This file was created by the TYPO3 extension
bib
--- Timezone: UTC
Creation date: 2024-10-06
Creation time: 20-27-30
--- Number of references
58
inproceedings
2024_lohmoeller_tee_datasharing
Complementing Organizational Security in Data Ecosystems with Technical Guarantees
2024
12
internet-of-production
IEEE
Proceedings of the 1st Conference on Building a Secure and Empowered Cyberspace (BuildSEC '24), December 19-21, 2024, New Delhi, India
New Delhi, India
Building a Secure & Empowered Cyberspace
December 19-21, 2024
accepted
1
JohannesLohmöller
RomanMatzutt
JoschaLoos
EduardVlad
JanPennekamp
KlausWehrle
inproceedings
2024_dahlmanns_ipv6-deployments
Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet
2024
5
10
Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.
Internet of Things, security, Internet measurements, IPv6, address generators
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-ipv6.pdf
IEEE
Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea
Seoul, Korea
2024 IEEE Network Operations and Management Symposium
May 6-10, 2024
10.1109/NOMS59830.2024.10574963
1
MarkusDahlmanns
FelixHeidenreich
JohannesLohmöller
JanPennekamp
KlausWehrle
MartinHenze
inproceedings
2024_pennekamp_dissertation-digest
Evolving the Industrial Internet of Things: The Advent of Secure Collaborations
2024
5
9
The Industrial Internet of Things (IIoT) leads to increasingly-interconnected industrial processes and environments, which, in turn, result in stakeholders collecting a plethora of information. Even though the global sharing of information and industrial collaborations in the IIoT promise significant improvements concerning productivity, sustainability, and product quality, among others, the majority of stakeholders is hesitant to implement them due to confidentiality and reliability concerns. However, strong technical guarantees could convince them of the contrary. Thus, to address these concerns, our interdisciplinary efforts focus on establishing and realizing secure industrial collaborations in the IIoT. By applying private computing, we are indeed able to reliably secure collaborations that not only scale to industry-sized applications but also allow for use case-specific confidentiality guarantees. Hence, improvements that follow from industrial collaborations with (strong) technical guarantees are within reach, even when dealing with cautious stakeholders. Still, until we can fully exploit these benefits, several challenges remain, primarily regarding collaboration management, introduced overhead, interoperability, and universality of proposed protocols.
security; privacy; private computing; reliability
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-noms-dissertation-digest.pdf
IEEE
Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea
Seoul, Korea
2024 IEEE Network Operations and Management Symposium
May 6-10, 2024
10.1109/NOMS59830.2024.10575325
1
JanPennekamp
article
2024_lohmoeller_sovereignty-survey
The Unresolved Need for Dependable Guarantees on Security, Sovereignty, and Trust in Data Ecosystems
Data & Knowledge Engineering
2024
5
1
151
Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts.
Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases
internet-of-production; coat-ers; vesitrust
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf
Elsevier
0169-023X
10.1016/j.datak.2024.102301
1
JohannesLohmöller
JanPennekamp
RomanMatzutt
Carolin VictoriaSchneider
EduardVlad
ChristianTrautwein
KlausWehrle
inproceedings
2024-kunze-civic
In-Situ Model Validation for Continuous Processes Using In-Network Computing
2024
5
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-civic.pdf
IEEE
Proceedings of the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '24)
10.1109/ICPS59941.2024.10639999
1
IkeKunze
DominikScheurenberg
LiamTirpitz
SandraGeisler
KlausWehrle
phdthesis
2024_pennekamp_phd-thesis
Secure Collaborations for the Industrial Internet of Things
2024
4
15
The Industrial Internet of Things (IIoT) is leading to increasingly-interconnected and networked industrial processes and environments, which, in turn, results in stakeholders gathering vast amounts of information. Although the global sharing of information and industrial collaborations in the IIoT promise to enhance productivity, sustainability, and product quality, among other benefits, most information is still commonly encapsulated in local information silos. In addition to interoperability issues, confidentiality concerns of involved stakeholders remain the main obstacle to fully realizing these improvements in practice as they largely hinder real-world industrial collaborations today. Therefore, this dissertation addresses this mission-critical research gap. Since existing approaches to privacy-preserving information sharing are not scalable to industry-sized applications in the IIoT, we present solutions that enable secure collaborations in the IIoT while providing technical (confidentiality) guarantees to the involved stakeholders. Our research is crucial (i) for demonstrating the potential and added value of (secure) collaborations and (ii) for convincing cautious stakeholders of the usefulness and benefits of technical building blocks, enabling reliable sharing of confidential information, even among direct competitors.
Our interdisciplinary research thus focuses on establishing and realizing secure industrial collaborations in the IIoT. In this regard, we study two overarching angles of collaborations in detail. First, we distinguish between collaborations along and across supply chains, with the former type entailing more relaxed confidentiality requirements. Second, whether or not collaborators know each other in advance implies different levels of trust and requires different technical guarantees. We rely on well-established building blocks from private computing (i.e., privacy-preserving computation and confidential computing) to reliably realize secure collaborations. We thoroughly evaluate each of our designs, using multiple real-world use cases from production technology, to prove their practical feasibility for the IIoT.
By applying private computing, we are indeed able to secure collaborations that not only scale to industry-sized applications but also allow for use case-specific configurations of confidentiality guarantees. In this dissertation, we use well-established building blocks to assemble novel solutions with technical guarantees for all types of collaborations (along and across supply chains as well as with known or unknown collaborators). Finally, on the basis of our experience with engineers, we have derived a research methodology for future use that structures the process of interdisciplinary development and evaluation of secure collaborations in the evolving IIoT.
Overall, given the aforementioned improvements, our research should greatly contribute to convincing even cautious stakeholders to participate in (reliably-secured) industrial collaborations. Our work is an essential first step toward establishing widespread information sharing among stakeholders in the IIoT. We further conclude: (i) collaborations can be reliably secured, and we can even provide technical guarantees while doing so; (ii) building blocks from private computing scale to industrial applications and satisfy the outlined confidentiality needs; (iii) improvements resulting from industrial collaborations are within reach, even when dealing with cautious stakeholders; and (iv) the interdisciplinary development of sophisticated yet appropriate designs for use case-driven secure collaborations can succeed in practice.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-phd-thesis.pdf
Shaker Verlag
Germany
Reports on Communications and Distributed Systems
23
RWTH Aachen University
Ph.D. Thesis
978-3-8440-9467-1
2191-0863
1
JanPennekamp
incollection
2024_pennekamp_blockchain-industry
Blockchain Technology Accelerating Industry 4.0
2024
3
7
105
531-564
Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations.
