% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-19 % Creation time: 22-18-16 % --- Number of references % 59 % @Inproceedings { 2024_dahlmanns_ipv6-deployments, title = {Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet}, year = {2024}, month = {5}, day = {10}, abstract = {Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39\% of deployments have access control in place and only 6.2\% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.}, keywords = {Internet of Things, security, Internet measurements, IPv6, address generators}, tags = {internet-of-production}, publisher = {IEEE}, booktitle = {Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea}, event_place = {Seoul, Korea}, event_name = {2024 IEEE Network Operations and Management Symposium}, event_date = {May 6-10, 2024}, state = {accepted}, reviewed = {1}, author = {Dahlmanns, Markus and Heidenreich, Felix and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2024-dahlmanns-doctoralsym, title = {Protocol Security in the Industrial Internet of Things}, year = {2024}, month = {5}, day = {10}, abstract = {Advances like Industry 4.0 lead to a rising number of Internet-connected industrial deployments and thus an Industrial Internet of Things with growing attack vectors. To uphold a secure and safe operation of these deployments, industrial protocols nowadays include security features, e.g., end-to-end secure communication. However, so far, it is unclear how well these features are used in practice and which obstacles might prevent operators from securely running their deployments. In this research description paper, we summarize our recent research activities to close this gap. Specifically, we show that even secure-by-design protocols are by far no guarantee for secure deployments. Instead, many deployments still open the doors for eavesdropping attacks or malicious takeovers. Additionally, we give an outlook on how to overcome identified obstacles allowing operators to configure their deployments more securely.}, publisher = {IEEE}, booktitle = {Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea}, event_place = {Seoul, Korea}, event_name = {2024 IEEE Network Operations and Management Symposium}, event_date = {May 6-10, 2024}, state = {accepted}, reviewed = {1}, author = {Dahlmanns, Markus and Wehrle, Klaus} } @Poster { 2024-dahlmanns-sul, title = {Poster: Trusted Execution Environment-basierte Sicherheit für digitale Umspannwerke}, year = {2024}, month = {3}, day = {5}, number = {19}, tags = {ven2us}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-slt.pdf}, organization = {VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik, March 05-06, 2024, Leipzig, Germany}, event_place = {Leipzig, Germany}, event_name = {VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik}, event_date = {March 05-06, 2024}, reviewed = {1}, author = {Dahlmanns, Markus and Wark, Andreas and Genzel, Carl-Heinz and Wehrle, Klaus} } @Inproceedings { 2024-dahlmanns-fps, title = {Collectively Enhancing IoT Security: A Privacy-Aware Crowd-Sourcing Approach}, year = {2024}, volume = {14551}, abstract = {Security configurations remain challenging for trained administrators. Nowadays, due to the advent of the Internet of Things (IoT), untrained users operate numerous and heterogeneous Internet-facing services in manifold use case-specific scenarios. In this work, we close the growing gap between the complexity of IoT security configuration and the expertise of the affected users. To this end, we propose ColPSA, a platform for collective and privacy-aware security advice that allows users to optimize their configuration by exchanging information about what security can be realized given their IoT deployment and scenario.}, editor = {Mohamed Mosbah, Florence S{\`e}des, Nadia Tawbi, Toufik Ahmed, Nora Boulahia-Cuppens, Joaquin Garcia-Alfaro}, publisher = {Springer Cham}, series = {Lecture Notes in Computer Science}, booktitle = {Proceedings of the 16th International Symposium on Foundations and Practice of Security (FPS '23), December 11-13, 2023, Bordeaux, France}, event_place = {Bordeaux, France}, event_name = {International Symposium on Foundations and Practice of Security 2023 (FPS 23)}, event_date = {December 11-13, 2023}, state = {unpublished}, DOI = {10.1007/978-3-031-57540-2_2}, reviewed = {1}, author = {Dahlmanns, Markus and Matzutt, Roman and Dax, Chris and Wehrle, Klaus} } @Inproceedings { 2023_lohmoeller_transparency, title = {Poster: Bridging Trust Gaps: Data Usage Transparency in Federated Data Ecosystems}, year = {2023}, month = {11}, day = {27}, keywords = {data usage control; data ecosystems; transparency logs}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lohmoeller-transparency.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23), November 26-30, 2023, Copenhagen, Denmark}, event_place = {Copenhagen, Denmark}, event_date = {November 26-30, 2023}, ISBN = {979-8-4007-0050-7/23/11}, DOI = {10.1145/3576915.3624371}, reviewed = {1}, author = {Lohm{\"o}ller, Johannes and Vlad, Eduard and Dahlmanns, Markus and Wehrle, Klaus} } @Article { 2023_pennekamp_purchase_inquiries, title = {Offering Two-Way Privacy for Evolved Purchase Inquiries}, journal = {ACM Transactions on Internet Technology}, year = {2023}, month = {11}, day = {17}, volume = {23}, number = {4}, abstract = {Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness. Related work overlooks this issue so far: Existing approaches only protect the information of a single party only, hindering dynamic and on-demand business relationships. To account for the corresponding research gap of inadequately privacy-protected information and to deal with companies without an established trust relation, we pursue the direction of innovative privacy-preserving purchase inquiries that seamlessly integrate into today's established supplier management and procurement processes. Utilizing well-established building blocks from private computing, such as private set intersection and homomorphic encryption, we propose two designs with slightly different privacy and performance implications to securely realize purchase inquiries over the Internet. In particular, we allow buyers to consider more potential sellers without sharing sensitive information and relieve sellers of the burden of repeatedly preparing elaborate yet discarded offers. We demonstrate our approaches' scalability using two real-world use cases from the domain of production technology. Overall, we present deployable designs that offer two-way privacy for purchase inquiries and, in turn, fill a gap that currently hinders establishing dynamic and flexible business relationships. In the future, we expect significantly increasing research activity in this overlooked area to address the needs of an evolving production landscape.}, keywords = {bootstrapping procurement; secure industrial collaboration; private set intersection; homomorphic encryption; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-purchase-inquiries.pdf}, publisher = {ACM}, ISSN = {1533-5399}, DOI = {10.1145/3599968}, reviewed = {1}, author = {Pennekamp, Jan and Dahlmanns, Markus and Fuhrmann, Frederik and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2023-dahlmanns-docker, title = {Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact}, year = {2023}, month = {7}, day = {10}, pages = {797-811}, abstract = {Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5\% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.