% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-23 % Creation time: 21-52-20 % --- Number of references % 258 % @Inproceedings { 2024-wagner-madtls, title = {Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication}, year = {2024}, month = {7}, day = {1}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf}, booktitle = {19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur}, event_place = {Singapur}, event_name = {ACM ASIA Conference on Computer and Communications Security (AsiaCCS)}, event_date = {July 1-5, 2024}, state = {unpublished}, reviewed = {1}, author = {Wagner, Eric and Heye, David and Serror, Martin and Kunze, Ike and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2024_dahlmanns_ipv6-deployments, title = {Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet}, year = {2024}, month = {5}, day = {10}, abstract = {Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39\% of deployments have access control in place and only 6.2\% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.}, keywords = {Internet of Things, security, Internet measurements, IPv6, address generators}, tags = {internet-of-production}, publisher = {IEEE}, booktitle = {Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea}, event_place = {Seoul, Korea}, event_name = {2024 IEEE Network Operations and Management Symposium}, event_date = {May 6-10, 2024}, state = {accepted}, reviewed = {1}, author = {Dahlmanns, Markus and Heidenreich, Felix and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Incollection { 2024_matzutt_blockchain-content, title = {Illicit Blockchain Content – Its Different Shapes, Consequences, and Remedies}, year = {2024}, month = {3}, day = {7}, volume = {105}, pages = {301-336}, abstract = {Augmenting public blockchains with arbitrary, nonfinancial content fuels novel applications that facilitate the interactions between mutually distrusting parties. However, new risks emerge at the same time when illegal content is added. This chapter thus provides a holistic overview of the risks of content insertion as well as proposed countermeasures. We first establish a simple framework for how content is added to the blockchain and subsequently distributed across the blockchain’s underlying peer-to-peer network. We then discuss technical as well as legal implications of this form of content distribution and give a systematic overview of basic methods and high-level services for inserting arbitrary blockchain content. Afterward, we assess to which extent these methods and services have been used in the past on the blockchains of Bitcoin Core, Bitcoin Cash, and Bitcoin SV, respectively. Based on this assessment of the current state of (unwanted) blockchain content, we discuss (a) countermeasures to mitigate its insertion, (b) how pruning blockchains relates to this issue, and (c) how strategically weakening the otherwise desired immutability of a blockchain allows for redacting objectionable content. We conclude this chapter by identifying future research directions in the domain of blockchain content insertion.}, keywords = {Blockchain content insertion; Illicit content; Pruning; Redaction}, publisher = {Springer}, series = {Advances in Information Security}, chapter = {10}, booktitle = {Blockchains – A Handbook on Fundamentals, Platforms and Applications}, ISBN = {978-3-031-32145-0}, DOI = {10.1007/978-3-031-32146-7_10}, reviewed = {1}, author = {Matzutt, Roman and Henze, Martin and M{\"u}llmann, Dirk and Wehrle, Klaus} } @Incollection { 2024_pennekamp_blockchain-industry, title = {Blockchain Technology Accelerating Industry 4.0}, year = {2024}, month = {3}, day = {7}, volume = {105}, pages = {531-564}, abstract = {Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations.}, tags = {internet-of-production}, publisher = {Springer}, series = {Advances in Information Security}, chapter = {17}, booktitle = {Blockchains – A Handbook on Fundamentals, Platforms and Applications}, ISBN = {978-3-031-32145-0}, DOI = {10.1007/978-3-031-32146-7_17}, reviewed = {1}, author = {Pennekamp, Jan and Bader, Lennart and Wagner, Eric and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2024-wagner-acns-aggregate, title = {When and How to Aggregate Message Authentication Codes on Lossy Channels?}, year = {2024}, month = {3}, day = {5}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-mac-aggregation.pdf}, booktitle = {22nd International Conference on Applied Cryptography and Network Security (ACNS '24), Abu Dhabi, UAE}, event_place = {Abu Dhabi, UAE}, event_name = {International Conference on Applied Cryptography and Network Security (ACNS)}, event_date = {March 5-9, 2024}, state = {accepted}, reviewed = {1}, author = {Wagner, Eric and Serror, Martin and Wehrle, Klaus and Henze, Martin} } @Article { 2023_pennekamp_purchase_inquiries, title = {Offering Two-Way Privacy for Evolved Purchase Inquiries}, journal = {ACM Transactions on Internet Technology}, year = {2023}, month = {11}, day = {17}, volume = {23}, number = {4}, abstract = {Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness. Related work overlooks this issue so far: Existing approaches only protect the information of a single party only, hindering dynamic and on-demand business relationships. To account for the corresponding research gap of inadequately privacy-protected information and to deal with companies without an established trust relation, we pursue the direction of innovative privacy-preserving purchase inquiries that seamlessly integrate into today's established supplier management and procurement processes. Utilizing well-established building blocks from private computing, such as private set intersection and homomorphic encryption, we propose two designs with slightly different privacy and performance implications to securely realize purchase inquiries over the Internet. In particular, we allow buyers to consider more potential sellers without sharing sensitive information and relieve sellers of the burden of repeatedly preparing elaborate yet discarded offers. We demonstrate our approaches' scalability using two real-world use cases from the domain of production technology. Overall, we present deployable designs that offer two-way privacy for purchase inquiries and, in turn, fill a gap that currently hinders establishing dynamic and flexible business relationships. In the future, we expect significantly increasing research activity in this overlooked area to address the needs of an evolving production landscape.}, keywords = {bootstrapping procurement; secure industrial collaboration; private set intersection; homomorphic encryption; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-purchase-inquiries.pdf}, publisher = {ACM}, ISSN = {1533-5399}, DOI = {10.1145/3599968}, reviewed = {1}, author = {Pennekamp, Jan and Dahlmanns, Markus and Fuhrmann, Frederik and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Article { 2023_lamberts_metrics-sok, title = {SoK: Evaluations in Industrial Intrusion Detection Research}, journal = {Journal of Systems Research}, year = {2023}, month = {10}, day = {31}, volume = {3}, number = {1}, abstract = {Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward.}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf}, publisher = {eScholarship Publishing}, ISSN = {2770-5501}, DOI = {10.5070/SR33162445}, reviewed = {1}, author = {Lamberts, Olav and Wolsing, Konrad and Wagner, Eric and Pennekamp, Jan and Bauer, Jan and Wehrle, Klaus and Henze, Martin} } @Article { 2023_hauser_technical-documentation, title = {Tool: Automatically Extracting Hardware Descriptions from PDF Technical Documentation}, journal = {Journal of Systems Research}, year = {2023}, month = {10}, day = {31}, volume = {3}, number = {1}, abstract = {The ever-increasing variety of microcontrollers aggravates the challenge of porting embedded software to new devices through much manual work, whereas code generators can be used only in special cases. Moreover, only little technical documentation for these devices is available in machine-readable formats that could facilitate automating porting efforts. Instead, the bulk of documentation comes as print-oriented PDFs. We hence identify a strong need for a processor to access the PDFs and extract their data with a high quality to improve the code generation for embedded software. In this paper, we design and implement a modular processor for extracting detailed datasets from PDF files containing technical documentation using deterministic table processing for thousands of microcontrollers. Namely, we systematically extract device identifiers, interrupt tables, package and pinouts, pin functions, and register maps. In our evaluation, we compare the documentation from STMicro against existing machine-readable sources. Our results show that our processor matches 96.5 \% of almost 6 million reference data points, and we further discuss identified issues in both sources. Hence, our tool yields very accurate data with only limited manual effort and can enable and enhance a significant amount of existing and new code generation use cases in the embedded software domain that are currently limited by a lack of machine-readable data sources.