internet-of-production
Springer
Advances in Information Security
17
Blockchains – A Handbook on Fundamentals, Platforms and Applications
978-3-031-32145-0
10.1007/978-3-031-32146-7_17
1
JanPennekamp
LennartBader
EricWagner
JensHiller
RomanMatzutt
KlausWehrle
article
2024_pennekamp_supply-chain-survey
An Interdisciplinary Survey on Information Flows in Supply Chains
ACM Computing Surveys
2024
2
1
56
2
Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points.
information flows; data communication; supply chain management; data security; data sharing; systematic literature review
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf
ACM
0360-0300
10.1145/3606693
1
JanPennekamp
RomanMatzutt
ChristopherKlinkmüller
LennartBader
MartinSerror
EricWagner
SidraMalik
MariaSpiß
JessicaRahn
TanGürpinar
EduardVlad
Sander J. J.Leemans
Salil S.Kanhere
VolkerStich
KlausWehrle
article
2024_pennekamp_supply-chain-sensing
Securing Sensing in Supply Chains: Opportunities, Building Blocks, and Designs
IEEE Access
2024
1
8
12
9350-9368
Supply chains increasingly develop toward complex networks, both technically in terms of devices and connectivity, and also anthropogenic with a growing number of actors. The lack of mutual trust in such networks results in challenges that are exacerbated by stringent requirements for shipping conditions or quality, and where actors may attempt to reduce costs or cover up incidents. In this paper, we develop and comprehensively study four scenarios that eventually lead to end-to-end-secured sensing in complex IoT-based supply chains with many mutually distrusting actors, while highlighting relevant pitfalls and challenges—details that are still missing in related work. Our designs ensure that sensed data is securely transmitted and stored, and can be verified by all parties. To prove practical feasibility, we evaluate the most elaborate design with regard to performance, cost, deployment, and also trust implications on the basis of prevalent (mis)use cases. Our work enables a notion of secure end-to-end sensing with minimal trust across the system stack, even for complex and opaque supply chain networks.
blockchain technology; reliability; security; trust management; trusted computing; trusted execution environments
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-secure-sensing.pdf
2169-3536
10.1109/ACCESS.2024.3350778
1
JanPennekamp
FritzAlder
LennartBader
GianlucaScopelliti
KlausWehrle
Jan TobiasMühlberg
article
2023_pennekamp_purchase_inquiries
Offering Two-Way Privacy for Evolved Purchase Inquiries
ACM Transactions on Internet Technology
2023
11
17
23
4
Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness. Related work overlooks this issue so far: Existing approaches only protect the information of a single party only, hindering dynamic and on-demand business relationships. To account for the corresponding research gap of inadequately privacy-protected information and to deal with companies without an established trust relation, we pursue the direction of innovative privacy-preserving purchase inquiries that seamlessly integrate into today's established supplier management and procurement processes. Utilizing well-established building blocks from private computing, such as private set intersection and homomorphic encryption, we propose two designs with slightly different privacy and performance implications to securely realize purchase inquiries over the Internet. In particular, we allow buyers to consider more potential sellers without sharing sensitive information and relieve sellers of the burden of repeatedly preparing elaborate yet discarded offers. We demonstrate our approaches' scalability using two real-world use cases from the domain of production technology. Overall, we present deployable designs that offer two-way privacy for purchase inquiries and, in turn, fill a gap that currently hinders establishing dynamic and flexible business relationships. In the future, we expect significantly increasing research activity in this overlooked area to address the needs of an evolving production landscape.
bootstrapping procurement; secure industrial collaboration; private set intersection; homomorphic encryption; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-purchase-inquiries.pdf
ACM
1533-5399
10.1145/3599968
1
JanPennekamp
MarkusDahlmanns
FrederikFuhrmann
TimoHeutmann
AlexanderKreppein
DennisGrunert
ChristophLange
Robert H.Schmitt
KlausWehrle
inproceedings
2023_bader_reputation-systems
Reputation Systems for Supply Chains: The Challenge of Achieving Privacy Preservation
2023
11
16
464-475
Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volatile supply chain networks introduce, (2) give an overview of the diverse landscape of privacy-preserving reputation systems and their properties, and (3) based on well-established concepts from supply chain information systems and cryptography, we further propose an initial concept that accounts for the aforementioned challenges by utilizing fully homomorphic encryption. For future work, we identify the need of evaluating whether novel systems address the supply chain-specific privacy and confidentiality needs.
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST), Volume 593
SCM; confidentiality; anonymity; voter; votee; FHE
internet-of-production
https://jpennekamp.de/wp-content/papercite-data/pdf/bpt+23.pdf
Springer
Proceedings of the 20th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '23), November 14-17, 2023, Melbourne, VIC, Australia
Melbourne, VIC, Australia
November 14-17, 2023
978-3-031-63988-3
1867-8211
10.1007/978-3-031-63989-0_24
1
LennartBader
JanPennekamp
EmildeonThevaraj
MariaSpiß
Salil S.Kanhere
KlausWehrle
article
2023_lamberts_metrics-sok
SoK: Evaluations in Industrial Intrusion Detection Research
Journal of Systems Research
2023
10
31
3
1
Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward.
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf
eScholarship Publishing
2770-5501
10.5070/SR33162445
1
OlavLamberts
KonradWolsing
EricWagner
JanPennekamp
JanBauer
KlausWehrle
MartinHenze
inproceedings
2023_wolsing_ensemble
One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection
2023
9
25
14345
102-122
Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity.
Lecture Notes in Computer Science (LNCS), Volume 14345
Intrusion Detection; Ensemble Learning; ICS
internet-of-production, rfc
https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf
Springer
Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands
The Hague, The Netherlands
28th European Symposium on Research in Computer Security (ESORICS '23)
September 25-29, 2023
978-3-031-51475-3
0302-9743
10.1007/978-3-031-51476-0_6
1
KonradWolsing
DominikKus
EricWagner
JanPennekamp
KlausWehrle
MartinHenze
inproceedings
2023_bodenbenner_fairsensor
FAIR Sensor Ecosystem: Long-Term (Re-)Usability of FAIR Sensor Data through Contextualization
2023
7
20
The long-term utility and reusability of measurement data from production processes depend on the appropriate contextualization of the measured values. These requirements further mandate that modifications to the context need to be recorded. To be (re-)used at all, the data must be easily findable in the first place, which requires arbitrary filtering and searching routines. Following the FAIR guiding principles, fostering findable, accessible, interoperable and reusable (FAIR) data, in this paper, the FAIR Sensor Ecosystem is proposed, which provides a contextualization middleware based on a unified data metamodel. All information and relations which might change over time are versioned and associated with temporal validity intervals to enable full reconstruction of a system's state at any point in time. A technical validation demonstrates the correctness of the FAIR Sensor Ecosystem, including its contextualization model and filtering techniques. State-of-the-art FAIRness assessment frameworks rate the proposed FAIR Sensor Ecosystem with an average FAIRness of 71%. The obtained rating can be considered remarkable, as deductions mainly result from the lack of fully appropriate FAIRness metrics and the absence of relevant community standards for the domain of the manufacturing industry.