}, keywords = {network security; security configuration; secret leakage; container}, tags = {ven2us, internet-of-production,}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia}, event_place = {Melbourne, VIC, Australia}, event_name = {ASIA CCS '23}, event_date = {July 10-14, 2023}, ISBN = {979-8-4007-0098-9/23/07}, DOI = {10.1145/3579856.3590329}, reviewed = {1}, author = {Dahlmanns, Markus and Sander, Constantin and Decker, Robin and Wehrle, Klaus} } @Article { Jakobs_2023_3, title = {Preserving the Royalty-Free Standards Ecosystem}, journal = {European Intellectual Property Review}, year = {2023}, month = {7}, volume = {45}, number = {7}, pages = {371-375}, abstract = {It has long been recognized in Europe and elsewhere that standards-development organizations (SDOs) may adopt policies that require their participants to license patents essential to the SDO’s standards (standards-essential patents or SEPs) to manufacturers of standardized products (“implementers”) on a royalty-free (RF) basis. This requirement contrasts with SDO policies that permit SEP holders to charge implementers monetary patent royalties, sometimes on terms that are specified as “fair, reasonable and nondiscriminatory” (FRAND). As demonstrated by two decades of intensive litigation around the world, FRAND royalties have given rise to intractable disputes regarding the manner in which such royalties should be calculated and adjudicated. In contrast, standards distributed on an RF basis are comparatively free from litigation and the attendant transaction costs. Accordingly, numerous SDOs around the world have adopted RF licensing policies and many widely adopted standards, including Bluetooth, USB, IPv6, HTTP, HTML and XML, are distributed on an RF basis. This note briefly discusses the commercial considerations surrounding RF standards, the relationship between RF standards and open source software (OSS) and the SDO policy mechanisms – including “universal reciprocity” -- that enable RF licensing to succeed in the marketplace.}, ISSN = {0142-0461}, DOI = {10.2139/ssrn.4235647}, reviewed = {1}, author = {Contreras, Jorge and Bekkers, Rudi and Biddle, Brad and Bonadio, Enrico and Carrier, Michael A. and Chao, Bernard and Duan, Charles and Gilbert, Richard and Henkel, Joachim and Hovenkamp, Erik and Husovec, Martin and Jakobs, Kai and Kim, Dong-hyu and Lemley, Mark A. and Love, Brian J. and McDonagh, Luke and Scott Morton, Fiona M. and Schultz, Jason and Simcoe, Timothy and Urban, Jennifer M. and Xiang, Joy Y} } @Incollection { 2023_pennekamp_crd-a.i, title = {Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead}, year = {2023}, month = {2}, day = {8}, pages = {35-60}, abstract = {The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.}, keywords = {Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_2}, reviewed = {1}, author = {Pennekamp, Jan and Belova, Anastasiia and Bergs, Thomas and Bodenbenner, Matthias and B{\"u}hrig-Polaczek, Andreas and Dahlmanns, Markus and Kunze, Ike and Kr{\"o}ger, Moritz and Geisler, Sandra and Henze, Martin and L{\"u}tticke, Daniel and Montavon, Benjamin and Niemietz, Philipp and Ortjohann, Lucia and Rudack, Maximilian and Schmitt, Robert H. and Vroomen, Uwe and Wehrle, Klaus and Zeng, Michael} } @Inproceedings { 2023-lorz-cired, title = {Interconnected grid protection systems - reference grid for testing an adaptive protection scheme}, year = {2023}, pages = {3286-3290}, tags = {ven2us}, booktitle = {27th International Conference on Electricity Distribution (CIRED 2023), Rome, Italy, June 12-15, 2023}, event_place = {Rome, Italy}, event_name = {International Conference \& Exhibition on Electricity Distribution (CIRED)}, event_date = {June 12-15, 2023}, DOI = {10.1049/icp.2023.0864}, reviewed = {1}, author = {Lorz, Tobias and Jaeger, Johann and Selimaj, Antigona and Hacker, Immanuel and Ulbig, Andreas and Heckel, Jan-Peter and Becker, Christian and Dahlmanns, Markus and Fink, Ina Berenice and Wehrle, Klaus and Erichsen, Gerrit and Schindler, Michael and Luxenburger, Rainer and Lin, Guosong} } @Inproceedings { 2022_dahlmanns_tlsiiot, title = {Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things}, year = {2022}, month = {5}, day = {31}, pages = {252-266}, abstract = {The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space. Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 \% vs. 0.4 \%), the overall adoption of TLS is comparably low (6.5 \% of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 \% of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.}, keywords = {industrial communication; network security; security configuration}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan}, event_place = {Nagasaki, Japan}, event_name = {ASIACCS '22}, event_date = {May 30-June 3, 2022}, ISBN = {978-1-4503-9140-5/22/05}, DOI = {10.1145/3488932.3497762}, reviewed = {1}, author = {Dahlmanns, Markus and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Bodenhausen, J{\"o}rn and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2022_kus_iids_generalizability, title = {A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection}, year = {2022}, month = {5}, day = {30}, pages = {73-84}, abstract = {Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 \%. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 \% and 14.7 \% for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.}, keywords = {anomaly detection; machine learning; industrial control system}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan}, ISBN = {978-1-4503-9176-4/22/05}, DOI = {10.1145/3494107.3522773}, reviewed = {1}, author = {Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wolsing, Konrad and Fink, Ina Berenice and Dahlmanns, Markus and Wehrle, Klaus and Henze, Martin} } @Article { 2022_brauner_iop, title = {A Computer Science Perspective on Digital Transformation in Production}, journal = {ACM Transactions on Internet of Things}, year = {2022}, month = {5}, day = {1}, volume = {3}, number = {2}, abstract = {The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality.}, keywords = {Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf}, publisher = {ACM}, ISSN = {2691-1914}, DOI = {10.1145/3502265}, reviewed = {1}, author = {Brauner, Philipp and Dalibor, Manuela and Jarke, Matthias and Kunze, Ike and Koren, Istv{\'a}n and Lakemeyer, Gerhard and Liebenberg, Martin and Michael, Judith and Pennekamp, Jan and Quix, Christoph and Rumpe, Bernhard and van der Aalst, Wil and Wehrle, Klaus and Wortmann, Andreas and Ziefle, Martina} } @Techreport { draft-irtf-coinrg-use-cases-02, title = {Use Cases for In-Network Computing}, year = {2022}, month = {3}, number = {draft-irtf-coinrg-use-cases-02}, note = {expires: 8 September 2022 (work in progress)}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/draft-irtf-coinrg-use-cases-02.pdf}, web_url = {https://datatracker.ietf.org/doc/draft-irtf-coinrg-use-cases/}, misc2 = {Online}, publisher = {IETF Trust}, series = {Internet Drafts}, organization = {Internet Engineering Task Force}, institution = {Internet Engineering Task Force}, author = {Kunze, Ike and Wehrle, Klaus and Trossen, Dirk and Montpetit, Marie-Jos{\'e} and de Foy, Xavier and Griffin, David and Rio, Miguel} } @Inproceedings { lorenz-ven2us-2022, title = {Interconnected network protection systems - the basis for the reliable and safe operation of distribution grids with a high penetration of renewable energies and electric vehicle}, year = {2022}, abstract = {Power grids are increasingly faced with the introduction of decentralized, highly volatile power supplies from renewable energies and high loads occurring from e-mobility. However, today’s static grid protection cannot manage all upcoming conditions while providing a high level of dependability and security. It forms a bottleneck of a future decarbonizing grid development. In our research project, we develop and verify an adaptive grid protection algorithm. It calculates situation dependent protection parameters for the event of power flow shifts and topology changes caused by volatile power supplies due to the increase of renewable generation and the rapid expansion of e-mobility. As a result the distribution grid can be operated with the optimally adapted protection parameters and functions for changing operating states. To safely adjust the values on protection hardware in the field, i.e., safe from hardware failures and cyberattacks, we research resilient and secure communication concepts for the adaptive and interconnected grid protection system. Finally, we validate our concept and system by demonstrations in the laboratory and field tests.}, tags = {ven2us}, booktitle = {Proceedings of the CIRED workshop on E-mobility and power distribution systems 2022, June 2-3, 2022, Porto, Portugal}, event_place = {Porto}, event_name = {CIRED workshop on E-mobility and power distribution systems 2022}, event_date = {June 2-3, 2022}, DOI = {10.1049/icp.2022.0768}, reviewed = {1}, author = {Lorenz, Matthias and Pletzer, Tobias Markus and Schuhmacher, Malte and Sowa, Torsten and Dahms, Michael and Stock, Simon and Babazadeh, Davood and Becker, Christian and Jaeger, Johann and Lorz, Tobias and Dahlmanns, Markus and Fink, Ina Berenice and Wehrle, Klaus and Ulbig, Andreas and Linnartz, Philipp and Selimaj, Antigona and Offergeld, Thomas} } @Inproceedings { 2021_pennekamp_laser, title = {Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use}, year = {2021}, month = {12}, day = {21}, abstract = {Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf}, publisher = {ACSA}, booktitle = {Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_name = {Learning from Authoritative Security Experiment Results (LASER '20)}, event_date = {December 8, 2020}, ISBN = {978-1-891562-81-5}, DOI = {10.14722/laser-acsac.2020.23088}, reviewed = {1}, author = {Pennekamp, Jan and Buchholz, Erik and Dahlmanns, Markus and Kunze, Ike and Braun, Stefan and Wagner, Eric and Brockmann, Matthias and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2021_pennekamp_bootstrapping, title = {Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships}, year = {2021}, month = {11}, day = {15}, number = {RWTH-2021-09499}, abstract = {In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment.}, keywords = {bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf}, publisher = {RWTH Aachen University}, booktitle = {Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, institution = {RWTH Aachen University}, event_place = {Seoul, Korea}, event_date = {November 14, 2021}, DOI = {10.18154/RWTH-2021-09499}, author = {Pennekamp, Jan and Fuhrmann, Frederik and Dahlmanns, Markus and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Article { 2021_matzutt_coinprune_v2, title = {CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively}, journal = {IEEE Transactions on Network and Service Management}, year = {2021}, month = {9}, day = {10}, volume = {18}, number = {3}, pages = {3064-3078}, abstract = {Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf}, language = {English}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2021.3073270}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2021_mangel_reshare, title = {Data Reliability and Trustworthiness through Digital Transmission Contracts}, year = {2021}, month = {6}, day = {8}, volume = {12731}, pages = {265-283}, abstract = {As decision-making is increasingly data-driven, trustworthiness and reliability of the underlying data, e.g., maintained in knowledge graphs or on the Web, are essential requirements for their usability in the industry. However, neither traditional solutions, such as paper-based data curation processes, nor state-of-the-art approaches, such as distributed ledger technologies, adequately scale to the complex requirements and high throughput of continuously evolving industrial data. Motivated by a practical use case with high demands towards data trustworthiness and reliability, we identify the need for digitally-verifiable data immutability as a still insufficiently addressed dimension of data quality. Based on our discussion of shortcomings in related work, we thus propose ReShare, our novel concept of digital transmission contracts with bilateral signatures, to address this open issue for both RDF knowledge graphs and arbitrary data on the Web. Our quantitative evaluation of ReShare’s performance and scalability reveals only moderate computation and communication overhead, indicating significant potential for cost-reductions compared to today’s approaches. By cleverly integrating digital transmission contracts with existing Web-based information systems, ReShare provides a promising foundation for data sharing and reuse in Industry 4.0 and beyond, enabling digital accountability through easily-adoptable digitally-verifiable data immutability and non-repudiation.}, note = {Lecture Notes in Computer Science (LNCS), Volume 12731}, keywords = {Digital transmission contracts; Trust; Data immutability; Non-repudiation; Accountability; Data dynamics; Linked Data; Knowledge graphs}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mangel-eswc-reshare.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 18th Extended Semantic Web Conference (ESWC '21), June 6-10, 2021, Heraklion, Greece}, event_place = {Heraklion, Greece}, event_date = {June 6-10, 2021}, ISBN = {978-3-030-77384-7}, ISSN = {0302-9743}, DOI = {10.1007/978-3-030-77385-4_16}, reviewed = {1}, author = {Mangel, Simon and Gleim, Lars and Pennekamp, Jan and Wehrle, Klaus and Decker, Stefan} } @Inproceedings { 2021_gleim_factstack, title = {FactStack: Interoperable Data Management and Preservation for the Web and Industry 4.0}, year = {2021}, month = {5}, day = {31}, volume = {P-312}, pages = {371-395}, abstract = {Data exchange throughout the supply chain is essential for the agile and adaptive manufacturing processes of Industry 4.0. As companies employ numerous, frequently mutually incompatible data management and preservation approaches, interorganizational data sharing and reuse regularly requires human interaction and is thus associated with high overhead costs. An interoperable system, supporting the unified management, preservation and exchange of data across organizational boundaries is missing to date. We propose FactStack, a unified approach to data management and preservation based upon a novel combination of existing Web-standards and tightly integrated with the HTTP protocol itself. Based on the FactDAG model, FactStack guides and supports the full data lifecycle in a FAIR and interoperable manner, independent of individual software solutions and backward-compatible with existing resource oriented architectures. We describe our reference implementation of the approach and evaluate its performance, showcasing scalability even to high-throughput applications. We analyze the system's applicability to industry using a representative real-world use case in aircraft manufacturing based on principal requirements identified in prior work. We conclude that FactStack fulfills all requirements and provides a promising solution for the on-demand integration of persistence and provenance into existing resource-oriented architectures, facilitating data management and preservation for the agile and interorganizational manufacturing processes of Industry 4.0. Through its open source distribution, it is readily available for adoption by the community, paving the way for improved utility and usability of data management and preservation in digital manufacturing and supply chains.