February 24, 2021

IDS_ready: Trusted Connector Facilitates Secure Cross-Company Data Exchange

Digital transformation across all industries is fundamentally changing business models and technical infrastructures. As cross-company data exchange is increasing, and more and more devices are being interconnected, new requirements on data protection and infrastructure security have emerged. The Trusted Connector addresses these new requirements, and it has now been granted the IDS_ready label.

Sharing and exchanging data across company borders bears huge potentials when it comes to accelerating and optimizing processes. However, this goes along with new requirements on data protection and infrastructure security. Trust is key here. To tackle these requirements, Fraunhofer Institute for Applied and Integrated Security (Fraunhofer AISEC) has developed the Trusted Connector, which after a proof of concept has now been granted the IDS_ready label by International Data Spaces Association. The label confirms that the Trusted Connector meets IDS security requirements and complies with the IDS reference architecture. This means that the solution developed by Fraunhofer AISEC allows data space users to share and exchange data on a trusted basis and in line with the principles of data sovereignty.

Making the Industrial Internet of Things (IIoT) safer

The Trusted Connector offers a software stack for trustworthy edge gateways. These gateways can be deployed in IDS based ecosystems as well as in any other IIoT infrastructure. In accordance with IDS security requirements, the Trusted Connector offers mechanisms for secure communication and data processing between gateways, protected environments for execution of apps, and features for controlling access to and usage of data.

Ensuring data protection, infrastructure security, and mutual trust

As more and more devices are being interconnected, more and more sensitive data is being exchanged between companies. This bears the risk of inadvertently revealing sensitive business information to other parties. To ensure sufficient protection of data, mechanisms for data provenance tracking must be in place. At the same time, users must be enabled to determine who is allowed to access their data and how their data may be processed by other parties. To meet these demands, the Trusted Connector uses the »Logic-Based Usage Control Framework« (LUCON), making sure data can be passed on only if in line with a data usage policy specified beforehand.

State-of-the-art security mechanisms

“Being the central component for data processing and representing the interface with companies’ internal infrastructures, IDS Connectors are potential targets of cyberattacks. That is why the Trusted Connector has state-of-the-art security mechanisms on board, reducing the risk of attacks to a minimum. For example, apps are mutually isolated from each other to the largest extent possible, and only signed software can be executed within the system.”

Monika Huber, research assistant with Fraunhofer AISEC

If a party involved in a data exchange transaction has been attacked from outside, the security and integrity of any data exchanged (or to be exchanged) is threatened as well. The Trusted Connector therefore offers a remote attestation function, allowing each party to verify the integrity of the software used by the other party before any data is sent to another IDS Connector.

For more information please click on the following links:

Der Trusted Connector auf github

Der Trusted Connector im IDS (German)

Stay updated with us