FAIR Data; Cyber-Physical Systems; Data Management; Data Contextualization; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-bodenbenner-fair-ecosystem.pdf
IEEE
Proceedings of the 21th IEEE International Conference on Industrial Informatics (INDIN '23), July 17-20, 2023, Lemgo, Germany
Lemgo, Germany
July 17-20, 2023
978-1-6654-9313-0
2378-363X
10.1109/INDIN51400.2023.10218149
1
MatthiasBodenbenner
JanPennekamp
BenjaminMontavon
KlausWehrle
Robert H.Schmitt
inproceedings
2023-dahlmanns-docker
Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact
2023
7
10
797-811
Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear.
In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.
network security; security configuration; secret leakage; container
ven2us, internet-of-production,
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf
ACM
Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia
Melbourne, VIC, Australia
ASIA CCS '23
July 10-14, 2023
979-8-4007-0098-9/23/07
10.1145/3579856.3590329
1
MarkusDahlmanns
ConstantinSander
RobinDecker
KlausWehrle
inproceedings
2023_pennekamp_benchmarking_comparison
Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking
2023
6
15
13901
489-505
Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees—an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today's building blocks from private computing.
Lecture Notes in Computer Science (LNCS), Volume 13901
real-world computing; trusted execution environments; homomorphic encryption; key performance indicators; benchmarking
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-industry-benchmarking.pdf
Springer
Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain
Zaragoza, Spain
35th International Conference on Advanced Information Systems Engineering (CAiSE '23)
June 12-16, 2023
978-3-031-34559-3
0302-9743
10.1007/978-3-031-34560-9_29
1
JanPennekamp
JohannesLohmöller
EduardVlad
JoschaLoos
NiklasRodemann
PatrickSapel
Ina BereniceFink
SethSchmitz
ChristianHopmann
MatthiasJarke
GüntherSchuh
KlausWehrle
MartinHenze
incollection
2023_pennekamp_crd-a.i
Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead
2023
2
8
35-60
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.
Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf
Springer
Interdisciplinary Excellence Accelerator Series
Internet of Production: Fundamentals, Applications and Proceedings
978-3-031-44496-8
10.1007/978-3-031-44497-5_2
1
JanPennekamp
AnastasiiaBelova
ThomasBergs
MatthiasBodenbenner
AndreasBührig-Polaczek
MarkusDahlmanns
IkeKunze
MoritzKröger
SandraGeisler
MartinHenze
DanielLütticke
BenjaminMontavon
PhilippNiemietz
LuciaOrtjohann
MaximilianRudack
Robert H.Schmitt
UweVroomen
KlausWehrle
MichaelZeng
incollection
2023_rueppel_crd-b2.ii
Model-Based Controlling Approaches for Manufacturing Processes
2023
2
8
221-246
The main objectives in production technology are quality assurance, cost reduction, and guaranteed process safety and stability. Digital shadows enable a more comprehensive understanding and monitoring of processes on shop floor level. Thus, process information becomes available between decision levels, and the aforementioned criteria regarding quality, cost, or safety can be included in control decisions for production processes. The contextual data for digital shadows typically arises from heterogeneous sources. At shop floor level, the proximity to the process requires usage of available data as well as domain knowledge. Data sources need to be selected, synchronized, and processed. Especially high-frequency data requires algorithms for intelligent distribution and efficient filtering of the main information using real-time devices and in-network computing. Real-time data is enriched by simulations, metadata from product planning, and information across the whole process chain. Well-established analytical and empirical models serve as the base for new hybrid, gray box approaches. These models are then applied to optimize production process control by maximizing the productivity under given quality and safety constraints. To store and reuse the developed models, ontologies are developed and a data lake infrastructure is utilized and constantly enlarged laying the basis for a World Wide Lab (WWL). Finally, closing the control loop requires efficient quality assessment, immediately after the process and directly on the machine. This chapter addresses works in a connected job shop to acquire data, identify and optimize models, and automate systems and their deployment in the Internet of Production (IoP).
Process control; Model-based control; Data aggregation; Model identification; Model optimization
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-rueppel-iop-b2.i.pdf
Springer
Interdisciplinary Excellence Accelerator Series
Internet of Production: Fundamentals, Applications and Proceedings
978-3-031-44496-8
10.1007/978-3-031-44497-5_7
1
Adrian KarlRüppel
MuzafferAy
BenediktBiernat
IkeKunze
MarkusLandwehr
SamuelMann
JanPennekamp
PascalRabe
Mark P.Sanders
DominikScheurenberg
SvenSchiller
TiandongXi
DirkAbel
ThomasBergs
ChristianBrecher
UweReisgen
Robert H.Schmitt
KlausWehrle
incollection
2023_klugewilkes_crd-b2.iv
Modular Control and Services to Operate Line-less Mobile Assembly Systems
2023
2
8
303-328
The increasing product variability and lack of skilled workers demand for autonomous, flexible production. Since assembly is considered a main cost driver and accounts for a major part of production time, research focuses on new technologies in assembly. The paradigm of Line-less Mobile Assembly Systems (LMAS) provides a solution for the future of assembly by mobilizing all resources. Thus, dynamic product routes through spatiotemporally configured assembly stations on a shop floor free of fixed obstacles are enabled. In this chapter, we present research focal points on different levels of LMAS, starting with the macroscopic level of formation planning, followed by the mesoscopic level of mobile robot control and multipurpose input devices and the microscopic level of services, such as interpreting autonomous decisions and in-network computing. We provide cross-level data and knowledge transfer through a novel ontology-based knowledge management. Overall, our work contributes to future safe and predictable human-robot collaboration in dynamic LMAS stations based on accurate online formation and motion planning of mobile robots, novel human-machine interfaces and networking technologies, as well as trustworthy AI-based decisions.