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-hauser-technical-documents.pdf}, publisher = {eScholarship Publishing}, ISSN = {2770-5501}, DOI = {10.5070/SR33162446}, reviewed = {1}, author = {Hauser, Niklas and Pennekamp, Jan} } @Inproceedings { 2023-wagner-lcn-repel, title = {Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols}, year = {2023}, month = {10}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wagner-repel.pdf}, publisher = {IEEE}, booktitle = {48th IEEE Conference on Local Computer Networks (LCN), Daytona Beach, Florida, US}, event_place = {Daytona Beach, Florida, US}, event_name = {IEEE Conference on Local Computer Networks (LCN)}, event_date = {Oktober 1-5, 2023}, state = {accepted}, language = {en}, reviewed = {1}, author = {Wagner, Eric and Rothaug, Nils and Wolsing, Konrad and Bader, Lennart and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2023-redefine-mpc-cosimulation, title = {Delay-aware Model Predictive Control for Fast Frequency Control}, journal = {Proceedings of the 14th IEEE International Conference on Smart Grid Communications (SmartGridComm 2023)}, year = {2023}, month = {10}, tags = {redefine}, publisher = {IEEE}, booktitle = {Proceedings of the 14th IEEE International Conference on Smart Grid Communications (SmartGridComm 2023)}, state = {accepted}, reviewed = {1}, author = {Heins, Tobias and Glebke, Ren{\'e} and Stoffers, Mirko and Gurumurthy, Sriram and Heesemann, Jan and Josevski, Martina and Monti, Antonello and Wehrle, Klaus} } @Inproceedings { 2023-bader-metrics, title = {METRICS: A Methodology for Evaluating and Testing the Resilience of Industrial Control Systems to Cyberattacks}, year = {2023}, month = {9}, day = {28}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-bader-metrics.pdf}, booktitle = {Proceedings of the 9th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS '23), co-located with the the 28th European Symposium on Research in Computer Security (ESORICS '23)}, event_place = {The Hague, The Netherlands}, event_name = {9th Workshop on the Security of Industrial Control Systems \& of Cyber-Physical Systems (CyberICPS '23)}, event_date = {September 28, 2023}, state = {accepted}, DOI = {10.1007/978-3-031-54204-6_2}, reviewed = {1}, author = {Bader, Lennart and Wagner, Eric and Henze, Martin and Serror, Martin} } @Inproceedings { 2023_wolsing_ensemble, title = {One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection}, year = {2023}, month = {9}, day = {25}, volume = {14345}, pages = {102-122}, abstract = {Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity.}, note = {Lecture Notes in Computer Science (LNCS), Volume 14345}, keywords = {Intrusion Detection; Ensemble Learning; ICS}, tags = {internet-of-production, rfc}, url = {https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands}, event_place = {The Hague, The Netherlands}, event_name = {28th European Symposium on Research in Computer Security (ESORICS '23)}, event_date = {September 25-29, 2023}, ISBN = {978-3-031-51475-3}, ISSN = {0302-9743}, DOI = {10.1007/978-3-031-51476-0_6}, reviewed = {1}, author = {Wolsing, Konrad and Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Article { Jakobs_2023_3, title = {Preserving the Royalty-Free Standards Ecosystem}, journal = {European Intellectual Property Review}, year = {2023}, month = {7}, volume = {45}, number = {7}, pages = {371-375}, abstract = {It has long been recognized in Europe and elsewhere that standards-development organizations (SDOs) may adopt policies that require their participants to license patents essential to the SDO’s standards (standards-essential patents or SEPs) to manufacturers of standardized products (“implementers”) on a royalty-free (RF) basis. This requirement contrasts with SDO policies that permit SEP holders to charge implementers monetary patent royalties, sometimes on terms that are specified as “fair, reasonable and nondiscriminatory” (FRAND). As demonstrated by two decades of intensive litigation around the world, FRAND royalties have given rise to intractable disputes regarding the manner in which such royalties should be calculated and adjudicated. In contrast, standards distributed on an RF basis are comparatively free from litigation and the attendant transaction costs. Accordingly, numerous SDOs around the world have adopted RF licensing policies and many widely adopted standards, including Bluetooth, USB, IPv6, HTTP, HTML and XML, are distributed on an RF basis. This note briefly discusses the commercial considerations surrounding RF standards, the relationship between RF standards and open source software (OSS) and the SDO policy mechanisms – including “universal reciprocity” -- that enable RF licensing to succeed in the marketplace.}, ISSN = {0142-0461}, DOI = {10.2139/ssrn.4235647}, reviewed = {1}, author = {Contreras, Jorge and Bekkers, Rudi and Biddle, Brad and Bonadio, Enrico and Carrier, Michael A. and Chao, Bernard and Duan, Charles and Gilbert, Richard and Henkel, Joachim and Hovenkamp, Erik and Husovec, Martin and Jakobs, Kai and Kim, Dong-hyu and Lemley, Mark A. and Love, Brian J. and McDonagh, Luke and Scott Morton, Fiona M. and Schultz, Jason and Simcoe, Timothy and Urban, Jennifer M. and Xiang, Joy Y} } @Inproceedings { 2023_pennekamp_benchmarking_comparison, title = {Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking}, year = {2023}, month = {6}, day = {15}, volume = {13901}, pages = {489-505}, abstract = {Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees—an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today's building blocks from private computing.}, note = {Lecture Notes in Computer Science (LNCS), Volume 13901}, keywords = {real-world computing; trusted execution environments; homomorphic encryption; key performance indicators; benchmarking}, tags = {internet-of-production}, url = {https://jpennekamp.de/wp-content/papercite-data/pdf/plv+23.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain}, event_place = {Zaragoza, Spain}, event_name = {35th International Conference on Advanced Information Systems Engineering (CAiSE '23)}, event_date = {June 12-16, 2023}, ISBN = {978-3-031-34559-3}, ISSN = {0302-9743}, DOI = {10.1007/978-3-031-34560-9_29}, reviewed = {1}, author = {Pennekamp, Jan and Lohm{\"o}ller, Johannes and Vlad, Eduard and Loos, Joscha and Rodemann, Niklas and Sapel, Patrick and Fink, Ina Berenice and Schmitz, Seth and Hopmann, Christian and Jarke, Matthias and Schuh, G{\"u}nther and Wehrle, Klaus and Henze, Martin} } @Incollection { 2023_pennekamp_crd-a.i, title = {Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead}, year = {2023}, month = {2}, day = {8}, pages = {35-60}, abstract = {The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.}, keywords = {Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_2}, reviewed = {1}, author = {Pennekamp, Jan and Belova, Anastasiia and Bergs, Thomas and Bodenbenner, Matthias and B{\"u}hrig-Polaczek, Andreas and Dahlmanns, Markus and Kunze, Ike and Kr{\"o}ger, Moritz and Geisler, Sandra and Henze, Martin and L{\"u}tticke, Daniel and Montavon, Benjamin and Niemietz, Philipp and Ortjohann, Lucia and Rudack, Maximilian and Schmitt, Robert H. and Vroomen, Uwe and Wehrle, Klaus and Zeng, Michael} } @Incollection { 2023_klugewilkes_crd-b2.iv, title = {Modular Control and Services to Operate Line-less Mobile Assembly Systems}, year = {2023}, month = {2}, day = {8}, pages = {303-328}, abstract = {The increasing product variability and lack of skilled workers demand for autonomous, flexible production. Since assembly is considered a main cost driver and accounts for a major part of production time, research focuses on new technologies in assembly. The paradigm of Line-less Mobile Assembly Systems (LMAS) provides a solution for the future of assembly by mobilizing all resources. Thus, dynamic product routes through spatiotemporally configured assembly stations on a shop floor free of fixed obstacles are enabled. In this chapter, we present research focal points on different levels of LMAS, starting with the macroscopic level of formation planning, followed by the mesoscopic level of mobile robot control and multipurpose input devices and the microscopic level of services, such as interpreting autonomous decisions and in-network computing. We provide cross-level data and knowledge transfer through a novel ontology-based knowledge management. Overall, our work contributes to future safe and predictable human-robot collaboration in dynamic LMAS stations based on accurate online formation and motion planning of mobile robots, novel human-machine interfaces and networking technologies, as well as trustworthy AI-based decisions.}, keywords = {Lineless mobile assembly systems (LMAS); Formation planning; Online motion planning; In-network computing; Interpretable AI; Human-machine collaboration; Ontology-based knowledge management}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-klugewilkes-iop-b2.iv.