}, note = {Lecture Notes in Informatics (LNI), Volume P-312}, keywords = {Web Technologies; Data Management; Memento; Persistence; PID; Industry 4.0}, tags = {internet-of-production}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2021/2021-gleim-btw-iop-interoperability-realization.pdf}, publisher = {Gesellschaft f{\"u}r Informatik}, booktitle = {Proceedings of the 19th Symposium for Database Systems for Business, Technology and Web (BTW '21), September 13-17, 2021, Dresden, Germany}, event_place = {Dresden, Germany}, event_date = {September 13-17, 2021}, ISBN = {978-3-88579-705-0}, ISSN = {1617-5468}, DOI = {10.18420/btw2021-20}, reviewed = {1}, author = {Gleim, Lars and Pennekamp, Jan and Tirpitz, Liam and Welten, Sascha and Brillowski, Florian and Decker, Stefan} } @Inproceedings { 2021_dahlmanns_entrust, title = {Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems}, year = {2021}, month = {4}, day = {28}, pages = {78–87}, abstract = {The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems.}, keywords = {cyber-physical system security; publish-subscribe security; end-to-end security}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA}, event_place = {Virtual Event, USA}, event_name = {ACM Workshop on Secure and Trustworthy Cyber-Physical Systems}, event_date = {April 28, 2021}, ISBN = {978-1-4503-8319-6/21/04}, DOI = {10.1145/3445969.3450423}, reviewed = {1}, author = {Dahlmanns, Markus and Pennekamp, Jan and Fink, Ina Berenice and Schoolmann, Bernd and Wehrle, Klaus and Henze, Martin} } @Article { 2021-wehrle-energy, title = {A Novel Receiver Design for Energy Packet‐Based Dispatching}, journal = {Energy Technology}, year = {2021}, volume = {9}, number = {2}, DOI = {10.1002/ente.202000937}, reviewed = {1}, author = {Wiegel, Friedirch and De Din, Edoardo and Monti, Antonello and Wehrle, Klaus and Hiller, Marc and Zitterbart, Martina and Hagenmeyer, Veit} } @Inproceedings { 2020_pennekamp_parameter_exchange, title = {Privacy-Preserving Production Process Parameter Exchange}, year = {2020}, month = {12}, day = {10}, pages = {510-525}, abstract = {Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging valuable production data entails the risk of improper use of potentially sensitive information. Therefore, companies hesitate to offer their production data, e.g., process parameters that would allow other companies to establish new production lines faster, against a quid pro quo. Nevertheless, the expected benefits of industrial collaboration, data exchanges, and the utilization of external knowledge are significant. In this paper, we introduce our Bloom filter-based Parameter Exchange (BPE), which enables companies to exchange process parameters privacy-preservingly. We demonstrate the applicability of our platform based on two distinct real-world use cases: injection molding and machine tools. We show that BPE is both scalable and deployable for different needs to foster industrial collaborations. Thereby, we reward data-providing companies with payments while preserving their valuable data and reducing the risks of data leakage.}, keywords = {secure industrial collaboration; Bloom filter; oblivious transfer; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-parameter-exchange.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_date = {December 7-11, 2020}, ISBN = {978-1-4503-8858-0/20/12}, DOI = {10.1145/3427228.3427248}, reviewed = {1}, author = {Pennekamp, Jan and Buchholz, Erik and Lockner, Yannik and Dahlmanns, Markus and Xi, Tiandong and Fey, Marcel and Brecher, Christian and Hopmann, Christian and Wehrle, Klaus} } @Inproceedings { 2020_delacadena_trafficsliver, title = {TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting}, year = {2020}, month = {11}, day = {12}, pages = {1971-1985}, abstract = {Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only. To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98\% to less than 16\% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network.}, keywords = {Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf}, web_url = {https://github.com/TrafficSliver}, publisher = {ACM}, booktitle = {Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA}, event_place = {Virtual Event, USA}, event_date = {November 9-13, 2020}, ISBN = {978-1-4503-7089-9/20/11}, DOI = {10.1145/3372297.3423351}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Hiller, Jens and Pennekamp, Jan and Reuter, Sebastian and Filter, Julian and Wehrle, Klaus and Engel, Thomas and Panchenko, Andriy} } @Inproceedings { 2020_gleim_factdag_provenance, title = {Expressing FactDAG Provenance with PROV-O}, year = {2020}, month = {11}, day = {1}, volume = {2821}, pages = {53-58}, abstract = {To foster data sharing and reuse across organizational boundaries, provenance tracking is of vital importance for the establishment of trust and accountability, especially in industrial applications, but often neglected due to associated overhead. The abstract FactDAG data interoperability model strives to address this challenge by simplifying the creation of provenance-linked knowledge graphs of revisioned (and thus immutable) resources. However, to date, it lacks a practical provenance implementation. In this work, we present a concrete alignment of all roles and relations in the FactDAG model to the W3C PROV provenance standard, allowing future software implementations to directly produce standard-compliant provenance information. Maintaining compatibility with existing PROV tooling, an implementation of this mapping will pave the way for practical FactDAG implementations and deployments, improving trust and accountability for Open Data through simplified provenance management.}, keywords = {Provenance; Data Lineage; Open Data; Semantic Web Technologies; Ontology Alignment; PROV; RDF; Industry 4.0; Internet of Production; IIoT}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-factdag-provenance.pdf}, publisher = {CEUR Workshop Proceedings}, booktitle = {Proceedings of the 6th Workshop on Managing the Evolution and Preservation of the Data Web (MEPDaW '20), co-located with the 19th International Semantic Web Conference (ISWC '20), November 1-6, 2020, Athens, Greece,}, event_place = {Athens, Greece}, event_date = {November 1-6, 2020}, ISSN = {1613-0073}, reviewed = {1}, author = {Gleim, Lars and Tirpitz, Liam and Pennekamp, Jan and Decker, Stefan} } @Inproceedings { 2020-dahlmanns-imc-opcua, title = {Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments}, year = {2020}, month = {10}, day = {27}, pages = {101-110}, abstract = {Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24\% of hosts), disabled security functionality (24\%), or use of deprecated cryptographic primitives (25\%) on in total 92\% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.