Lineless mobile assembly systems (LMAS); Formation planning; Online motion planning; In-network computing; Interpretable AI; Human-machine collaboration; Ontology-based knowledge management
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-klugewilkes-iop-b2.iv.pdf
Springer
Interdisciplinary Excellence Accelerator Series
Internet of Production: Fundamentals, Applications and Proceedings
978-3-031-44496-8
10.1007/978-3-031-44497-5_13
1
AlineKluge-Wilkes
RalphBaier
DanielGossen
IkeKunze
AleksandraMüller
AmirShahidi
DominikWolfschläger
ChristianBrecher
BurkhardCorves
MathiasHüsing
VerenaNitsch
Robert H.Schmitt
KlausWehrle
inproceedings
2022_lohmoeller_sovereignty
On the Need for Strong Sovereignty in Data Ecosystems
2022
9
5
3306
51-63
Data ecosystems are the foundation of emerging data-driven business models as they (i) enable an automated exchange between their participants and (ii) provide them with access to huge and heterogeneous data sources. However, the corresponding benefits come with unforeseen risks as also sensitive information is potentially exposed. Consequently, data security is of utmost importance and, thus, a central requirement for the successful implementation of these ecosystems. Current initiatives, such as IDS and GAIA-X, hence foster sovereign participation via a federated infrastructure where participants retain local control. However, these designs place significant trust in remote infrastructure by mostly implementing organizational security measures such as certification processes prior to admission of a participant. At the same time, due to the sensitive nature of involved data, participants are incentivized to bypass security measures to maximize their own benefit: In practice, this issue significantly weakens sovereignty guarantees. In this paper, we hence claim that data ecosystems must be extended with technical means to reestablish such guarantees. To underpin our position, we analyze promising building blocks and identify three core research directions toward stronger data sovereignty, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. We conclude that these directions are critical to securely implement data ecosystems in data-sensitive contexts.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-lohmoeller-deco.pdf
CEUR Workshop Proceedings
Proceedings of the 1st International Workshop on Data Ecosystems (DEco '22), co-located with the 48th International Conference on Very Large Databases (VLDB '22), September 5-9, 2022, Sydney, Australia,
Sydney, Australia
International Workshop on Data Ecosystems (DEco '22)
September 5, 2022
1613-0073
1
JohannesLohmöller
JanPennekamp
RomanMatzutt
KlausWehrle
inproceedings
2022_dahlmanns_tlsiiot
Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things
2022
5
31
252-266
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space.
Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.
industrial communication; network security; security configuration
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf
ACM
Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan
Nagasaki, Japan
ASIACCS '22
May 30-June 3, 2022
978-1-4503-9140-5/22/05
10.1145/3488932.3497762
1
MarkusDahlmanns
JohannesLohmöller
JanPennekamp
JörnBodenhausen
KlausWehrle
MartinHenze
inproceedings
2022_kus_iids_generalizability
A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection
2022
5
30
73-84
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.
anomaly detection; machine learning; industrial control system
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf
ACM
Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan
978-1-4503-9176-4/22/05
10.1145/3494107.3522773
1
DominikKus
EricWagner
JanPennekamp
KonradWolsing
Ina BereniceFink
MarkusDahlmanns
KlausWehrle
MartinHenze
inproceedings
2022_wagner_ccchain
Scalable and Privacy-Focused Company-Centric Supply Chain Management
2022
5
4
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.
supply chain management; blockchain; permissionless; deployment; tracing and tracking; privacy
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wagner-ccchain.pdf
IEEE
Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China
Shanghai, China
May 2-5, 2022
978-1-6654-9538-7/22
10.1109/ICBC54727.2022.9805503
1
EricWagner
RomanMatzutt
JanPennekamp
LennartBader
IrakliBajelidze
KlausWehrle
MartinHenze
article
2022_brauner_iop
A Computer Science Perspective on Digital Transformation in Production
ACM Transactions on Internet of Things
2022
5
1
3
2
The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality.
Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf
ACM
2691-1914
10.1145/3502265
1
PhilippBrauner
ManuelaDalibor
MatthiasJarke
IkeKunze
IstvánKoren
GerhardLakemeyer
MartinLiebenberg
JudithMichael
JanPennekamp
ChristophQuix
BernhardRumpe
Wilvan der Aalst
KlausWehrle
AndreasWortmann
MartinaZiefle
inproceedings
2021_pennekamp_laser
Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use
2021
12
21
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base.
Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations.
Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike.
Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area.
Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications.
Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf
ACSA
Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA
Austin, TX, USA
Learning from Authoritative Security Experiment Results (LASER '20)
December 8, 2020
978-1-891562-81-5
10.14722/laser-acsac.2020.23088
1
JanPennekamp
ErikBuchholz
MarkusDahlmanns
IkeKunze
StefanBraun
EricWagner
MatthiasBrockmann
KlausWehrle
MartinHenze
inproceedings
2021_pennekamp_bootstrapping
Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships
2021
11
15
RWTH-2021-09499
In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment.
bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf
RWTH Aachen University
Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea
RWTH Aachen University
Seoul, Korea
November 14, 2021
10.18154/RWTH-2021-09499
JanPennekamp
FrederikFuhrmann
MarkusDahlmanns
TimoHeutmann
AlexanderKreppein
DennisGrunert
ChristophLange
Robert H.Schmitt
KlausWehrle
article
2021_pennekamp_accountable_manufacturing
The Road to Accountable and Dependable Manufacturing
Automation
2021
9
13
2
3
202-219
The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust.
blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf
MDPI
2673-4052
10.3390/automation2030013
1
JanPennekamp
RomanMatzutt
Salil S.Kanhere
JensHiller
KlausWehrle
article
2021_pennekamp_ercim
Unlocking Secure Industrial Collaborations through Privacy-Preserving Computation
ERCIM News
2021
7
9
126
24-25
In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-ercim-news.pdf
https://ercim-news.ercim.eu/en126/special/unlocking-secure-industrial-collaborations-through-privacy-preserving-computation
ERCIM EEIG
0926-4981
JanPennekamp
MartinHenze
KlausWehrle
inproceedings
2021-kunze-signal-detection
Detecting Out-Of-Control Sensor Signals in Sheet Metal Forming using In-Network Computing
2021
6
10
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-signal-detection.pdf
IEEE
Proceedings of the 2021 IEEE 30th International Symposium
on Industrial Electronics (ISIE)
978-1-7281-9023-5
2163-5145
10.1109/ISIE45552.2021.9576221
1
IkeKunze
PhilippNiemietz
LiamTirpitz
RenéGlebke
DanielTrauth
ThomasBergs
KlausWehrle
inproceedings
2021_mangel_reshare
Data Reliability and Trustworthiness through Digital Transmission Contracts
2021
6
8
12731
265-283
As decision-making is increasingly data-driven, trustworthiness and reliability of the underlying data, e.g., maintained in knowledge graphs or on the Web, are essential requirements for their usability in the industry. However, neither traditional solutions, such as paper-based data curation processes, nor state-of-the-art approaches, such as distributed ledger technologies, adequately scale to the complex requirements and high throughput of continuously evolving industrial data. Motivated by a practical use case with high demands towards data trustworthiness and reliability, we identify the need for digitally-verifiable data immutability as a still insufficiently addressed dimension of data quality. Based on our discussion of shortcomings in related work, we thus propose ReShare, our novel concept of digital transmission contracts with bilateral signatures, to address this open issue for both RDF knowledge graphs and arbitrary data on the Web. Our quantitative evaluation of ReShare’s performance and scalability reveals only moderate computation and communication overhead, indicating significant potential for cost-reductions compared to today’s approaches. By cleverly integrating digital transmission contracts with existing Web-based information systems, ReShare provides a promising foundation for data sharing and reuse in Industry 4.0 and beyond, enabling digital accountability through easily-adoptable digitally-verifiable data immutability and non-repudiation.