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_13}, reviewed = {1}, author = {Kluge-Wilkes, Aline and Baier, Ralph and Gossen, Daniel and Kunze, Ike and M{\"u}ller, Aleksandra and Shahidi, Amir and Wolfschl{\"a}ger, Dominik and Brecher, Christian and Corves, Burkhard and H{\"u}sing, Mathias and Nitsch, Verena and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2023-lorz-cired, title = {Interconnected grid protection systems - reference grid for testing an adaptive protection scheme}, year = {2023}, pages = {3286-3290}, tags = {ven2us}, booktitle = {27th International Conference on Electricity Distribution (CIRED 2023), Rome, Italy, June 12-15, 2023}, event_place = {Rome, Italy}, event_name = {International Conference \& Exhibition on Electricity Distribution (CIRED)}, event_date = {June 12-15, 2023}, DOI = {10.1049/icp.2023.0864}, reviewed = {1}, author = {Lorz, Tobias and Jaeger, Johann and Selimaj, Antigona and Hacker, Immanuel and Ulbig, Andreas and Heckel, Jan-Peter and Becker, Christian and Dahlmanns, Markus and Fink, Ina Berenice and Wehrle, Klaus and Erichsen, Gerrit and Schindler, Michael and Luxenburger, Rainer and Lin, Guosong} } @Inproceedings { 2022_kus_ensemble, title = {Poster: Ensemble Learning for Industrial Intrusion Detection}, year = {2022}, month = {12}, day = {8}, number = {RWTH-2022-10809}, abstract = {Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor different parts of the system, e.g., the network or the physical process. Combining multiple such systems promises to leverage their joint strengths, allowing the detection of a wider range of attacks due to their diverse specializations and reducing false positives. We study this concept's feasibility with initial results of various methods to combine detectors.}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-ensemble-poster.pdf}, publisher = {RWTH Aachen University}, booktitle = {38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA}, institution = {RWTH Aachen University}, event_place = {Austin, TX, USA}, event_name = {38th Annual Computer Security Applications Conference (ACSAC '22)}, event_date = {December 5-9, 2022}, DOI = {10.18154/RWTH-2022-10809}, reviewed = {1}, author = {Kus, Dominik and Wolsing, Konrad and Pennekamp, Jan and Wagner, Eric and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2022_pennekamp_cumul, title = {CUMUL \& Co: High-Impact Artifacts for Website Fingerprinting Research}, year = {2022}, month = {12}, day = {8}, number = {RWTH-2022-10811}, abstract = {Anonymous communication on the Internet is about hiding the relationship between communicating parties. At NDSS '16, we presented a new website fingerprinting approach, CUMUL, that utilizes novel features and a simple yet powerful algorithm to attack anonymization networks such as Tor. Based on pattern observation of data flows, this attack aims at identifying the content of encrypted and anonymized connections. Apart from the feature generation and the used classifier, we also provided a large dataset to the research community to study the attack at Internet scale. In this paper, we emphasize the impact of our artifacts by analyzing publications referring to our work with respect to the dataset, feature extraction method, and source code of the implementation. Based on this data, we draw conclusions about the impact of our artifacts on the research field and discuss their influence on related cybersecurity topics. Overall, from 393 unique citations, we discover more than 130 academic references that utilize our artifacts, 61 among them are highly influential (according to SemanticScholar), and at least 35 are from top-ranked security venues. This data underlines the significant relevance and impact of our work as well as of our artifacts in the community and beyond.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-pennekamp-cumul-artifacts.pdf}, web_url = {https://www.acsac.org/2022/program/artifacts_competition/}, publisher = {ACSA}, booktitle = {Cybersecurity Artifacts Competition and Impact Award at 38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_name = {38th Annual Computer Security Applications Conference (ACSAC '22)}, event_date = {December 5-9, 2022}, DOI = {10.18154/RWTH-2022-10811}, reviewed = {1}, author = {Pennekamp, Jan and Henze, Martin and Zinnen, Andreas and Lanze, Fabian and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2022-serror-ccs-inside, title = {Poster: INSIDE - Enhancing Network Intrusion Detection in Power Grids with Automated Facility Monitoring}, year = {2022}, month = {11}, day = {7}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-serror-ccs-inside.pdf}, publisher = {ACM}, howpublished = {online}, booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security}, event_place = {Los Angeles, CA, USA}, event_date = {November 8, 2022}, DOI = {10.1145/3548606.3563500}, reviewed = {1}, author = {Serror, Martin and Bader, Lennart and Henze, Martin and Schwarze, Arne and N{\"u}rnberger, Kai} } @Inproceedings { 2022-wolsing-ipal, title = {IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems}, year = {2022}, month = {10}, day = {26}, abstract = {The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable communication or process behavior. However, current efforts mostly focus on specific domains and protocols, leading to a research landscape broken up into isolated silos. Thus, existing approaches cannot be applied to other industries that would equally benefit from powerful detection. To better understand this issue, we survey 53 detection systems and find no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenarios in theory. To unlock this potential, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial protocols. After proving IPAL’s correctness in a reproducibility study of related work, we showcase its unique benefits by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols and can perform outside their restricted silos.}, url = {/fileadmin/papers/2022/2022-wolsing-ipal.pdf}, booktitle = {Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)}, DOI = {10.1145/3545948.3545968}, reviewed = {1}, author = {Wolsing, Konrad and Wagner, Eric and Saillard, Antoine and Henze, Martin} } @Article { 2022-henze-tii-prada, title = {Complying with Data Handling Requirements in Cloud Storage Systems}, journal = {IEEE Transactions on Cloud Computing}, year = {2022}, month = {9}, volume = {10}, number = {3}, pages = {1661-1674}, abstract = {In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today’s cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present Prada , a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, Prada introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement Prada on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-henze-tii-prada.pdf}, misc2 = {Online}, language = {en}, ISSN = {2168-7161}, DOI = {10.1109/TCC.2020.3000336}, reviewed = {1}, author = {Henze, Martin and Matzutt, Roman and Hiller, Jens and M{\"u}hmer, Erik and Ziegeldorf, Jan Henrik and van der Giet, Johannes and Wehrle, Klaus} } @Proceedings { 2022-wolsing-radarsec, title = {Network Attacks Against Marine Radar Systems: A Taxonomy, Simulation Environment, and Dataset}, year = {2022}, month = {9}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-radar.pdf}, publisher = {IEEE}, event_place = {Edmonton, Canada}, event_name = {47th IEEE Conference on Local Computer Networks (LCN)}, event_date = {September 26-29, 2022}, DOI = {10.1109/LCN53696.2022.9843801}, reviewed = {1}, author = {Wolsing, Konrad and Saillard, Antoine and Bauer, Jan and Wagner, Eric and van Sloun, Christian and Fink, Ina Berenice and Schmidt, Mari and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2022-wolsing-simple, title = {Can Industrial Intrusion Detection Be SIMPLE?}, year = {2022}, month = {9}, volume = {978-3-031-17143-7}, pages = {574--594}, abstract = {Cyberattacks against industrial control systems pose a serious risk to the safety of humans and the environment. Industrial intrusion detection systems oppose this threat by continuously monitoring industrial processes and alerting any deviations from learned normal behavior. To this end, various streams of research rely on advanced and complex approaches, i.e., artificial neural networks, thus achieving allegedly high detection rates. However, as we show in an analysis of 70 approaches from related work, their inherent complexity comes with undesired properties. For example, they exhibit incomprehensible alarms and models only specialized personnel can understand, thus limiting their broad applicability in a heterogeneous industrial domain. Consequentially, we ask whether industrial intrusion detection indeed has to be complex or can be SIMPLE instead, i.e., Sufficient to detect most attacks, Independent of hyperparameters to dial-in, Meaningful in model and alerts, Portable to other industrial domains, Local to a part of the physical process, and computationally Efficient. To answer this question, we propose our design of four SIMPLE industrial intrusion detection systems, such as simple tests for the minima and maxima of process values or the rate at which process values change. Our evaluation of these SIMPLE approaches on four state-of-the-art industrial security datasets reveals that SIMPLE approaches can perform on par with existing complex approaches from related work while simultaneously being comprehensible and easily portable to other scenarios. Thus, it is indeed justified to raise the question of whether industrial intrusion detection needs to be inherently complex.