complementing the team in harmony.
What are the products/services the company focuses on? How are your services different from those in the market?
Our innovation is based on a universal 3D interior sensor that measures electromagnetically unique physical structures on a mesoscopic level (~100 µm). Therefore, it provides unclonable and unpredictable fingerprints as well as detailed information of the physical state of 3D objects. We combined this sensor with a cryptographic protocol, which we call Virtual Proof of Reality, to proof physical statements remotely and in a provable secure manner. Because we recognize IT security as the largest initial market, we recommend our technology as a basic building block for secure cyber-physical systems and applications, such as, edge computing and Internet of Things. With our technology, we can secure complex and semi-trustworthy supply chains as well as appliances, which are installed in higher number of dispersed and unprotected locations. However, decentralized authorities are crucial for the digital trend towards 5G, autonomous cars, crypto currencies and networked medical implants. Unfortunately, current cyber security measures are dangerously ineffective against well-organized adversaries, as can be seen from the almost weekly reports about attacks. Thus, we tackle an important and so far, unsolved security problem, which will be the fundament of the rise of the digital society.
How do you decide to take the company a step further in terms of your products/services?
We completed the second version of the hardware platform of our solution at the beginning of the year. Due to the significantly reduced form factor and the reduced power consumption, we can now address significantly more applications and offer the hardware at a very attractive price. The expansion of the protection level to the system level at a lower price than solutions at the chip level have been major achievements in recent years. in the near future it will be particularly important to carry out minor optimizations and to focus on commercialization.
Is there any new addition to the list of products/services? Anything exciting you would like to share?
In the next few weeks, we will present our new front end of the platform, which in combination with the new hardware version represents a complete relaunch of the first version of our product. In addition, we have some exciting features in our development pipeline that we will be presenting over the next few months via our website and social media channels. So, it remains very exciting!
How do you look after your employees? What makes your team unique?
- Excellence in engineering or if not in engineering: complementing the team in harmony.
- Intelligent with respect to the field
- Strong motivation that strongly aligned with personal and company goals.