Lecture Notes in Computer Science (LNCS), Volume 12731
Digital transmission contracts; Trust; Data immutability; Non-repudiation; Accountability; Data dynamics; Linked Data; Knowledge graphs
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mangel-eswc-reshare.pdf
Springer
Proceedings of the 18th Extended Semantic Web Conference (ESWC '21), June 6-10, 2021, Heraklion, Greece
Heraklion, Greece
June 6-10, 2021
978-3-030-77384-7
0302-9743
10.1007/978-3-030-77385-4_16
1
SimonMangel
LarsGleim
JanPennekamp
KlausWehrle
StefanDecker
inproceedings
2021_gleim_factstack
FactStack: Interoperable Data Management and Preservation for the Web and Industry 4.0
2021
5
31
P-312
371-395
Data exchange throughout the supply chain is essential for the agile and adaptive manufacturing processes of Industry 4.0. As companies employ numerous, frequently mutually incompatible data management and preservation approaches, interorganizational data sharing and reuse regularly requires human interaction and is thus associated with high overhead costs. An interoperable system, supporting the unified management, preservation and exchange of data across organizational boundaries is missing to date. We propose FactStack, a unified approach to data management and preservation based upon a novel combination of existing Web-standards and tightly integrated with the HTTP protocol itself. Based on the FactDAG model, FactStack guides and supports the full data lifecycle in a FAIR and interoperable manner, independent of individual software solutions and backward-compatible with existing resource oriented architectures. We describe our reference implementation of the approach and evaluate its performance, showcasing scalability even to high-throughput applications. We analyze the system's applicability to industry using a representative real-world use case in aircraft manufacturing based on principal requirements identified in prior work. We conclude that FactStack fulfills all requirements and provides a promising solution for the on-demand integration of persistence and provenance into existing resource-oriented architectures, facilitating data management and preservation for the agile and interorganizational manufacturing processes of Industry 4.0. Through its open source distribution, it is readily available for adoption by the community, paving the way for improved utility and usability of data management and preservation in digital manufacturing and supply chains.
Lecture Notes in Informatics (LNI), Volume P-312
Web Technologies; Data Management; Memento; Persistence; PID; Industry 4.0
internet-of-production
https://comsys.rwth-aachen.de/fileadmin/papers/2021/2021-gleim-btw-iop-interoperability-realization.pdf
Gesellschaft für Informatik
Proceedings of the 19th Symposium for Database Systems for Business, Technology and Web (BTW '21), September 13-17, 2021, Dresden, Germany
Dresden, Germany
September 13-17, 2021
978-3-88579-705-0
1617-5468
10.18420/btw2021-20
1
LarsGleim
JanPennekamp
LiamTirpitz
SaschaWelten
FlorianBrillowski
StefanDecker
inproceedings
2021-kunze-coordinate-transformation
Investigating the Applicability of In-Network Computing to Industrial Scenarios
2021
5
11
334-340
in-network computing; latency; approximation
internet-of-production,reflexes
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-coordinate-transformation.pdf
IEEE
Proceedings of the 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '21)
978-1-7281-6207-2
10.1109/ICPS49255.2021.9468247
1
IkeKunze
RenéGlebke
JanScheiper
MatthiasBodenbenner
Robert H.Schmitt
KlausWehrle
article
2021_buckhorst_lmas
Holarchy for Line-less Mobile Assembly Systems Operation in the Context of the Internet of Production
Procedia CIRP
2021
5
3
99
448-453
Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike.
Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy
Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf
Elsevier
Gulf of Naples, Italy
July 14-17, 2020
2212-8271
10.1016/j.procir.2021.03.064
1
Armin F.Buckhorst
BenjaminMontavon
DominikWolfschläger
MelanieBuchsbaum
AmirShahidi
HenningPetruck
IkeKunze
JanPennekamp
ChristianBrecher
MathiasHüsing
BurkhardCorves
VerenaNitsch
KlausWehrle
Robert H.Schmitt
article
2021_bader_privaccichain
Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability
Information Processing & Management
2021
5
1
58
3
The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships.
multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf
Elsevier
0306-4573
10.1016/j.ipm.2021.102529
1
LennartBader
JanPennekamp
RomanMatzutt
DavidHedderich
MarkusKowalski
VolkerLücken
KlausWehrle
inproceedings
2021-kunze-aqm-tofino-p4
Tofino + P4: A Strong Compound for AQM on High-Speed Networks?
2021
5
72-80
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-aqm-tofino-p4.pdf
IFIP/IEEE
Proceedings of the International Symposium on Integrated Network Management (IM '21)
Virtual Event
International Symposium on Integrated Network Management (IM '21)
May 2021
978-1-7281-9041-9
1
IkeKunze
MoritzGunz
DavidSaam
KlausWehrle
JanRüth
inproceedings
2021_dahlmanns_entrust
Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems
2021
4
28
78–87
The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems.
cyber-physical system security; publish-subscribe security; end-to-end security
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf
ACM
Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA
Virtual Event, USA
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
April 28, 2021
978-1-4503-8319-6/21/04
10.1145/3445969.3450423
1
MarkusDahlmanns
JanPennekamp
Ina BereniceFink
BerndSchoolmann
KlausWehrle
MartinHenze
inproceedings
2021-sander-zoom-cc
Video Conferencing and Flow-Rate Fairness: A First Look at Zoom and the Impact of Flow-Queuing AQM
2021
3
internet-of-production
/fileadmin/papers/2021/2021-sander-zoom-fairness-aqm.pdf
https://arxiv.org/abs/2107.00904
Springer
Proceedings of the Passive and Active Measurement Conference (PAM '21)
Passive and Active Measurement Conference (PAM 2021)
10.1007/978-3-030-72582-2_1
1
ConstantinSander
IkeKunze
KlausWehrle
JanRüth
inproceedings
2020_pennekamp_benchmarking
Revisiting the Privacy Needs of Real-World Applicable Company Benchmarking
2020
12
15
31-44
Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of companies using secure multi-party computation or homomorphic encryption. However, related work so far does not consider that also the benchmarking algorithm, used in today's applied real-world scenarios to compute all relevant statistics, itself contains significant intellectual property, and thus needs to be protected. Addressing this issue, we present PCB — a practical design for Privacy-preserving Company Benchmarking that utilizes homomorphic encryption and a privacy proxy — which is specifically tailored for realistic real-world applications in which we protect companies' sensitive input data and the valuable algorithms used to compute underlying key performance indicators. We evaluate PCB's performance using synthetic measurements and showcase its applicability alongside an actual company benchmarking performed in the domain of injection molding, covering 48 distinct key performance indicators calculated out of hundreds of different input values. By protecting the privacy of all participants, we enable them to fully profit from the benefits of company benchmarking.