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-simple.pdf}, editor = {Atluri, Vijayalakshmi and Di Pietro, Roberto and Jensen, Christian D. and Meng, Weizhi}, publisher = {Springer Nature Switzerland}, booktitle = {Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS '22), September 26-30, 2022, Copenhagen, Denmark}, event_place = {Copenhagen, Denmark}, event_name = {27th European Symposium on Research in Computer Security (ESORICS)}, event_date = {September 26-30, 2022}, DOI = {10.1007/978-3-031-17143-7_28}, reviewed = {1}, author = {Wolsing, Konrad and Thiemt, Lea and van Sloun, Christian and Wagner, Eric and Wehrle, Klaus and Henze, Martin} } @Proceedings { 2022-serror-cset, title = {PowerDuck: A GOOSE Data Set of Cyberattacks in Substations}, year = {2022}, month = {8}, day = {8}, pages = {5}, keywords = {data sets, network traffic, smart grid security, IDS}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-serror-cset-powerduck.pdf}, publisher = {ACM}, address = {New York, NY, USA}, howpublished = {online}, event_place = {Virtual}, event_name = {Cyber Security Experimentation and Test Workshop (CSET 2022)}, event_date = {August 8, 2022}, ISBN = {978-1-4503-9684-4/22/08}, DOI = {10.1145/3546096.3546102}, reviewed = {1}, author = {Zemanek, Sven and Hacker, Immanuel and Wolsing, Konrad and Wagner, Eric and Henze, Martin and Serror, Martin} } @Inproceedings { 2022_dahlmanns_tlsiiot, title = {Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things}, year = {2022}, month = {5}, day = {31}, pages = {252-266}, abstract = {The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space. Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 \% vs. 0.4 \%), the overall adoption of TLS is comparably low (6.5 \% of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 \% of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.}, keywords = {industrial communication; network security; security configuration}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan}, event_place = {Nagasaki, Japan}, event_name = {ASIACCS '22}, event_date = {May 30-June 3, 2022}, ISBN = {978-1-4503-9140-5/22/05}, DOI = {10.1145/3488932.3497762}, reviewed = {1}, author = {Dahlmanns, Markus and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Bodenhausen, J{\"o}rn and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2022_kus_iids_generalizability, title = {A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection}, year = {2022}, month = {5}, day = {30}, pages = {73-84}, abstract = {Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 \%. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 \% and 14.7 \% for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.}, keywords = {anomaly detection; machine learning; industrial control system}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan}, ISBN = {978-1-4503-9176-4/22/05}, DOI = {10.1145/3494107.3522773}, reviewed = {1}, author = {Kus, Dominik and Wagner, Eric and Pennekamp, Jan and Wolsing, Konrad and Fink, Ina Berenice and Dahlmanns, Markus and Wehrle, Klaus and Henze, Martin} } @Inproceedings { WagnerSWH2022, title = {BP-MAC: Fast Authentication for Short Messages}, year = {2022}, month = {5}, day = {18}, pages = {201-206}, url = {/fileadmin/papers/2022/2022-wagner-bpmac.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)}, event_place = {San Antonio, Texas, USA}, event_name = {15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)}, ISBN = {978-1-4503-9216-7/22/05}, DOI = {10.1145/3507657.3528554}, reviewed = {1}, author = {Wagner, Eric and Serror, Martin and Wehrle, Klaus and Henze, Martin} } @Inproceedings { WagnerBH2022, title = {Take a Bite of the Reality Sandwich: Revisiting the Security of Progressive Message Authentication Codes}, year = {2022}, month = {5}, day = {18}, pages = {207-221}, url = {/fileadmin/papers/2022/2022-wagner-r2d2.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)}, event_place = {San Antonio, Texas, USA}, event_name = {15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)}, ISBN = {978-1-4503-9216-7/22/05}, DOI = {10.1145/3507657.3528539}, reviewed = {1}, author = {Wagner, Eric and Bauer, Jan and Henze, Martin} } @Inproceedings { 2022_wagner_ccchain, title = {Scalable and Privacy-Focused Company-Centric Supply Chain Management}, year = {2022}, month = {5}, day = {4}, abstract = {Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.}, keywords = {supply chain management; blockchain; permissionless; deployment; tracing and tracking; privacy}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wagner-ccchain.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China}, event_place = {Shanghai, China}, event_date = {May 2-5, 2022}, ISBN = {978-1-6654-9538-7/22}, DOI = {10.1109/ICBC54727.2022.9805503}, reviewed = {1}, author = {Wagner, Eric and Matzutt, Roman and Pennekamp, Jan and Bader, Lennart and Bajelidze, Irakli and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2021_pennekamp_laser, title = {Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use}, year = {2021}, month = {12}, day = {21}, abstract = {Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf}, publisher = {ACSA}, booktitle = {Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_name = {Learning from Authoritative Security Experiment Results (LASER '20)}, event_date = {December 8, 2020}, ISBN = {978-1-891562-81-5}, DOI = {10.14722/laser-acsac.2020.23088}, reviewed = {1}, author = {Pennekamp, Jan and Buchholz, Erik and Dahlmanns, Markus and Kunze, Ike and Braun, Stefan and Wagner, Eric and Brockmann, Matthias and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2021-hemminghaus-sigmar, title = {SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures}, year = {2021}, month = {11}, day = {25}, abstract = {Distributed maritime bridge systems are customary standard equipment on today’s commercial shipping and cruising vessels. The exchange of nautical data, e.g., geographical positions, is usually implemented using multicast network communication without security measures, which poses serious risks to the authenticity and integrity of transmitted data. In this paper, we introduce digital SIGnatures for MARitime systems (SIGMAR), a low-cost solution to seamlessly retrofit authentication of nautical data based on asymmetric cryptography. Extending the existing IEC 61162-450 protocol makes it is possible to build a backward-compatible authentication mechanism that prevents common cyber attacks. The development was successfully accompanied by permanent investigations in a bridge simulation environment, including a maritime cyber attack generator. We demonstrate SIGMAR’s feasibility by introducing a proof-of-concept implementation on low-cost and low-resource hardware and present a performance analysis of our approach.}, keywords = {Maritime Cyber Security;Authentication;Integrity;IEC 61162-450;NMEA 0183}, publisher = {IEEE}, booktitle = {In Proceedings of the International Symposium on Networks, Computers and Communications (ISNCC)}, event_place = {Dubai, United Arab Emirates}, event_name = {International Symposium on Networks, Computers and Communications}, event_date = {31 Oct.-2 Nov. 2021}, DOI = {10.1109/ISNCC52172.2021.9615738}, reviewed = {1}, author = {Hemminghaus, Christian and Bauer, Jan and Wolsing, Konrad} } @Inproceedings { 2021_mitseva_sequences, title = {POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages}, year = {2021}, month = {11}, day = {17}, pages = {2411-2413}, abstract = {Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20\% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface.}, keywords = {Traffic Analysis; Website Fingerprinting; Web Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, event_place = {Seoul, Korea}, event_date = {November 15-19, 2021}, ISBN = {978-1-4503-8454-4/21/11}, DOI = {10.1145/3460120.3485347}, reviewed = {1}, author = {Mitseva, Asya and Pennekamp, Jan and Lohm{\"o}ller, Johannes and Ziemann, Torsten and Hoerchner, Carl and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2021_pennekamp_bootstrapping, title = {Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships}, year = {2021}, month = {11}, day = {15}, number = {RWTH-2021-09499}, abstract = {In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment.}, keywords = {bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf}, publisher = {RWTH Aachen University}, booktitle = {Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, institution = {RWTH Aachen University}, event_place = {Seoul, Korea}, event_date = {November 14, 2021}, DOI = {10.18154/RWTH-2021-09499}, author = {Pennekamp, Jan and Fuhrmann, Frederik and Dahlmanns, Markus and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2021_reuter_demo, title = {Demo: Traffic Splitting for Tor — A Defense against Fingerprinting Attacks}, year = {2021}, month = {9}, day = {14}, abstract = {Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis.}, note = {Electronic Communications of the EASST, Volume 080}, keywords = {Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf}, publisher = {TU Berlin}, booktitle = {Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, L{\"u}beck, Germany}, event_place = {L{\"u}beck, Germany}, event_date = {September 13-16, 2021}, ISSN = {1863-2122}, DOI = {10.14279/tuj.eceasst.80.1151}, reviewed = {1}, author = {Reuter, Sebastian and Hiller, Jens and Pennekamp, Jan and Panchenko, Andriy and Wehrle, Klaus} } @Article { 2021_pennekamp_accountable_manufacturing, title = {The Road to Accountable and Dependable Manufacturing}, journal = {Automation}, year = {2021}, month = {9}, day = {13}, volume = {2}, number = {3}, pages = {202-219}, abstract = {The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust.}, keywords = {blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf}, publisher = {MDPI}, ISSN = {2673-4052}, DOI = {10.3390/automation2030013}, reviewed = {1}, author = {Pennekamp, Jan and Matzutt, Roman and Kanhere, Salil S. and Hiller, Jens and Wehrle, Klaus} } @Article { 2021_matzutt_coinprune_v2, title = {CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively}, journal = {IEEE Transactions on Network and Service Management}, year = {2021}, month = {9}, day = {10}, volume = {18}, number = {3}, pages = {3064-3078}, abstract = {Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf}, language = {English}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2021.3073270}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Article { 2021_pennekamp_ercim, title = {Unlocking Secure Industrial Collaborations through Privacy-Preserving Computation}, journal = {ERCIM News}, year = {2021}, month = {7}, day = {9}, volume = {126}, pages = {24-25}, abstract = {In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-ercim-news.pdf}, web_url = {https://ercim-news.ercim.eu/en126/special/unlocking-secure-industrial-collaborations-through-privacy-preserving-computation}, publisher = {ERCIM EEIG}, ISSN = {0926-4981}, author = {Pennekamp, Jan and Henze, Martin and Wehrle, Klaus} } @Article { 2021_buckhorst_lmas, title = {Holarchy for Line-less Mobile Assembly Systems Operation in the Context of the Internet of Production}, journal = {Procedia CIRP}, year = {2021}, month = {5}, day = {3}, volume = {99}, pages = {448-453}, abstract = {Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike.}, note = {Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy}, keywords = {Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf}, publisher = {Elsevier}, event_place = {Gulf of Naples, Italy}, event_date = {July 14-17, 2020}, ISSN = {2212-8271}, DOI = {10.1016/j.procir.2021.03.064}, reviewed = {1}, author = {Buckhorst, Armin F. and Montavon, Benjamin and Wolfschl{\"a}ger, Dominik and Buchsbaum, Melanie and Shahidi, Amir and Petruck, Henning and Kunze, Ike and Pennekamp, Jan and Brecher, Christian and H{\"u}sing, Mathias and Corves, Burkhard and Nitsch, Verena and Wehrle, Klaus and Schmitt, Robert H.} } @Article { 2021_bader_privaccichain, title = {Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability}, journal = {Information Processing \& Management}, year = {2021}, month = {5}, day = {1}, volume = {58}, number = {3}, abstract = {The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships.}, keywords = {multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf}, publisher = {Elsevier}, ISSN = {0306-4573}, DOI = {10.1016/j.ipm.2021.102529}, reviewed = {1}, author = {Bader, Lennart and Pennekamp, Jan and Matzutt, Roman and Hedderich, David and Kowalski, Markus and Lücken, Volker and Wehrle, Klaus} } @Inproceedings { 2021_dahlmanns_entrust, title = {Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems}, year = {2021}, month = {4}, day = {28}, pages = {78–87}, abstract = {The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems.}, keywords = {cyber-physical system security; publish-subscribe security; end-to-end security}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA}, event_place = {Virtual Event, USA}, event_name = {ACM Workshop on Secure and Trustworthy Cyber-Physical Systems}, event_date = {April 28, 2021}, ISBN = {978-1-4503-8319-6/21/04}, DOI = {10.1145/3445969.3450423}, reviewed = {1}, author = {Dahlmanns, Markus and Pennekamp, Jan and Fink, Ina Berenice and Schoolmann, Bernd and Wehrle, Klaus and Henze, Martin} } @Article { 2021-wehrle-energy, title = {A Novel Receiver Design for Energy Packet‐Based Dispatching}, journal = {Energy Technology}, year = {2021}, volume = {9}, number = {2}, DOI = {10.1002/ente.202000937}, reviewed = {1}, author = {Wiegel, Friedirch and De Din, Edoardo and Monti, Antonello and Wehrle, Klaus and Hiller, Marc and Zitterbart, Martina and Hagenmeyer, Veit} } @Inproceedings { 2020_pennekamp_benchmarking, title = {Revisiting the Privacy Needs of Real-World Applicable Company Benchmarking}, year = {2020}, month = {12}, day = {15}, pages = {31-44}, abstract = {Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of companies using secure multi-party computation or homomorphic encryption. However, related work so far does not consider that also the benchmarking algorithm, used in today's applied real-world scenarios to compute all relevant statistics, itself contains significant intellectual property, and thus needs to be protected. Addressing this issue, we present PCB — a practical design for Privacy-preserving Company Benchmarking that utilizes homomorphic encryption and a privacy proxy — which is specifically tailored for realistic real-world applications in which we protect companies' sensitive input data and the valuable algorithms used to compute underlying key performance indicators. We evaluate PCB's performance using synthetic measurements and showcase its applicability alongside an actual company benchmarking performed in the domain of injection molding, covering 48 distinct key performance indicators calculated out of hundreds of different input values. By protecting the privacy of all participants, we enable them to fully profit from the benefits of company benchmarking.}, keywords = {practical encrypted computing; homomorphic encryption; algorithm confidentiality; benchmarking; key performance indicators; industrial application; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-company-benchmarking.pdf}, web_url = {https://eprint.iacr.org/2020/1512}, publisher = {HomomorphicEncryption.org}, booktitle = {Proceedings of the 8th Workshop on Encrypted Computing \& Applied Homomorphic Cryptography (WAHC '20), December 15, 2020, Virtual Event}, event_place = {Virtual Event}, event_date = {December 15, 2020}, ISBN = {978-3-00-067798-4}, DOI = {10.25835/0072999}, reviewed = {1}, author = {Pennekamp, Jan and Sapel, Patrick and Fink, Ina Berenice and Wagner, Simon and Reuter, Sebastian and Hopmann, Christian and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2020_pennekamp_parameter_exchange, title = {Privacy-Preserving Production Process Parameter Exchange}, year = {2020}, month = {12}, day = {10}, pages = {510-525}, abstract = {Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging valuable production data entails the risk of improper use of potentially sensitive information. Therefore, companies hesitate to offer their production data, e.g., process parameters that would allow other companies to establish new production lines faster, against a quid pro quo. Nevertheless, the expected benefits of industrial collaboration, data exchanges, and the utilization of external knowledge are significant. In this paper, we introduce our Bloom filter-based Parameter Exchange (BPE), which enables companies to exchange process parameters privacy-preservingly. We demonstrate the applicability of our platform based on two distinct real-world use cases: injection molding and machine tools. We show that BPE is both scalable and deployable for different needs to foster industrial collaborations. Thereby, we reward data-providing companies with payments while preserving their valuable data and reducing the risks of data leakage.}, keywords = {secure industrial collaboration; Bloom filter; oblivious transfer; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-parameter-exchange.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_date = {December 7-11, 2020}, ISBN = {978-1-4503-8858-0/20/12}, DOI = {10.1145/3427228.3427248}, reviewed = {1}, author = {Pennekamp, Jan and Buchholz, Erik and Lockner, Yannik and Dahlmanns, Markus and Xi, Tiandong and Fey, Marcel and Brecher, Christian and Hopmann, Christian and Wehrle, Klaus} } @Inproceedings { 2020_delacadena_trafficsliver, title = {TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting}, year = {2020}, month = {11}, day = {12}, pages = {1971-1985}, abstract = {Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only. To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98\% to less than 16\% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network.}, keywords = {Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf}, web_url = {https://github.com/TrafficSliver}, publisher = {ACM}, booktitle = {Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA}, event_place = {Virtual Event, USA}, event_date = {November 9-13, 2020}, ISBN = {978-1-4503-7089-9/20/11}, DOI = {10.1145/3372297.3423351}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Hiller, Jens and Pennekamp, Jan and Reuter, Sebastian and Filter, Julian and Wehrle, Klaus and Engel, Thomas and Panchenko, Andriy} } @Inproceedings { 2020-hiller-ccs-crosssigning, title = {The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures}, year = {2020}, month = {11}, day = {11}, pages = {1289-1306}, keywords = {PKI; X.509; SSL; TLS; cross-signing; cross certification}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-hiller-ccs-cross_signing.pdf}, web_url = {https://github.com/pki-xs-analysis}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.