IT everywhere– security nowhere? Secure solutions for societyand businesses

3

Become a leader in solving society’s digital challengesThe Alexandra Institute’s Security Lab brings business and academia together on the topic of IT security.

We focus on technological trends such as Internet of Things, cloud computing, mutual computing and privacy.

We offer our customers and partners access to a wide range of core competences. These include hardcore technology, applied cryptography, design of security solutions and an understanding of how IT security can be a business catalyst.

Get ahead of the market! We are your shortcut to business growth...

SECURE SOLUTIONS FOR SOCIETY AND BUSINESSES // IT EVERYWHERE – SECURITY NOWHERE?

4

The Alexandra Institute is a research and innovation company specialised in pervasive computing, includ-ing IT security.

In many organisations, the quality of data security poses the biggest threat to the business. More and more organisations are also facing an increasing number of challenges and requirements in relation to identity management and login services.

Data security is imperative in IT systems. Therefore, the development of secure solutions for handling sensitive information must have very high priority. If you want to protect your organisation and your customers against intruders, we provide state-of-the-art knowledge on security and privacy. If you collaborate with us, you will be able to offer the best solutions to your customers, while at the same time complying with both national and international data protection laws.

Protect your business and your customers

Kamstrup securesinternational saleKamstrup develops smart meters and other smart grid components for the international market.

On a number of markets, there is an increasing requirement that such products be secure, i.e. Common Criteria certified or able to provide documentation of security properties or security level. It can, however, be costly to obtain this type of documentation and certification.

The Alexandra Institute gave Kamstrup an internal knowledge update on IT security. We also performed a thorough security analysis of their product and helped develop solutions that address specific security issues.

Moreover, the Alexandra Institute took part in preparing a security analysis of Kamstrup’s smart meters.

CASE

5

Societal commitment andsecure solutionsWe contribute to the social debate and to interna-tional research projects. In doing so, we continuously build up new knowledge about existing and future issues and opportunities in relation to IT security. The Head of our Security Lab is a member of the board of Rådet for Digital Sikkerhed – a Danish strategic coun-cil for digital security.

Based on our competences, we help public and private organisations to understand and solve security issues in intelligent production facilities and software applications.

By working with the Alexandra Institute’s Security Lab, your organisation will be able to ensure that the setup of existing and new IT systems is in line with business requirements as well as data protection laws.

Energinet.dk provides secure access to data Energinet.dk is operationally responsible for the power infrastructure in Denmark, including the so-called DataHub.

The purpose of the DataHub is to collect meter data from all power consumers in Denmark in one database. The database is made available to users and players on the power market. A key element in the DataHub is the management of data access, as the data must be available to both common citizens and professionals through a variety of use cases. It has been of paramount importance to provide a secure solution that protects both personal data and the overall infrastructure.

The Alexandra Institute’s Security Lab has performed a security analysis of the DataHub and proposed a number of changes. Today, the Alexandra Institute acts as security adviser to Energinet.dk in relation to the further development and completion of the DataHub.

SECURE SOLUTIONS FOR SOCIETY AND BUSINESSES // IT EVERYWHERE – SECURITY NOWHERE?

CASE

6

Secure your business andpersonal data

Sepior protects your cloud data against hackingTogether with the Alexandra Institute’s cryptographic experts, Sepior has developed the first product that protects data in file sharing services, such as Drop-box, by making it easy to manage the cryptographic keys that are needed for encrypting data.

With this solution, IT managers can allow their staff to use the popular services on many different devices without having to worry about IT security.

The solution is based on secure Multi-Party Computation (MPC). The Alexandra Institute and Aarhus University are world leaders in this technology.

Nobody wants to wait 10 seconds for the file to appear on the screen. We can encrypt data so fast that the user will not feel any significant difference. We are the first in the world to do so. – Nicolaj Højer Nielsen, Sepior.

We help protect your business against unpleasant surprises when it comes to managing sensitive data. We also ensure that the implementation of flexible, modern solutions is not hampered by lack of knowl-edge about state of the art.

The Alexandra Institute provides documentation of the security properties and security level of your company’s solution. You can use this documentation towards customers, suppliers and other business partners. We perform an independent description and assessment of your IT system based on prior scoping and dialogue with you.

CASE

SECURE SOLUTIONS FOR SOCIETY AND BUSINESSES // IT EVERYWHERE – SECURITY NOWHERE?

7

iLocator offers a management and collaborative platform for maintenance of infrastructure assets. The company’s customers include for instance public authorities.

When iLocator wanted to go international and upscale their business, it was vital that all aspects of IT security were thoroughly mapped – for example in relation to payment solutions – and that the system architecture of their website was state-of-the-art and able to handle the expansion.