practical encrypted computing; homomorphic encryption; algorithm confidentiality; benchmarking; key performance indicators; industrial application; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-company-benchmarking.pdf
https://eprint.iacr.org/2020/1512
HomomorphicEncryption.org
Proceedings of the 8th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC '20), December 15, 2020, Virtual Event
Virtual Event
December 15, 2020
978-3-00-067798-4
10.25835/0072999
1
JanPennekamp
PatrickSapel
Ina BereniceFink
SimonWagner
SebastianReuter
ChristianHopmann
KlausWehrle
MartinHenze
inproceedings
2020_pennekamp_parameter_exchange
Privacy-Preserving Production Process Parameter Exchange
2020
12
10
510-525
Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging valuable production data entails the risk of improper use of potentially sensitive information. Therefore, companies hesitate to offer their production data, e.g., process parameters that would allow other companies to establish new production lines faster, against a quid pro quo. Nevertheless, the expected benefits of industrial collaboration, data exchanges, and the utilization of external knowledge are significant.
In this paper, we introduce our Bloom filter-based Parameter Exchange (BPE), which enables companies to exchange process parameters privacy-preservingly. We demonstrate the applicability of our platform based on two distinct real-world use cases: injection molding and machine tools. We show that BPE is both scalable and deployable for different needs to foster industrial collaborations. Thereby, we reward data-providing companies with payments while preserving their valuable data and reducing the risks of data leakage.
secure industrial collaboration; Bloom filter; oblivious transfer; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-parameter-exchange.pdf
ACM
Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA
Austin, TX, USA
December 7-11, 2020
978-1-4503-8858-0/20/12
10.1145/3427228.3427248
1
JanPennekamp
ErikBuchholz
YannikLockner
MarkusDahlmanns
TiandongXi
MarcelFey
ChristianBrecher
ChristianHopmann
KlausWehrle
inproceedings
2020_gleim_factdag_provenance
Expressing FactDAG Provenance with PROV-O
2020
11
1
2821
53-58
To foster data sharing and reuse across organizational boundaries, provenance tracking is of vital importance for the establishment of trust and accountability, especially in industrial applications, but often neglected due to associated overhead. The abstract FactDAG data interoperability model strives to address this challenge by simplifying the creation of provenance-linked knowledge graphs of revisioned (and thus immutable) resources. However, to date, it lacks a practical provenance implementation.
In this work, we present a concrete alignment of all roles and relations in the FactDAG model to the W3C PROV provenance standard, allowing future software implementations to directly produce standard-compliant provenance information. Maintaining compatibility with existing PROV tooling, an implementation of this mapping will pave the way for practical FactDAG implementations and deployments, improving trust and accountability for Open Data through simplified provenance management.
Provenance; Data Lineage; Open Data; Semantic Web Technologies; Ontology Alignment; PROV; RDF; Industry 4.0; Internet of Production; IIoT
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-factdag-provenance.pdf
CEUR Workshop Proceedings
Proceedings of the 6th Workshop on Managing the Evolution and Preservation of the Data Web (MEPDaW '20), co-located with the 19th International Semantic Web Conference (ISWC '20), November 1-6, 2020, Athens, Greece,
Athens, Greece
November 1-6, 2020
1613-0073
1
LarsGleim
LiamTirpitz
JanPennekamp
StefanDecker
inproceedings
2020-dahlmanns-imc-opcua
Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments
2020
10
27
101-110
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.
industrial communication; network security; security configuration
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf
ACM
Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA
Pittsburgh, PA, USA
ACM Internet Measurement Conference 2020
October 27-29, 2020
978-1-4503-8138-3/20/10
10.1145/3419394.3423666
1
MarkusDahlmanns
JohannesLohmöller
Ina BereniceFink
JanPennekamp
KlausWehrle
MartinHenze
inproceedings
2020-kirchhof-wowmom-ccncps
Improving MAC Protocols for Wireless Industrial Networks via Packet Prioritization and Cooperation
2020
8
31
internet-of-production, reflexes
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-kirchhof-wireless-mac-improvements.pdf
IEEE Computer Society
online
International Symposium on a World of Wireless, Mobile and Multimedia Networks: Workshop on Communication, Computing, and Networking in Cyber Physical Systems (WoWMoM-CCNCPS'2020), August 31 - September 3, 2020, Cork, Ireland
Cork, Ireland
August 31 - September 3, 2020
10.1109/WoWMoM49955.2020.00068
1
Jörg ChristianKirchhof
MartinSerror
RenéGlebke
KlausWehrle
article
2020_niemietz_stamping
Stamping Process Modelling in an Internet of Production
Procedia Manufacturing
2020
7
11
49
61-68
Sharing data between companies throughout the supply chain is expected to be beneficial for product quality as well as for the economical savings in the manufacturing industry. To utilize the available data in the vision of an Internet of Production (IoP) a precise condition monitoring of manufacturing and production processes that facilitates the quantification of influences throughout the supply chain is inevitable. In this paper, we consider stamping processes in the context of an Internet of Production and the preliminaries for analytical models that utilize the ever-increasing available data. Three research objectives to cope with the amount of data and for a methodology to monitor, analyze and evaluate the influence of available data onto stamping processes have been identified: (i) State detection based on cyclic sensor signals, (ii) mapping of in- and output parameter variations onto process states, and (iii) models for edge and in-network computing approaches. After discussing state-of-the-art approaches to monitor stamping processes and the introduction of the fineblanking process as an exemplary stamping process, a research roadmap for an IoP enabling modeling framework is presented.