}, keywords = {industrial communication; network security; security configuration}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA}, event_place = {Pittsburgh, PA, USA}, event_name = {ACM Internet Measurement Conference 2020}, event_date = {October 27-29, 2020}, ISBN = {978-1-4503-8138-3/20/10}, DOI = {10.1145/3419394.3423666}, reviewed = {1}, author = {Dahlmanns, Markus and Lohm{\"o}ller, Johannes and Fink, Ina Berenice and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2020_matzutt_coinprune, title = {How to Securely Prune Bitcoin’s Blockchain}, year = {2020}, month = {6}, day = {24}, pages = {298-306}, abstract = {Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coinprune.pdf}, web_url = {https://coinprune.comsys.rwth-aachen.de}, publisher = {IEEE}, booktitle = {Proceedings of the 19th IFIP Networking 2020 Conference (NETWORKING '20), June 22-26, 2020, Paris, France}, event_place = {Paris, France}, event_name = {NETWORKING 2020}, event_date = {June 22-26, 2020}, ISBN = {978-3-903176-28-7}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Article { 2020_gleim_factDAG, title = {FactDAG: Formalizing Data Interoperability in an Internet of Production}, journal = {IEEE Internet of Things Journal}, year = {2020}, month = {4}, day = {14}, volume = {7}, number = {4}, pages = {3243-3253}, abstract = {In the production industry, the volume, variety and velocity of data as well as the number of deployed protocols increase exponentially due to the influences of IoT advances. While hundreds of isolated solutions exist to utilize this data, e.g., optimizing processes or monitoring machine conditions, the lack of a unified data handling and exchange mechanism hinders the implementation of approaches to improve the quality of decisions and processes in such an interconnected environment. The vision of an Internet of Production promises the establishment of a Worldwide Lab, where data from every process in the network can be utilized, even interorganizational and across domains. While numerous existing approaches consider interoperability from an interface and communication system perspective, fundamental questions of data and information interoperability remain insufficiently addressed. In this paper, we identify ten key issues, derived from three distinctive real-world use cases, that hinder large-scale data interoperability for industrial processes. Based on these issues we derive a set of five key requirements for future (IoT) data layers, building upon the FAIR data principles. We propose to address them by creating FactDAG, a conceptual data layer model for maintaining a provenance-based, directed acyclic graph of facts, inspired by successful distributed version-control and collaboration systems. Eventually, such a standardization should greatly shape the future of interoperability in an interconnected production industry.}, keywords = {Data Management; Data Versioning; Interoperability; Industrial Internet of Things; Worldwide Lab}, tags = {internet-of-production}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-iotj-iop-interoperability.pdf}, publisher = {IEEE}, ISSN = {2327-4662}, DOI = {10.1109/JIOT.2020.2966402}, reviewed = {1}, author = {Gleim, Lars and Pennekamp, Jan and Liebenberg, Martin and Buchsbaum, Melanie and Niemietz, Philipp and Knape, Simon and Epple, Alexander and Storms, Simon and Trauth, Daniel and Bergs, Thomas and Brecher, Christian and Decker, Stefan and Lakemeyer, Gerhard and Wehrle, Klaus} } @Inproceedings { 2020_roepert_opcua, title = {Assessing the Security of OPC UA Deployments}, year = {2020}, month = {4}, day = {2}, abstract = {To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf}, misc2 = {en}, publisher = {University of T{\"u}bingen}, booktitle = {Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, T{\"u}bingen, Germany}, event_place = {T{\"u}bingen, Germany}, event_date = {April 2-3, 2020}, DOI = {10.15496/publikation-41813}, reviewed = {1}, author = {Roepert, Linus and Dahlmanns, Markus and Fink, Ina Berenice and Pennekamp, Jan and Henze, Martin} } @Inproceedings { 2019_pennekamp_securityConsiderations, title = {Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs}, year = {2019}, month = {12}, day = {4}, abstract = {The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.}, keywords = {secure industrial collaboration; interconnected cyber-physical systems; stakeholders; Internet of Production}, tags = {internet-of-production; iotrust}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-security-considerations.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT '19), December 4–7, 2019, Dubai, United Arab Emirates}, event_place = {Dubai, United Arab Emirates}, event_date = {December 4–7, 2019}, ISBN = {978-1-7281-4873-1}, DOI = {10.1109/GCIoT47977.2019.9058413}, reviewed = {1}, author = {Pennekamp, Jan and Dahlmanns, Markus and Gleim, Lars and Decker, Stefan and Wehrle, Klaus} } @Inproceedings { 2019_delacadena_countermeasure, title = {POSTER: Traffic Splitting to Counter Website Fingerprinting}, year = {2019}, month = {11}, day = {12}, pages = {2533-2535}, abstract = {Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95\% to less than 35\% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom}, event_place = {London, United Kingdom}, event_date = {November 11-15, 2019}, ISBN = {978-1-4503-6747-9/19/11}, DOI = {10.1145/3319535.3363249}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Pennekamp, Jan and Hiller, Jens and Lanze, Fabian and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019-hiller-icnp-tailoringOR, title = {Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments}, year = {2019}, month = {10}, day = {10}, abstract = {An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888033}, reviewed = {1}, author = {Hiller, Jens and Pennekamp, Jan and Dahlmanns, Markus and Henze, Martin and Panchenko, Andriy and Wehrle, Klaus} } @Inproceedings { 2019-dahlmanns-icnp-knowledgeSystem, title = {Privacy-Preserving Remote Knowledge System}, year = {2019}, month = {10}, day = {7}, abstract = {More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.}, note = {Poster Session}, keywords = {private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer}, tags = {kimusin; internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888121}, reviewed = {1}, author = {Dahlmanns, Markus and Dax, Chris and Matzutt, Roman and Pennekamp, Jan and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2019_pennekamp_multipath, title = {Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing}, year = {2019}, month = {10}, day = {7}, abstract = {Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.}, note = {Poster Session}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888029}, reviewed = {1}, author = {Pennekamp, Jan and Hiller, Jens and Reuter, Sebastian and De la Cadena, Wladimir and Mitseva, Asya and Henze, Martin and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019-hiller-aeit-regaining, title = {Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids}, year = {2019}, month = {9}, abstract = {Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.