}, event_place = {Orlando, FL, USA}, event_date = {November 9-13, 2020}, DOI = {10.1145/3372297.3423345}, reviewed = {1}, author = {Hiller, Jens and Amann, Johanna and Hohlfeld, Oliver} } @Inproceedings { 2020-wolsing-facilitating, title = {Poster: Facilitating Protocol-independent Industrial Intrusion Detection Systems}, year = {2020}, month = {11}, day = {9}, abstract = {Cyber-physical systems are increasingly threatened by sophisticated attackers, also attacking the physical aspect of systems. Supplementing protective measures, industrial intrusion detection systems promise to detect such attacks. However, due to industrial protocol diversity and lack of standard interfaces, great efforts are required to adapt these technologies to a large number of different protocols. To address this issue, we identify existing universally applicable intrusion detection approaches and propose a transcription for industrial protocols to realize protocol-independent semantic intrusion detection on top of different industrial protocols.}, keywords = {Intrusion Detection; IDS; Industrial Protocols; CPS; IEC-60870-5-104; Modbus; NMEA 0183}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-wolsing-facilitating.pdf}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.}, event_place = {Virtual Event, USA}, event_date = {November 9-13, 2020}, DOI = {10.1145/3372297.3420019}, reviewed = {1}, author = {Wolsing, Konrad and Wagner, Eric and Henze, Martin} } @Inproceedings { 2020-henze-ccs-cybersecurity, title = {Poster: Cybersecurity Research and Training for Power Distribution Grids -- A Blueprint}, year = {2020}, month = {11}, day = {9}, abstract = {Mitigating cybersecurity threats in power distribution grids requires a testbed for cybersecurity, e.g., to evaluate the (physical) impact of cyberattacks, generate datasets, test and validate security approaches, as well as train technical personnel. In this paper, we present a blueprint for such a testbed that relies on network emulation and power flow computation to couple real network applications with a simulated power grid. We discuss the benefits of our approach alongside preliminary results and various use cases for cybersecurity research and training for power distribution grids.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-henze-ccs-cybersecurity.pdf}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.}, event_place = {Virtual Event, USA}, event_date = {November 9-13, 2020}, DOI = {10.1145/3372297.3420016}, reviewed = {1}, author = {Henze, Martin and Bader, Lennart and Filter, Julian and Lamberts, Olav and Ofner, Simon and van der Velde, Dennis} } @Inproceedings { 2020-dahlmanns-imc-opcua, title = {Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments}, year = {2020}, month = {10}, day = {27}, pages = {101-110}, abstract = {Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24\% of hosts), disabled security functionality (24\%), or use of deprecated cryptographic primitives (25\%) on in total 92\% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.}, keywords = {industrial communication; network security; security configuration}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA}, event_place = {Pittsburgh, PA, USA}, event_name = {ACM Internet Measurement Conference 2020}, event_date = {October 27-29, 2020}, ISBN = {978-1-4503-8138-3/20/10}, DOI = {10.1145/3419394.3423666}, reviewed = {1}, author = {Dahlmanns, Markus and Lohm{\"o}ller, Johannes and Fink, Ina Berenice and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Article { serror-iiotsec-tii-2020, title = {Challenges and Opportunities in Securing the Industrial Internet of Things}, journal = {IEEE Transactions on Industrial Informatics}, year = {2020}, month = {9}, day = {11}, volume = {17}, number = {5}, pages = {2985-2996}, tags = {nerd-nrw}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-serror-tii-iiotsec.pdf}, web_url = {https://ieeexplore.ieee.org/document/9195014}, howpublished = {online}, ISSN = {1941-0050}, DOI = {10.1109/TII.2020.3023507}, reviewed = {1}, author = {Serror, Martin and Hack, Sacha and Henze, Martin and Schuba, Marko and Wehrle, Klaus} } @Article { 2020-holz-ccr-tls13, title = {Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization}, journal = {ACM SIGCOMM Computer Communications Review (CCR)}, year = {2020}, month = {7}, volume = {50}, number = {3}, pages = {3-15}, note = {Selected for the 'Best of CCR' session at SIGCOMM 2021.}, url = {https://ccronline.sigcomm.org/wp-content/uploads/2020/08/sigcomm-ccr-paper430-with-open-review.pdf}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, DOI = {10.1145/3411740.3411742}, reviewed = {1}, author = {Holz, Ralph and Hiller, Jens and Amann, Johanna and Razaghpanah, Abbas and Jost, Thomas and Vallina-Rodriguez, Narseo and Hohlfeld, Oliver} } @Inproceedings { 2020_matzutt_coinprune, title = {How to Securely Prune Bitcoin’s Blockchain}, year = {2020}, month = {6}, day = {24}, pages = {298-306}, abstract = {Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coinprune.pdf}, web_url = {https://coinprune.comsys.rwth-aachen.de}, publisher = {IEEE}, booktitle = {Proceedings of the 19th IFIP Networking 2020 Conference (NETWORKING '20), June 22-26, 2020, Paris, France}, event_place = {Paris, France}, event_name = {NETWORKING 2020}, event_date = {June 22-26, 2020}, ISBN = {978-3-903176-28-7}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2020_pennekamp_supply_chain_accountability, title = {Private Multi-Hop Accountability for Supply Chains}, year = {2020}, month = {6}, day = {7}, abstract = {Today's supply chains are becoming increasingly flexible in nature. While adaptability is vastly increased, these more dynamic associations necessitate more extensive data sharing among different stakeholders while simultaneously overturning previously established levels of trust. Hence, manufacturers' demand to track goods and to investigate root causes of issues across their supply chains becomes more challenging to satisfy within these now untrusted environments. Complementarily, suppliers need to keep any data irrelevant to such routine checks secret to remain competitive. To bridge the needs of contractors and suppliers in increasingly flexible supply chains, we thus propose to establish a privacy-preserving and distributed multi-hop accountability log among the involved stakeholders based on Attribute-based Encryption and backed by a blockchain. Our large-scale feasibility study is motivated by a real-world manufacturing process, i.e., a fine blanking line, and reveals only modest costs for multi-hop tracing and tracking of goods.}, keywords = {supply chain; multi-hop tracking and tracing; blockchain; attribute-based encryption; Internet of Production}, tags = {internet-of-production}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-supply-chain-privacy.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2020 IEEE International Conference on Communications Workshops (ICC Workshops '20), 1st Workshop on Blockchain for IoT and Cyber-Physical Systems (BIoTCPS '20), June 7-11, 2020, Dublin, Ireland}, event_place = {Dublin, Ireland}, event_date = {June 7-11, 2020}, ISBN = {978-1-7281-7440-2}, ISSN = {2474-9133}, DOI = {10.1109/ICCWorkshops49005.2020.9145100}, reviewed = {1}, author = {Pennekamp, Jan and Bader, Lennart and Matzutt, Roman and Niemietz, Philipp and Trauth, Daniel and Henze, Martin and Bergs, Thomas and Wehrle, Klaus} } @Inproceedings { 2020_roepert_opcua, title = {Assessing the Security of OPC UA Deployments}, year = {2020}, month = {4}, day = {2}, abstract = {To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf}, misc2 = {en}, publisher = {University of T{\"u}bingen}, booktitle = {Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, T{\"u}bingen, Germany}, event_place = {T{\"u}bingen, Germany}, event_date = {April 2-3, 2020}, DOI = {10.15496/publikation-41813}, reviewed = {1}, author = {Roepert, Linus and Dahlmanns, Markus and Fink, Ina Berenice and Pennekamp, Jan and Henze, Martin} } @Inproceedings { 2020-kosek-tcp-conformance, title = {MUST, SHOULD, DON'T CARE: TCP Conformance in the Wild}, year = {2020}, month = {3}, day = {30}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-kosek-tcp-conformance-v2.pdf}, web_url2 = {https://arxiv.org/abs/2002.05400}, publisher = {Springer}, booktitle = {Proceedings of the Passive and Active Measurement Conference (PAM '20)}, event_place = {Eugene, Oregon, USA}, event_name = {Passive and Active Measurement Conference (PAM 2020)}, event_date = {30.03.2020 - 31.03.2020}, language = {en}, DOI = {https://doi.org/10.1007/978-3-030-44081-7_8}, reviewed = {1}, author = {Kosek, Mike and Bl{\"o}cher, Leo and R{\"u}th, Jan and Zimmermann, Torsten and Hohlfeld, Oliver} } @Article { 2019-kunze-ccwild-tnsm, title = {Congestion Control in the Wild - Investigating Content Provider Fairness}, journal = {IEEE Transactions on Network and Service Management}, year = {2019}, month = {12}, day = {27}, volume = {17}, number = {2}, pages = {1224 - 1238}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-kunze-ccwild-tnsm.pdf}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2019.2962607}, reviewed = {1}, author = {Kunze, Ike and R{\"u}th, Jan and Hohlfeld, Oliver} } @Inproceedings { 2019-krude-online-reprogramming, title = {Online Reprogrammable Multi Tenant Switches}, year = {2019}, month = {12}, day = {9}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-krude-online-reprogramming.pdf}, publisher = {ACM}, booktitle = {1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms (ENCP '19)}, ISBN = {978-1-4503-7000-4/19/12}, DOI = {10.1145/3359993.3366643}, reviewed = {1}, author = {Krude, Johannes and Hofmann, Jaco and Eichholz, Matthias and Wehrle, Klaus and Koch, Andreas and Mezini, Mira} } @Inproceedings { 2019-rueth-quic-userstudy, title = {Perceiving QUIC: Do Users Notice or Even Care?