Proceedings of the 8th International Conference on Through-Life Engineering Service (TESConf '19), October 27-29, 2019, Cleveland, OH, USA
Stamping Process; Industry 4.0; Fine-blanking; Internet of production; Condition monitoring; Data analytics
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-niemietz-stamping-modelling.pdf
Elsevier
Cleveland, OH, USA
October 27-29, 2019
2351-9789
10.1016/j.promfg.2020.06.012
1
PhilippNiemietz
JanPennekamp
IkeKunze
DanielTrauth
KlausWehrle
ThomasBergs
inproceedings
2020_pennekamp_supply_chain_sensing
Secure End-to-End Sensing in Supply Chains
2020
7
1
Trust along digitalized supply chains is challenged by the aspect that monitoring equipment may not be trustworthy or unreliable as respective measurements originate from potentially untrusted parties. To allow for dynamic relationships along supply chains, we propose a blockchain-backed supply chain monitoring architecture relying on trusted hardware. Our design provides a notion of secure end-to-end sensing of interactions even when originating from untrusted surroundings. Due to attested checkpointing, we can identify misinformation early on and reliably pinpoint the origin. A blockchain enables long-term verifiability for all (now trustworthy) IoT data within our system even if issues are detected only after the fact. Our feasibility study and cost analysis further show that our design is indeed deployable in and applicable to today's supply chain settings.
supply chain; trusted computing; trusted execution; blockchain; Internet of Production; condition monitoring
internet-of-production
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-supply-chain-sensing.pdf
IEEE
Proceedings of the 5th International Workshop on Cyber-Physical Systems Security (CPS-Sec '20), co-located with the 8th IEEE Conference on Communications and Network Security (CNS '20), June 29-July 1, 2020, Avignon, France
Avignon, France
June 29-July 1, 2020
978-1-7281-4760-4
10.1109/CNS48642.2020.9162337
1
JanPennekamp
FritzAlder
RomanMatzutt
Jan TobiasMühlberg
FrankPiessens
KlausWehrle
inproceedings
2020_pennekamp_supply_chain_accountability
Private Multi-Hop Accountability for Supply Chains
2020
6
7
Today's supply chains are becoming increasingly flexible in nature. While adaptability is vastly increased, these more dynamic associations necessitate more extensive data sharing among different stakeholders while simultaneously overturning previously established levels of trust. Hence, manufacturers' demand to track goods and to investigate root causes of issues across their supply chains becomes more challenging to satisfy within these now untrusted environments. Complementarily, suppliers need to keep any data irrelevant to such routine checks secret to remain competitive. To bridge the needs of contractors and suppliers in increasingly flexible supply chains, we thus propose to establish a privacy-preserving and distributed multi-hop accountability log among the involved stakeholders based on Attribute-based Encryption and backed by a blockchain. Our large-scale feasibility study is motivated by a real-world manufacturing process, i.e., a fine blanking line, and reveals only modest costs for multi-hop tracing and tracking of goods.
supply chain; multi-hop tracking and tracing; blockchain; attribute-based encryption; Internet of Production
internet-of-production
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-supply-chain-privacy.pdf
IEEE
Proceedings of the 2020 IEEE International Conference on Communications Workshops (ICC Workshops '20), 1st Workshop on Blockchain for IoT and Cyber-Physical Systems (BIoTCPS '20), June 7-11, 2020, Dublin, Ireland
Dublin, Ireland
June 7-11, 2020
978-1-7281-7440-2
2474-9133
10.1109/ICCWorkshops49005.2020.9145100
1
JanPennekamp
LennartBader
RomanMatzutt
PhilippNiemietz
DanielTrauth
MartinHenze
ThomasBergs
KlausWehrle
article
2020_gleim_factDAG
FactDAG: Formalizing Data Interoperability in an Internet of Production
IEEE Internet of Things Journal
2020
4
14
7
4
3243-3253
In the production industry, the volume, variety and velocity of data as well as the number of deployed protocols increase exponentially due to the influences of IoT advances. While hundreds of isolated solutions exist to utilize this data, e.g., optimizing processes or monitoring machine conditions, the lack of a unified data handling and exchange mechanism hinders the implementation of approaches to improve the quality of decisions and processes in such an interconnected environment.
The vision of an Internet of Production promises the establishment of a Worldwide Lab, where data from every process in the network can be utilized, even interorganizational and across domains. While numerous existing approaches consider interoperability from an interface and communication system perspective, fundamental questions of data and information interoperability remain insufficiently addressed.
In this paper, we identify ten key issues, derived from three distinctive real-world use cases, that hinder large-scale data interoperability for industrial processes. Based on these issues we derive a set of five key requirements for future (IoT) data layers, building upon the FAIR data principles. We propose to address them by creating FactDAG, a conceptual data layer model for maintaining a provenance-based, directed acyclic graph of facts, inspired by successful distributed version-control and collaboration systems. Eventually, such a standardization should greatly shape the future of interoperability in an interconnected production industry.
Data Management; Data Versioning; Interoperability; Industrial Internet of Things; Worldwide Lab
internet-of-production
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-iotj-iop-interoperability.pdf
IEEE
2327-4662
10.1109/JIOT.2020.2966402
1
LarsGleim
JanPennekamp
MartinLiebenberg
MelanieBuchsbaum
PhilippNiemietz
SimonKnape
AlexanderEpple
SimonStorms
DanielTrauth
ThomasBergs
ChristianBrecher
StefanDecker
GerhardLakemeyer
KlausWehrle
inproceedings
2020_roepert_opcua
Assessing the Security of OPC UA Deployments
2020
4
2
To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf
en
University of Tübingen
Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany
Tübingen, Germany
April 2-3, 2020
10.15496/publikation-41813
1
LinusRoepert
MarkusDahlmanns
Ina BereniceFink
JanPennekamp
MartinHenze
article
2020_mann_welding_layers
Connected, digitalized welding production — Secure, ubiquitous utilization of data across process layers
Advanced Structured Materials
2020
4
1
125
101-118
A connected, digitalized welding production unlocks vast and dynamic potentials: from improving state of the art welding to new business models in production. For this reason, offering frameworks, which are capable of addressing multiple layers of applications on the one hand and providing means of data security and privacy for ubiquitous dataflows on the other hand, is an important step to enable the envisioned advances. In this context, welding production has been introduced from the perspective of interlaced process layers connecting information sources across various entities. Each layer has its own distinct challenges from both a process view and a data perspective. Besides, investigating each layer promises to reveal insight into (currently unknown) process interconnections. This approach has been substantiated by methods for data security and privacy to draw a line between secure handling of data and the need of trustworthy dealing with sensitive data among different parties and therefore partners. In conclusion, the welding production has to develop itself from an accumulation of local and isolated data sources towards a secure industrial collaboration in an Internet of Production.