The system expansion was ambitious and required new state-of-the-art technologies to be integrated. The Alexandra Institute performed an architectural review of the existing infrastructure, including the requirements for an online payment solution.

These activities were followed by the design work headed by the Alexandra Institute. During this phase, the system architecture and the implementation were tailored for the planned expansion, including the international payment solution. The Alexandra Institute also provided advice and assistance in connection with customer implementation test.

The Alexandra Institute performed penetration test based on GIAC and OWASP and analysed the source code for vulnerabilities and susceptibility to attack, e.g. password management, SQL injection, XSS, CSRF, session management, logging, auditing, error management, input validation, to mention but a few.

CASE

iLocator managesinternational payments

8

We provide...• Analysis of your organisation’s IT systems and a

security review of the software• Design of security solutions and secure IT

architecture• Training and advice on IT security to establish a common

language for working effectively with IT security

• Consultancy in relation to the dialogue with suppliers and customers on IT security. For example to discuss security requirements and features in your organisation’s present or new IT solutions, or to assess if the supplier’s solutions meet the security requirements.

Partisia sells a unique security solution for auctions based on a technology developed by the Alexandra Institute. The solution is based on a technology for ‘secret sharing’, which basically allows you to share a secret without disclosing it. The technology is called secure Multi-Party Computation (MPC).

By distributing a computation on a number of different computers, the data that each user feeds into the system can be kept confidential. The system can be compared to a treasure map that only makes sense when all pieces of the map are put together. The solution is for example used by the Danish sugar beet growers for trading production contracts.

CHPCOM provides secure smart grid data communicationThe Alexandra Institute’s IT security experts have collaborated with the Danish Energy Association to launch CHPCOM (Combined Heat and Power Communi-cation) – an infrastructure for secure communication.

CHPCOM focuses on data communication needs in decentralised combined heat and power plants. The purpose is to automate IT-enabled processes in the critical infrastructure. In collaboration with plant owners, market players, plant suppliers and utility companies, CHPCOM aims to disseminate practical knowledge about the implementation of data communication standards, and to further develop international standards for secure data communication in the energy sector.

Partisiaenables secure auctions

SECURE SOLUTIONS FOR SOCIETY AND BUSINESSES // IT EVERYWHERE – SECURITY NOWHERE?

9

ABC4Trust is an EU-funded research initiative that uses cryptographic technologies to provide better protection of privacy and identity on the Internet. The project focuses on privacy-enhancing technologies.

The goal of ABC4Trust is to show that systems of Attribute-Based Credentials can support both secure authentication as well as privacy, for instance in connection with electronic ID cards (eID), computer-supported polls, surveys, etc.

ABC4Trust aims to establish an overall architecture and a common platform for existing ABC systems and to test these in a number of pilot tests.

These tests have been conducted at Norrtullskolan secondary school in Söderhamn, Sweden, and Patras University, Greece.

When the digital credentials are stored on a smartcard or mobile phone, users may use them for authenticating towards services.

The contribution of the Alexandra Institute includes an analysis of how the different cryptographic building blocks can be combined, a comparison of specific offerings from IBM and Microsoft, and development of a common open architecture for ABC solutions.

CASE

The EU wants to protect privacy and personal information

10

The Alexandra Institute is a privately owned, non-profit company that works with applied IT research, development and innovation. Our mission is to create growth in society.

We provide specialist consultancy and knowledge on commercial terms to both public and private organisations.

We turn research into societal value*

The Alexandra Institute is a member of GTS – Advanced Technology Group – a network of nine independent Danish research and technology organisations. Our primary focus is communication technology in pro-ducts and surroundings.

* We have been assigned by the Danish Ministry of Higher Education and Science to help companies apply state-

of-the-art research and technology in their products and services with the aim of creating economic and societal value.

SECURE SOLUTIONS FOR SOCIETY AND BUSINESSES // IT EVERYWHERE – SECURITY NOWHERE?

11

12

Contact us

www.linkedin.com/company/alexandra-instituttet

www.facebook.com/thealexandrainstitute

www.twitter.com/@alexandrainst

Rasmus Vedel Business Development Manager+45 30 95 65 35 rasmus.vedel@alexandra.dk

Gert Læssøe Mikkelsen Lab Manager, Security Lab +45 24 26 99 11gert.l.mikkelsen@alexandra.dk

SECURE SOLUTIONS FOR SOCIETY AND BUSINESSES // IT EVERYWHERE – SECURITY NOWHERE?

The Alexandra Institute is a non-profit company that provides research, development and innovation within IT.

Our mission is to create growth, welfare and value.

THE ALEXANDRA INSTITUTE Aabogade 34 · DK-8200 Aarhus N · +45 7027 7012 Rued Langgaards Vej 7, 5B · DK-2300 Copenhagen S · +45 7027 7091