}, year = {2019}, month = {12}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-quic-userstudy.pdf}, web_url2 = {https://arxiv.org/abs/1910.07729}, publisher = {ACM}, booktitle = {In Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies (CoNEXT '19)}, event_place = {Orlando, Florida, USA}, event_name = {International Conference on emerging Networking EXperiments and Technologies}, event_date = {9.12.2019-12.12.2019}, DOI = {10.1145/3359989.3365416}, reviewed = {1}, author = {R{\"u}th, Jan and Wolsing, Konrad and Wehrle, Klaus and Hohlfeld, Oliver} } @Inproceedings { 2019_delacadena_countermeasure, title = {POSTER: Traffic Splitting to Counter Website Fingerprinting}, year = {2019}, month = {11}, day = {12}, pages = {2533-2535}, abstract = {Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95\% to less than 35\% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom}, event_place = {London, United Kingdom}, event_date = {November 11-15, 2019}, ISBN = {978-1-4503-6747-9/19/11}, DOI = {10.1145/3319535.3363249}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Pennekamp, Jan and Hiller, Jens and Lanze, Fabian and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019_pennekamp_dataflows, title = {Dataflow Challenges in an Internet of Production: A Security \& Privacy Perspective}, year = {2019}, month = {11}, day = {11}, pages = {27-38}, abstract = {The Internet of Production (IoP) envisions the interconnection of previously isolated CPS in the area of manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality as well as reduced product development costs and time to market. This interconnection of CPS will lead to a plethora of new dataflows, especially between (partially) distrusting entities. In this paper, we identify and illustrate these envisioned inter-organizational dataflows and the participating entities alongside two real-world use cases from the production domain: a fine blanking line and a connected job shop. Our analysis allows us to identify distinct security and privacy demands and challenges for these new dataflows. As a foundation to address the resulting requirements, we provide a survey of promising technical building blocks to secure inter-organizational dataflows in an IoP and propose next steps for future research. Consequently, we move an important step forward to overcome security and privacy concerns as an obstacle for realizing the promised potentials in an Internet of Production.}, keywords = {Internet of Production; dataflows; Information Security}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-dataflows.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 5th ACM Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '19), co-located with the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom}, event_place = {London, United Kingdom}, event_date = {November 11-15, 2019}, ISBN = {978-1-4503-6831-5/19/11}, DOI = {10.1145/3338499.3357357}, reviewed = {1}, author = {Pennekamp, Jan and Henze, Martin and Schmidt, Simo and Niemietz, Philipp and Fey, Marcel and Trauth, Daniel and Bergs, Thomas and Brecher, Christian and Wehrle, Klaus} } @Inproceedings { 2019-hiller-lcn-sessionsharing, title = {The Case for Session Sharing: Relieving Clients from TLS Handshake Overheads}, year = {2019}, month = {10}, day = {14}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-lcn-case_for_tls_session_sharing.pdf}, publisher = {IEEE}, booktitle = {IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), Osnabr{\"u}ck, Germany}, event_place = {Osnabr{\"u}ck, Germany}, event_name = {44th IEEE Conference on Local Computer Networks (LCN)}, event_date = {October 14-17, 2019}, language = {en}, ISBN = {978-1-7281-2561-9}, DOI = {10.1109/LCNSymposium47956.2019.9000667}, reviewed = {1}, author = {Hiller, Jens and Henze, Martin and Zimmermann, Torsten and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2019-hiller-icnp-tailoringOR, title = {Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments}, year = {2019}, month = {10}, day = {10}, abstract = {An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888033}, reviewed = {1}, author = {Hiller, Jens and Pennekamp, Jan and Dahlmanns, Markus and Henze, Martin and Panchenko, Andriy and Wehrle, Klaus} } @Inproceedings { 2019_pennekamp_multipath, title = {Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing}, year = {2019}, month = {10}, day = {7}, abstract = {Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.}, note = {Poster Session}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888029}, reviewed = {1}, author = {Pennekamp, Jan and Hiller, Jens and Reuter, Sebastian and De la Cadena, Wladimir and Mitseva, Asya and Henze, Martin and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019-dahlmanns-icnp-knowledgeSystem, title = {Privacy-Preserving Remote Knowledge System}, year = {2019}, month = {10}, day = {7}, abstract = {More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.}, note = {Poster Session}, keywords = {private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer}, tags = {kimusin; internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888121}, reviewed = {1}, author = {Dahlmanns, Markus and Dax, Chris and Matzutt, Roman and Pennekamp, Jan and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2019-hiller-aeit-regaining, title = {Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids}, year = {2019}, month = {9}, abstract = {Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.}, note = {ECSEL; European Union (EU); Horizon 2020; CONNECT Innovative smart components, modules and appliances for a truly connected, efficient and secure smart grid; Grant Agreement No 737434}, tags = {connect}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-aeit-regaining.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy}, event_place = {Firenze, Italy}, event_name = {AEIT International Annual Conference}, event_date = {September 18-20, 2019}, ISBN = {978-8-8872-3745-0}, DOI = {10.23919/AEIT.2019.8893406}, reviewed = {1}, author = {Hiller, Jens and Komanns, Karsten and Dahlmanns, Markus and Wehrle, Klaus} } @Inproceedings { 2019-sander-depcci, title = {DeePCCI: Deep Learning-based Passive Congestion Control Identification}, year = {2019}, month = {8}, day = {18}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-sander-deepcci.pdf}, web_url2 = {https://arxiv.org/abs/1907.02323}, publisher = {ACM}, booktitle = {In Proceedings of the ACM SIGCOMM Workshop on Network Meets AI \& ML (NetAI '19)}, event_place = {Beijing, China}, event_name = {Workshop on Network Meets AI \& ML}, event_date = {18.08.2019}, DOI = {10.1145/3341216.3342211}, reviewed = {1}, author = {Sander, Constantin and R{\"u}th, Jan and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2019-wolsing-quicperf, title = {A Performance Perspective on Web Optimized Protocol Stacks: TCP+TLS+HTTP/2 vs. QUIC}, year = {2019}, month = {7}, day = {22}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-wolsing-quicperf.pdf}, web_url2 = {https://arxiv.org/abs/1906.07415}, publisher = {ACM}, booktitle = {In Proceedings of the Applied Networking Research Workshop (ANRW '19)}, event_place = {Montreal, Quebec, Canada}, event_name = {Applied Networking Research Workshop at IETF-105}, event_date = {2019-07-22}, DOI = {10.1145/3340301.3341123}, reviewed = {1}, author = {Wolsing, Konrad and R{\"u}th, Jan and Wehrle, Klaus and Hohlfeld, Oliver} } @Inproceedings { 2019-hohlfeld-bpfperf, title = {Demystifying the Performance of XDP BPF}, year = {2019}, month = {6}, day = {25}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-bpfperf.pdf}, publisher = {IEEE}, booktitle = {IEEE International Conference on Network Softwarization (NetSoft)}, event_name = {IEEE International Conference on Network Softwarization}, DOI = {10.1109/NETSOFT.2019.8806651}, reviewed = {1}, author = {Hohlfeld, Oliver and Krude, Johannes and Reelfs, Jens Helge and R{\"u}th, Jan and Wehrle, Klaus} } @Inproceedings { 2019-rueth-ccfness, title = {An Empirical View on Content Provider Fairness}, year = {2019}, month = {6}, day = {19}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-ccfness.pdf}, web_url2 = {https://arxiv.org/abs/1905.07152}, publisher = {IFIP/IEEE}, booktitle = {In Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '19)}, event_place = {Paris, France}, event_name = {Network Traffic Measurement and Analysis Conference}, event_date = {19.06.2019 - 21.06.2019}, DOI = {10.23919/TMA.2019.8784684}, reviewed = {1}, author = {R{\"u}th, Jan and Kunze, Ike and Hohlfeld, Oliver} } @Inproceedings { 2019_pennekamp_doppelganger, title = {Hi Doppelg{\"a}nger: Towards Detecting Manipulation in News Comments}, year = {2019}, month = {5}, day = {13}, pages = {197-205}, abstract = {Public opinion manipulation is a serious threat to society, potentially influencing elections and the political situation even in established democracies. The prevalence of online media and the opportunity for users to express opinions in comments magnifies the problem. Governments, organizations, and companies can exploit this situation for biasing opinions. Typically, they deploy a large number of pseudonyms to create an impression of a crowd that supports specific opinions. Side channel information (such as IP addresses or identities of browsers) often allows a reliable detection of pseudonyms managed by a single person. However, while spoofing and anonymizing data that links these accounts is simple, a linking without is very challenging. In this paper, we evaluate whether stylometric features allow a detection of such doppelg{\"a}ngers within comment sections on news articles. To this end, we adapt a state-of-the-art doppelg{\"a}ngers detector to work on small texts (such as comments) and apply it on three popular news sites in two languages. Our results reveal that detecting potential doppelg{\"a}ngers based on linguistics is a promising approach even when no reliable side channel information is available. Preliminary results following an application in the wild shows indications for doppelg{\"a}ngers in real world data sets.