Proceedings of the 1st International Conference on Advanced Joining Processes (AJP '19)
Welding Production; Industrie 4.0; Internet of Production; Data Security; Data Privacy
Internet-of-Production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-mann-welding-layers.pdf
Springer
Ponta Delgada, Azores, Portugal
October 24-25, 2019
978-981-15-2956-6
1869-8433
10.1007/978-981-15-2957-3_8
1
SamuelMann
JanPennekamp
TobiasBrockhoff
AnahitaFarhang
MahsaPourbafrani
LukasOster
Merih SeranUysal
RahulSharma
UweReisgen
KlausWehrle
Wilvan der Aalst
inproceedings
2019-glebke-in-network-cv
Towards Executing Computer Vision Functionality on Programmable Network Devices
2019
12
9
reflexes,maki,internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-in-network-cv.pdf
Online
ACM
1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms (ENCP '19)
en
978-1-4503-7000-4/19/12
10.1145/3359993.3366646
1
RenéGlebke
JohannesKrude
IkeKunze
JanRüth
FelixSenger
KlausWehrle
inproceedings
2019_pennekamp_securityConsiderations
Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs
2019
12
4
The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.
secure industrial collaboration; interconnected cyber-physical systems; stakeholders; Internet of Production
internet-of-production; iotrust
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-security-considerations.pdf
IEEE
Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT '19), December 4–7, 2019, Dubai, United Arab Emirates
Dubai, United Arab Emirates
December 4–7, 2019
978-1-7281-4873-1
10.1109/GCIoT47977.2019.9058413
1
JanPennekamp
MarkusDahlmanns
LarsGleim
StefanDecker
KlausWehrle
inproceedings
2019_pennekamp_dataflows
Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective
2019
11
11
27-38
The Internet of Production (IoP) envisions the interconnection of previously isolated CPS in the area of manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality as well as reduced product development costs and time to market. This interconnection of CPS will lead to a plethora of new dataflows, especially between (partially) distrusting entities. In this paper, we identify and illustrate these envisioned inter-organizational dataflows and the participating entities alongside two real-world use cases from the production domain: a fine blanking line and a connected job shop. Our analysis allows us to identify distinct security and privacy demands and challenges for these new dataflows. As a foundation to address the resulting requirements, we provide a survey of promising technical building blocks to secure inter-organizational dataflows in an IoP and propose next steps for future research. Consequently, we move an important step forward to overcome security and privacy concerns as an obstacle for realizing the promised potentials in an Internet of Production.
Internet of Production; dataflows; Information Security
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-dataflows.pdf
ACM
Proceedings of the 5th ACM Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '19), co-located with the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom
London, United Kingdom
November 11-15, 2019
978-1-4503-6831-5/19/11
10.1145/3338499.3357357
1
JanPennekamp
MartinHenze
SimoSchmidt
PhilippNiemietz
MarcelFey
DanielTrauth
ThomasBergs
ChristianBrecher
KlausWehrle
inproceedings
2019-hiller-lcn-sessionsharing
The Case for Session Sharing: Relieving Clients from TLS Handshake Overheads
2019
10
14
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-lcn-case_for_tls_session_sharing.pdf
IEEE
IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), Osnabrück, Germany
Osnabrück, Germany
44th IEEE Conference on Local Computer Networks (LCN)
October 14-17, 2019
en
978-1-7281-2561-9
10.1109/LCNSymposium47956.2019.9000667
1
JensHiller
MartinHenze
TorstenZimmermann
OliverHohlfeld
KlausWehrle
inproceedings
2019-hiller-icnp-tailoringOR
Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments
2019
10
10
An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888033
1
JensHiller
JanPennekamp
MarkusDahlmanns
MartinHenze
AndriyPanchenko
KlausWehrle
inproceedings
2019-dahlmanns-icnp-knowledgeSystem
Privacy-Preserving Remote Knowledge System
2019
10
7
More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.
Poster Session
private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer
kimusin; internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888121
1
MarkusDahlmanns
ChrisDax
RomanMatzutt
JanPennekamp
JensHiller
KlausWehrle
inproceedings
2019_pennekamp_infrastructure
Towards an Infrastructure Enabling the Internet of Production
2019
5
8
31-37
New levels of cross-domain collaboration between manufacturing companies throughout the supply chain are anticipated to bring benefits to both suppliers and consumers of products. Enabling a fine-grained sharing and analysis of data among different stakeholders in an automated manner, such a vision of an Internet of Production (IoP) introduces demanding challenges to the communication, storage, and computation infrastructure in production environments. In this work, we present three example cases that would benefit from an IoP (a fine blanking line, a high pressure die casting process, and a connected job shop) and derive requirements that cannot be met by today’s infrastructure. In particular, we identify three orthogonal research objectives: (i) real-time control of tightly integrated production processes to offer seamless low-latency analysis and execution, (ii) storing and processing heterogeneous production data to support scalable data stream processing and storage, and (iii) secure privacy-aware collaboration in production to provide a basis for secure industrial collaboration. Based on a discussion of state-of-the-art approaches for these three objectives, we create a blueprint for an infrastructure acting as an enabler for an IoP.
Internet of Production; Cyber-Physical Systems; Data Processing; Low Latency; Secure Industrial Collaboration
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-iop-infrastructure.pdf
IEEE
Proceedings of the 2nd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '19), May 6-9, 2019, Taipei, TW
Taipei, TW
May 6-9, 2019
978-1-5386-8500-6/19
10.1109/ICPHYS.2019.8780276
1
JanPennekamp
RenéGlebke
MartinHenze
TobiasMeisen
ChristophQuix
RihanHai
LarsGleim
PhilippNiemietz
MaximilianRudack
SimonKnape
AlexanderEpple
DanielTrauth
UweVroomen
ThomasBergs
ChristianBrecher
AndreasBührig-Polaczek
MatthiasJarke
KlausWehrle
article
2019_henze_flexible_netzwerkstrukturen_iop
Flexible Netzwerkarchitekturen für das Internet of Production
ITG-news
2019
4
02/2019
7-8
internet-of-production,reflexes
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-henze-itg-iop-networkarchitectures.pdf
Informationstechnische Gesellschaft im VDE
Frankfurt am Main
MartinHenze
RenéGlebke
KlausWehrle
inproceedings
2019-glebke-hicss-integrated
A Case for Integrated Data Processing in Large-Scale Cyber-Physical Systems
2019
1
8
7252-7261
internet-of-production,reflexes
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-integrated.pdf
Online
University of Hawai'i at Manoa / AIS
Proceedings of the 52nd Hawaii International Conference on System Sciences (HICSS), Wailea, HI, USA
en
978-0-9981331-2-6
10.24251/HICSS.2019.871
1
RenéGlebke
MartinHenze
KlausWehrle
PhilippNiemietz
DanielTrauth
PatrickMattfeld
ThomasBergs
inproceedings
2018-bader-ethereum-car-insurance
Smart Contract-based Car Insurance Policies
2018
12
9
mynedata, internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-bader-ethereum-car-insurance.pdf
https://ieeexplore.ieee.org/document/8644136
IEEE
2018 IEEE Globecom Workshops (GC Wkshps)
Abu Dhabi, United Arab Emirates
1st International Workshop on Blockchain in IoT, co-located with IEEE Globecom 2018
2018-12-09
10.1109/GLOCOMW.2018.8644136
1
LennartBader
Jens ChristophBürger
RomanMatzutt
KlausWehrle