}, note = {ECSEL; European Union (EU); Horizon 2020; CONNECT Innovative smart components, modules and appliances for a truly connected, efficient and secure smart grid; Grant Agreement No 737434}, tags = {connect}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-aeit-regaining.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy}, event_place = {Firenze, Italy}, event_name = {AEIT International Annual Conference}, event_date = {September 18-20, 2019}, ISBN = {978-8-8872-3745-0}, DOI = {10.23919/AEIT.2019.8893406}, reviewed = {1}, author = {Hiller, Jens and Komanns, Karsten and Dahlmanns, Markus and Wehrle, Klaus} } @Inproceedings { 2018-rueth-quicadoptionstudy, title = {A First Look at QUIC in the Wild}, year = {2018}, month = {3}, day = {26}, pages = {255-268}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-quicadoptionstudy.pdf}, web_url2 = {https://arxiv.org/abs/1801.05168}, publisher = {Springer, Cham}, booktitle = {In Proceedings of the Passive and Active Measurement Conference (PAM '18)}, event_place = {Berlin, Germany}, event_name = {Passive and Active Measurement Conference (PAM 2018)}, event_date = {26.3.2018 - 27.3.2018}, language = {en}, ISBN = {978-3-319-76481-8}, DOI = {10.1007/978-3-319-76481-8_19}, reviewed = {1}, author = {R{\"u}th, Jan and Poese, Ingmar and Dietzel, Christoph and Hohlfeld, Oliver} } @Inproceedings { 2018-dedin-energy-packets, title = {A new solution for the Energy Packet-based Dispatching using power/signal dual modulation}, year = {2018}, booktitle = {Proceedings of the Ninth International Conference on Future Energy Systems (ACM e-Energy '18)}, event_place = {Karlsruhe, Germany}, event_name = {Ninth International Conference on Future Energy Systems}, event_date = {2018-06-15}, DOI = {10.1145/3208903.3208931}, reviewed = {1}, author = {De Din, Edoardo and Monti, Antonello and Hagenmeyer, Veit and Wehrle, Klaus} } @Inproceedings { 2017-henze-mobiquitous-cloudanalyzer, title = {CloudAnalyzer: Uncovering the Cloud Usage of Mobile Apps}, year = {2017}, month = {11}, day = {7}, pages = {262-271}, abstract = {Developers of smartphone apps increasingly rely on cloud services for ready-made functionalities, e.g., to track app usage, to store data, or to integrate social networks. At the same time, mobile apps have access to various private information, ranging from users' contact lists to their precise locations. As a result, app deployment models and data flows have become too complex and entangled for users to understand. We present CloudAnalyzer, a transparency technology that reveals the cloud usage of smartphone apps and hence provides users with the means to reclaim informational self-determination. We apply CloudAnalyzer to study the cloud exposure of 29 volunteers over the course of 19 days. In addition, we analyze the cloud usage of the 5000 most accessed mobile websites as well as 500 popular apps from five different countries. Our results reveal an excessive exposure to cloud services: 90 \% of apps use cloud services and 36 \% of apps used by volunteers solely communicate with cloud services. Given the information provided by CloudAnalyzer, users can critically review the cloud usage of their apps.}, keywords = {Privacy; Smartphones; Cloud Computing; Traffic Analysis}, tags = {trinics}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-cloudanalyzer.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '17), November 7-10, 2017, Melbourne, VIC, Australia}, event_place = {Melbourne, VIC, Australia}, event_date = {November 7-10, 2017}, language = {en}, ISBN = {978-1-4503-5368-7}, DOI = {10.1145/3144457.3144471}, reviewed = {1}, author = {Henze, Martin and Pennekamp, Jan and Hellmanns, David and M{\"u}hmer, Erik and Ziegeldorf, Jan Henrik and Drichel, Arthur and Wehrle, Klaus} } @Inproceedings { 2017-liew-schemmel-fp, title = {Floating-Point Symbolic Execution: A Case Study in N-Version Programming}, year = {2017}, month = {10}, day = {30}, tags = {symbiosys}, url = {file:1848}, booktitle = {Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering}, event_place = {Urbana-Champaign, IL, USA}, language = {en}, ISBN = {978-1-5386-2684-9/17}, reviewed = {1}, author = {Liew, Daniel and Schemmel, Daniel and Cadar, Cristian and Donaldson, Alastair and Z{\"a}hl, Rafael and Wehrle, Klaus} } @Phdthesis { phd-dombrowski, title = {Design and Evaluation of an Ultra-Reliable Low-Latency Wireless Network Protocol}, year = {2017}, month = {6}, day = {14}, publisher = {Shaker Verlag GmbH}, address = {Shaker Verlag GmbH, Herzogenrath, Germany}, series = {Reports on Communications and Distributed Systems}, school = {RWTH Aachen University}, type = {Dissertation}, ISBN = {978-3-8440-5510-8}, author = {Dombrowski, Christian} } @Article { dombrowski-vdi, title = {Funktechnologien f{\"u}r Industrie 4.0}, journal = {VDE Positionspapier}, year = {2017}, month = {6}, day = {1}, publisher = {VDE - Verband der Elektrotechnik, Elektronik, Informationstechnik e.V.}, address = {Stresemannallee 15, 60596 Frankfurt am Main, Germany}, author = {Aktas, Ismet and Bentkus, Alexander and Bonanati, Florian and Dekorsy, Armin and Dombrowski, Christian and Doubrava, Michael and Golestani, Ali and Hofmann, Frank and Heidrich, Mike and Hiensch, Stefan and Kays, R{\"u}diger and Meyer, Michael and M{\"u}ller, Andreas and ten Brink, Stephan and Petreska, Neda and Popovic, Milan and Rauchhaupt, Lutz and Saad, Ahmad and Schotten, Hans and W{\"o}ste, Christoph and Wolff, Ingo} } @Inproceedings { DombrowskiSRDS16, title = {Model-Checking Assisted Protocol Design for Ultra-reliable Low-Latency Wireless Networks}, year = {2016}, month = {9}, day = {27}, pages = {307--316}, keywords = {fault tolerance;formal verification;protocols;wireless channels;EchoRing protocol;fault-tolerant methods;formal model-based verification;model-checking assisted protocol;probabilistic model checking;reliability constraints;safety-critical industrial applications;salient features;token loss;token-based system;ultrareliable low-latency wireless networks;unprecedented latency;wireless networking community;wireless protocols;wireless token-passing systems;Automata;Model checking;Payloads;Probabilistic logic;Protocols;Reliability;Wireless communication;Model checking;Probabilistic timed automata;Token passing;Wireless Industrial Networks;tool-assisted protocol design;validation}, tags = {cps,hodrian}, web_url = {http://ieeexplore.ieee.org/document/7794360/}, booktitle = {Proc. of IEEE 35th Symposium on Reliable Distributed Systems}, organization = {IEEE}, event_place = {Budapest, Hungary}, event_name = {IEEE 35th Symposium on Reliable Distributed Systems (SRDS)}, DOI = {10.1109/SRDS.2016.048}, reviewed = {1}, author = {Dombrowski, Christian and Junges, Sebastian and Katoen, Joost-Pieter and Gross, James} } @Inproceedings { 2016-serror-wowmom-arq, title = {Performance Analysis of Cooperative ARQ Systems for Wireless Industrial Networks}, year = {2016}, month = {6}, day = {21}, tags = {koi}, publisher = {IEEE}, howpublished = {online}, booktitle = {17th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (IEEE WoWMoM 2016), Coimbra, Portugal}, event_place = {Coimbra, Portugal}, language = {en}, DOI = {10.1109/WoWMoM.2016.7523534}, reviewed = {1}, author = {Serror, Martin and Hu, Yulin and Dombrowski, Christian and Wehrle, Klaus and Gross, James} } @Inproceedings { 2015-serror-channel-coding, title = {Channel Coding Versus Cooperative ARQ: Reducing Outage Probability in Ultra-Low Latency Wireless Communications}, year = {2015}, month = {12}, tags = {koi}, url = {file:1704}, publisher = {IEEE}, howpublished = {online}, booktitle = {IEEE GC 2015 Workshop on Ultra-Low Latency and Ultra-High Reliability in Wireless Communications (GC'15 - ULTRA2), San Diego, USA}, event_place = {San Diego, USA}, event_name = {IEEE GC 2015 Workshop on Ultra-Low Latency and Ultra-High Reliability in Wireless Communications}, event_date = {December 6-10 2015}, DOI = {10.1109/GLOCOMW.2015.7414150}, reviewed = {1}, author = {Serror, Martin and Dombrowski, Christian and Wehrle, Klaus and Gross, James} } @Poster { serror-zdn-2015, title = {How to Benefit from Cooperation in Latency-Constrained Wireless Communications}, year = {2015}, month = {9}, day = {25}, tags = {cps,koi,hodrian}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-serror-zdn-cooperation.pdf}, web_url = {http://kn.inf.uni-tuebingen.de/itg-zdn-2015-poster-session}, publisher = {VDE}, howpublished = {online}, organization = {ITG-Fachtagung ''Zukunft der Netze 2015'' – Poster Session, T{\"u}bingen, Germany}, event_place = {T{\"u}bingen, Germany}, author = {Serror, Martin and Dombrowski, Christian and Wehrle, Klaus and Gross, James} } @Inproceedings { 2015-wowmom-schumacher-warpsim, title = {WARPsim: A Code-Transparent Network Simulator for WARP Devices}, year = {2015}, month = {6}, day = {14}, tags = {cps,koi}, url = {file:1688}, publisher = {IEEE}, howpublished = {online}, booktitle = {16th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks: Demos (IEEE WoWMoM 2015 - Demos), Boston, USA}, event_place = {Boston, USA}, event_name = {IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks}, event_date = {14.-17. June 2015}, DOI = {10.1109/WoWMoM.2015.7158181}, reviewed = {1}, author = {Schumacher, Andreas and Serror, Martin and Dombrowski, Christian and Gross, James} } @Inproceedings { Dombrowski2015EW, title = {EchoRing: A Low-Latency, Reliable Token-Passing MAC Protocol for Wireless Industrial Networks}, year = {2015}, month = {5}, day = {20}, abstract = {Spurred by recent industrial trends, such as factory automation or phase synchronization in the smart grid, there is a significant interest for wireless industrial networks lately. In contrast to traditional applications, the focus is on carrying out communication at very short latencies together with high reliabilities. Meeting such extreme requirements with wireless networks is challenging. A potential candidate for such a network is a token-passing protocol, as it allows to bound latencies. However, it lacks mechanisms to cope with the dynamics of wireless channels. In this paper, we present EchoRing, a novel wireless token-passing protocol. Cooperative communication and an improved fault tolerance allow this decentralized protocol to support industrial applications over wireless networks. Based on experimental results, we demonstrate the suitability of EchoRing to support demands of industrial applications. EchoRing outperforms other schemes by several orders of magnitude in terms of reliability for latencies of and below 10ms.}, keywords = {Protocols and architectures for wireless networks; Testbeds and experimental wireless systems; Reliability: robust and dependable wireless systems}, tags = {cps,hodrian}, publisher = {IEEE}, booktitle = {Proc. of 21st European Wireless Conference (EW15)}, event_place = {Budapest, Hungary}, event_name = {European Wireless Conference (EW)}, event_date = {20/05/2015}, ISBN = {978-3-8007-3976-9}, author = {Dombrowski, Christian and Gross, James} } @Inproceedings { Dombrowski2015NetSys, title = {EchoRing: Meeting Hard Real-Time Constraints with Decentralized Wireless Networks}, year = {2015}, month = {3}, day = {9}, pages = {1--3}, tags = {cps,hodrian}, url = {http://www.netsys2015.com/wp-content/uploads/NetSys2015_Demo_Dombrowski.pdf}, web_url = {http://www.netsys2015.com/program/demonstrations/}, web_url2 = {http://www.netsys2015.com/communication-software-awards/}, misc = {2nd Place Regular Demonstrations}, publisher = {IEEE}, booktitle = {Proc. of 2nd International Conference on Networked Systems, Demonstrations (NetSys15)}, event_place = {Cottbus, Germany}, event_name = {Conference on Networked Systems (NetSys) - Demo Session}, event_date = {09/03/2015}, reviewed = {1}, author = {Dombrowski, Christian and Gross, James} } @Conference { Schumacher2014, title = {A Code-transparent MAC Simulator for WARP}, year = {2014}, month = {11}, day = {19}, tags = {hodrian,cps}, booktitle = {Proc. of European workshop on testbed based wireless research}, event_place = {Stockholm, Sweden}, event_name = {European workshop on testbed based wireless research}, event_date = {19/11/2014}, author = {Schumacher, Andreas and Dombrowski, Christian and Gross, James} } @Inproceedings { 2014-aktas-wintech-a-framework-for-remote-automation-configuration-and-monitoring, title = {A Framework for Remote Automation, Configuration, and Monitoring of Real-World Experiments}, year = {2014}, month = {9}, day = {7}, pages = {1--8}, tags = {crawler}, url = {fileadmin/papers/2014/2014-aktas-wintech-remote-cross-layer.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 9th ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization (WiNTECH 2014), Hawaii, USA}, event_place = {Hawaii, USA}, event_name = {9th ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization (WiNTECH 2014)}, event_date = {7 September 2014}, language = {en}, ISBN = {978-1-4503-3072-5}, DOI = {10.1145/2643230.2643236}, reviewed = {1}, author = {Aktas, Ismet and Pu{\~n}al, Oscar and Schmidt, Florian and Dr{\"u}ner, Tobias and Wehrle, Klaus} } @Inproceedings { Dombrowski2013WiOpt, title = {Energy-Efficient Multi-Hop Transmission for Machine-to-Machine Communications}, year = {2013}, month = {5}, day = {13}, pages = {341-348}, keywords = {energy minimization;quality-of-service;outage probability;deadline;optimization;multi-hop;average csi;instantaneous csi}, booktitle = {11th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2013)}, event_place = {Tsukuba Science City, Japan}, language = {English}, reviewed = {1}, author = {Dombrowski, Christian and Petreska, Neda and G{\"o}rtzen, Simon and Schmeink, Anke and Gross, James} } @Inproceedings { 2012-aktas-wowmom-CRAWLER:AnExperimentationPlatformforSystemMonitoringandCross-Layer-Coordination-conference, title = {CRAWLER: An Experimentation Architecture for System Monitoring and Cross-Layer-Coordination}, journal = {Proceedings of the 13th International Symposium on a World of Wireless, Mobile and MultimediaNetworks (WoWMoM'12), San Francisco, USA}, year = {2012}, month = {6}, day = {25}, pages = {1--9}, tags = {crawler}, url = {fileadmin/papers/2012/2012-aktas-wowmom-crawler.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 13th International Symposium on a World of Wireless, Mobile and MultimediaNetworks (WoWMoM'12), San Francisco, USA}, event_place = {San Francisco}, event_name = {13th International Symposium on a World of Wireless, Mobile and MultimediaNetworks (WoWMoM'12)}, event_date = {25-28 June, 2012}, language = {en}, ISBN = {978-1-4673-1238-7}, DOI = {10.1109/WoWMoM.2012.6263686}, reviewed = {1}, author = {Aktas, Ismet and Schmidt, Florian and Alizai, Muhammad Hamad and Dr{\"u}ner, Tobias and Wehrle, Klaus} } @Inproceedings { Dombrowski2011LCN, title = {Hard Real-Time Wireless Medium Access in Action: Stop the Guillotine Within a Millisecond!