© h_da/Fotografie: Markus Schmidt

Whether it’s smart TVs, digitised urban transport systems or connected production lines – digital technologies are becoming increasingly integrated into our everyday lives. This is made possible by embedded systems that collect, process and transmit data. These systems are usually self-contained units (‘black boxes’): their internal structure is not visible, and the software and hardware used are proprietary. This makes it difficult to assess how secure they are. This is particularly true for systems that are already in use and cannot be easily replaced.

For businesses, this means they integrate systems into their products or production environments without being able to adequately verify their security levels themselves. SMEs in particular often lack the resources to carry out in-depth security analyses or commission large-scale external audits. This is precisely where ARTEWS comes in, developing methods and tools that will enable companies to conduct such analyses themselves in future.

Identifying vulnerabilities – even without source code

One of the project’s initial objectives is to identify vulnerabilities in firmware and hardware – even where no open interfaces or source code are available. To this end, the ATHENE researchers are using advanced reverse-engineering methods as well as AI-supported analysis techniques that correlate multiple data sources and communication channels. Where vulnerabilities are identified in hardware, security protocols or firmware, ARTEWS also develops future-proof alternatives – with a particular focus on systems already in use that cannot simply be replaced.

Based on these security analyses, the researchers are developing complementary tools that will be integrated into a modular toolbox aimed at both SMEs and research groups. This will enable companies to carry out security analyses independently and in a structured manner in future – without the need for specialist security teams or costly external analyses. Researchers can use individual tools or the entire ARTEWS toolbox as a starting point to carry out security analyses systematically and to support the remediation of vulnerabilities.

The ARTEWS toolbox: security analysis for all

The toolbox is a key project objective of ARTEWS and is intended to include the following:

• Analysis tools: Methods for assessing the security of software, firmware and hardware in embedded systems.
• Integration: Support for combining various sources and communication channels to analyse data and signals across the board.
• Best Practices: Provision of guidelines and checklists to help organisations – particularly SMEs – carry out security analyses.
• User-friendliness: The toolbox is designed so that even less experienced users can utilise it without difficulty, not just security experts.
• Extensibility: The toolbox is designed to be easily expanded with new functions and modules to keep pace with technological developments.

The toolbox provides companies with a sound basis for decision-making when selecting and integrating embedded systems: security risks can be identified at an early stage and potential vulnerabilities detected before the system goes live. This enables SMEs to reduce the risk – and associated costs – of security incidents and better meet compliance requirements. The tools integrated into the toolbox can also be used individually for specific tasks.

ARTEWS: Pooled expertise for the security of embedded systems

The ATHENE researchers Prof. Dr Christoph Krauß and Prof. Dr Alexander Wiesmaier (both from Hochschule Darmstadt) and Prof. Dr Matthias Hollick (Technical University of Darmstadt) are working together in ARTEWS to improve the security of embedded systems and thereby raise the overall security level of digital systems. Working in close coordination, they utilise shared research infrastructure and pool their expertise – thereby combining their skills and exploiting synergies.

ARTEWS will run from January 2026 to December 2029 within the ATHENE research area SecUrban. For more information about SecUrban, visit https://www.athene-center.de/forschung/securban.