}, year = {2011}, month = {10}, day = {4}, pages = {1--3}, url = {http://www.ieeelcn.org/prior/LCN36/lcn36demos/lcn-demo2011_dombrowski.pdf}, web_url = {http://www.ieeelcn.org/prior/LCN36/lcn36demos.html}, booktitle = {Proc. of Local Computer Networks Conference, Demonstrations, (LCN'11)}, event_place = {Bonn, Germany}, event_name = {36th IEEE Conference on Local Computer Networks (LCN)}, event_date = {04/10/2011}, reviewed = {1}, author = {Dombrowski, Christian and Gross, James} } @Inproceedings { Dombrowski2011RealWIN, title = {Reducing Outage Probability Over Wireless Channels Under Hard Real-time Constraints}, year = {2011}, month = {4}, day = {11}, pages = {1 -6}, booktitle = {Proc. of Workshop on Real-Time Wireless For Industrial Applications (RealWIN'11)}, reviewed = {1}, author = {Dombrowski, Christian and Gross, James} } @Inproceedings { Dombrowski2010GC, title = {Is High Quality Sensing Really Necessary for Opportunistic Spectrum Usage?}, year = {2010}, month = {12}, day = {6}, pages = {1--6}, publisher = {IEEE}, booktitle = {Proc. of IEEE Global Telecommunications Conference (GLOBECOM'10)}, event_place = {Miami, FL, USA}, event_name = {IEEE Global Telecommunications Conference (GLOBECOM'10)}, event_date = {06/12/2010}, author = {Dombrowski, Christian and Willkomm, Daniel and Wolisz, Adam} } @Inproceedings { 2010-sensys-sasnauskas-coojakleenet, title = {Demo Abstract: Integrating Symbolic Execution with Sensornet Simulation for Efficient Bug Finding}, year = {2010}, month = {11}, pages = {383--384}, abstract = {High-coverage testing of sensornet applications is vital for pre-deployment bug cleansing, but has previously been difficult due to the limited set of available tools. We integrate the KleeNet symbolic execution engine with the COOJA network simulator to allow for straight-forward and intuitive high-coverage testing initiated from a simulation environment. A tight coupling of simulation and testing helps detect, narrow down, and fix complex interaction bugs in an early development phase. We demonstrate the seamless transition between COOJA simulation and KleeNet symbolic execution. Our framework enables future research in how high-coverage testing tools could be used in cooperation with simulation tools.}, tags = {kleenet}, url = {fileadmin/papers/2010/2010-osterlind_sasnauskas-sensys-coojakleenet.pdf}, misc2 = {Print}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems (SenSys 2010), Zurich, Switzerland}, language = {en}, ISBN = {978-1-4503-0344-6}, DOI = {http://doi.acm.org/10.1145/1869983.1870034}, reviewed = {1}, author = {{\"O}sterlind, Fredrik and Sasnauskas, Raimondas and Dunkels, Adam and Soria Dustmann, Oscar and Wehrle, Klaus} } @Article { VaegsDHH2010, title = {Learning by gaming: facts and myths}, journal = {International Journal of Technology Enhanced Learning (IJTEL)}, year = {2010}, volume = {2}, number = {1/2}, pages = {21-40}, abstract = {Gaming has undergone a transition from a niche hobby to a part of everyday culture. This transition, along with the advance in the use of the internet, has created a new kind of social environment, commonly known as virtual life. This paper presents the survey results of over 1000 gamers worldwide, in which they tell us how gaming affected their lives – both virtual and real – with regard to their career, relationships and social life. The analysis of the answers disproves common stereotypes about gamers, shows areas where gaming can very well be beneficial and where there are still problems.}, keywords = {video games, online games, learning by playing, soft skills, transferable skills, motivation, conflicts, social skills, careers, relationships, communities, technical competence, gaming, virtual life, social life, gamers}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-vaegs-JTEL-Gaming.pdf}, editor = {Martin Wolpers}, publisher = {Inderscience Publishers}, address = {Geneva, SWITZERLAND}, language = {en}, ISSN = {1753-5255}, DOI = {10.1504/IJTEL.2010.031258}, reviewed = {1}, author = {Vaegs, Tobias and Dugosija, Darko and Hackenbracht, Stephan and Hannemann, Anna} } @Inproceedings { DugosijaEHVHM2008, title = {Online Gaming as Tool for Career Development}, year = {2008}, month = {9}, day = {16}, volume = {386}, abstract = {Gaming has undergone a transition from a niche hobby to a part of everyday culture, with the most prominent examples of professional gaming in Korea and the success of World of Warcraft. This transition alongside with the advance of use of the Internet has created a new kind of social environment, commonly known as virtual life. This paper presents an excerpt of the results of a survey investigating this environment with particular regard to the interaction between gaming and career, relationships as well as social groups. “Man only plays when in the full meaning of the word he is a man, and he is only completely a man when he plays. ” Schiller 1}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2008/2008-steg-vaegs-gaming.pdf}, web_url = {http://www.slideshare.net/vaegs/online-gaming-as-tool-for-career-development-presentation}, editor = {Ralf Klamma, Nalin Sharda, Baltasar Fern{\'a}ndez-Manj{\'o}n, Harald Kosch and Marc Spaniol}, series = {CEUR Workshop Proceedings}, booktitle = {Proceedings of the First International Workshop on Story-Telling and Educational Games (STEG'08)}, event_place = {Maastricht School of Management, Maastricht, The Netherlands}, event_name = {First International Workshop on Story-Telling and Educational Games (STEG'08)}, event_date = {September 16, 2008}, language = {en}, author = {Dugosija, Darko and Efe, Vadi and Hackenbracht, Stephan and Vaegs, Tobias and Hannemann, Anna} } @Inproceedings { 200602LandsiedelEWSNModularSN, title = {Modular Communication Protocols for Sensor Networks}, year = {2006}, month = {2}, day = {13}, volume = {507}, pages = {22 -- 23}, abstract = {In this paper we present our ongoing work on modular communication protocols for sensor networks. Their modularity allows recomposing a protocol dynamically at runtime and adapting it to the changing needs of a sensor network. Compared to existing work, our componentization is fine grained and protocol independent, enabling a high degree of component reusability.}, note = {(Poster and Abstract)}, url = {fileadmin/papers/2006/2006-02-Landsiedel-EWSN-ModularSN.pdf}, web_url2 = {ftp://ftp.inf.ethz.ch/pub/publications/tech-reports/5xx/507.pdf}, misc = {Technical Report}, misc2 = {Online}, editor = {Kay R{\"o}mer and Holger Karl and Friedemann Matterns}, publisher = {Department of Computer Science, ETH Zurich}, address = {Zurich, Switzerland}, series = {Technical Report ETH Zurich / Dept. of Computer Science}, booktitle = {European Workshop on Wireless Sensor Networks (EWSN 2006), Zurich Switzerland}, organization = {EWSN}, event_place = {Zurich, Switzerland}, event_name = {3rd European Workshop on Wireless Sensor Networks (EWSN 2006)}, event_date = {February 13-15, 2006}, language = {en}, reviewed = {1}, author = {Landsiedel, Olaf and Bitsch Link, J{\'o} Agila and Denkinger, Katharina and Wehrle, Klaus} }