}, keywords = {online manipulation; doppelg{\"a}nger detection; stylometry}, tags = {comtex}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-doppelganger.pdf}, publisher = {ACM}, booktitle = {Companion Proceedings of the 2019 World Wide Web Conference (WWW '19 Companion), 4th Workshop on Computational Methods in Online Misbehavior (CyberSafety '19), May 13–17, 2019, San Francisco, CA, USA}, event_place = {San Francisco, California, USA}, event_date = {May 13-17, 2019}, ISBN = {978-1-4503-6675-5/19/05}, DOI = {10.1145/3308560.3316496}, reviewed = {1}, author = {Pennekamp, Jan and Henze, Martin and Hohlfeld, Oliver and Panchenko, Andriy} } @Inproceedings { ReelfsMHH2019, title = {Hashtag Usage in a Geographically-Local Microblogging App}, year = {2019}, month = {5}, day = {13}, pages = {919-927}, keywords = {Anonymous Messaging; Location Based Messaging; User Behavior and Engagement; Information Diffusion; Hashtag}, tags = {comtex}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-reelfs-jodel-hashtags.pdf}, publisher = {ACM}, booktitle = {Companion Proceedings of the 2019 World Wide Web Conference (WWW '19 Companion), 9th International Workshop on Location and the Web (LocWeb '19), May 13–17, 2019, San Francisco, CA, USA}, event_place = {San Francisco, California, USA}, event_name = {International Workshop on Location and the Web}, event_date = {May 13–17, 2019}, ISBN = {978-1-4503-6675-5/19/05}, DOI = {10.1145/3308560.3316537}, reviewed = {1}, author = {Reelfs, Helge and Mohaupt, Timon and Hohlfeld, Oliver and Henckell, Niklas} } @Inproceedings { 2019_pennekamp_infrastructure, title = {Towards an Infrastructure Enabling the Internet of Production}, year = {2019}, month = {5}, day = {8}, pages = {31-37}, abstract = {New levels of cross-domain collaboration between manufacturing companies throughout the supply chain are anticipated to bring benefits to both suppliers and consumers of products. Enabling a fine-grained sharing and analysis of data among different stakeholders in an automated manner, such a vision of an Internet of Production (IoP) introduces demanding challenges to the communication, storage, and computation infrastructure in production environments. In this work, we present three example cases that would benefit from an IoP (a fine blanking line, a high pressure die casting process, and a connected job shop) and derive requirements that cannot be met by today’s infrastructure. In particular, we identify three orthogonal research objectives: (i) real-time control of tightly integrated production processes to offer seamless low-latency analysis and execution, (ii) storing and processing heterogeneous production data to support scalable data stream processing and storage, and (iii) secure privacy-aware collaboration in production to provide a basis for secure industrial collaboration. Based on a discussion of state-of-the-art approaches for these three objectives, we create a blueprint for an infrastructure acting as an enabler for an IoP.}, keywords = {Internet of Production; Cyber-Physical Systems; Data Processing; Low Latency; Secure Industrial Collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-iop-infrastructure.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2nd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '19), May 6-9, 2019, Taipei, TW}, event_place = {Taipei, TW}, event_date = {May 6-9, 2019}, ISBN = {978-1-5386-8500-6/19}, DOI = {10.1109/ICPHYS.2019.8780276}, reviewed = {1}, author = {Pennekamp, Jan and Glebke, Ren{\'e} and Henze, Martin and Meisen, Tobias and Quix, Christoph and Hai, Rihan and Gleim, Lars and Niemietz, Philipp and Rudack, Maximilian and Knape, Simon and Epple, Alexander and Trauth, Daniel and Vroomen, Uwe and Bergs, Thomas and Brecher, Christian and B{\"u}hrig-Polaczek, Andreas and Jarke, Matthias and Wehrle, Klaus} } @Techreport { 2019-rueth-blitzstart, title = {Blitz-starting QUIC Connections}, year = {2019}, month = {5}, day = {8}, number2 = {arXiv:1905.03144 [cs.NI]}, pages = {1--8}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-blitzstart.pdf}, web_url = {https://arxiv.org/abs/1905.03144}, misc2 = {Online}, publisher = {COMSYS, RWTH Aachen University}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {COMSYS, RWTH Aachen University}, type = {Technical Report}, language = {en}, author = {R{\"u}th, Jan and Wolsing, Konrad and Serror, Martin and Wehrle, Klaus and Hohlfeld, Oliver} } @Techreport { 2019-hohlfeld-santa-tr, title = {Application-Agnostic Offloading of Packet Processing}, year = {2019}, month = {4}, day = {1}, number2 = {arXiv:1904.00671 [cs.NI]}, pages = {1--14}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-santatr.pdf}, web_url = {https://arxiv.org/abs/1904.00671}, misc2 = {Online}, publisher = {COMSYS, RWTH Aachen University}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {COMSYS, RWTH Aachen University}, type = {Technical Report}, language = {en}, author = {Hohlfeld, Oliver and Reelfs, Helge and R{\"u}th, Jan and Schmidt, Florian and Zimmermann, Torsten and Hiller, Jens and Wehrle, Klaus} } @Article { 2019_henze_flexible_netzwerkstrukturen_iop, title = {Flexible Netzwerkarchitekturen f{\"u}r das Internet of Production}, journal = {ITG-news}, year = {2019}, month = {4}, volume = {02/2019}, pages = {7-8}, tags = {internet-of-production,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-henze-itg-iop-networkarchitectures.pdf}, publisher = {Informationstechnische Gesellschaft im VDE}, address = {Frankfurt am Main}, author = {Henze, Martin and Glebke, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2019-rueth-icmp, title = {Hidden Treasures - Recycling Large-Scale Internet Measurements to Study the Internet’s Control Plane}, year = {2019}, month = {3}, day = {27}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-icmp.pdf}, web_url2 = {https://arxiv.org/abs/1901.07265}, publisher = {Springer}, booktitle = {In Proceedings of the Passive and Active Measurement Conference (PAM '19)}, event_place = {Puerto Varas, Chile}, event_name = {Passive and Active Measurement Conference (PAM 2019)}, event_date = {27.3.2018 - 29.3.2018}, language = {en}, DOI = {10.1007/978-3-030-15986-3_4}, reviewed = {1}, author = {R{\"u}th, Jan and Zimmermann, Torsten and Hohlfeld, Oliver} } @Inproceedings { 2019-glebke-wirelessgain, title = {Enabling Wireless Network Support for Gain Scheduled Control}, year = {2019}, month = {3}, day = {25}, tags = {reflexes,spp}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-wirelessgain.pdf}, publisher = {ACM}, booktitle = {In Proceedings of the International Workshop on Edge Systems, Analytics and Networking (EdgeSys 2019)}, event_place = {Dresden, Germany}, event_name = {International Workshop on Edge Systems, Analytics and Networking (EdgeSys 2019)}, event_date = {25.03.2019}, DOI = {10.1145/3301418.3313943}, reviewed = {1}, author = {Gallenm{\"u}ller, Sebastian and Glebke, Ren{\'e} and G{\"u}nther, Stephan and Hauser, Eric and Leclaire, Maurice and Reif, Stefan and R{\"u}th, Jan and Schmidt, Andreas and Carle, Georg and Herfet, Thorsten and Schr{\"o}der-Preikschat, Wolfgang and Wehrle, Klaus} } @Article { rueth:iw:TNSM19, title = {TCP’s Initial Window – Deployment in the Wild and its Impact on Performance}, journal = {IEEE Transactions on Network and Service Management}, year = {2019}, month = {1}, day = {30}, volume = {16}, number = {2}, pages = {389--402}, tags = {maki}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-iwtnsm.pdf}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2019.2896335}, reviewed = {1}, author = {R{\"u}th, Jan and Kunze, Ike and Hohlfeld, Oliver} } @Inproceedings { 2019-glebke-hicss-integrated, title = {A Case for Integrated Data Processing in Large-Scale Cyber-Physical Systems}, year = {2019}, month = {1}, day = {8}, pages = {7252-7261}, tags = {internet-of-production,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-integrated.pdf}, misc2 = {Online}, publisher = {University of Hawai'i at Manoa / AIS}, booktitle = {Proceedings of the 52nd Hawaii International Conference on System Sciences (HICSS), Wailea, HI, USA}, language = {en}, ISBN = {978-0-9981331-2-6}, DOI = {10.24251/HICSS.2019.871}, reviewed = {1}, author = {Glebke, Ren{\'e} and Henze, Martin and Wehrle, Klaus and Niemietz, Philipp and Trauth, Daniel and Mattfeld, Patrick and Bergs, Thomas} } @Phdthesis { 2018-henze-phd-thesis, title = {Accounting for Privacy in the Cloud Computing Landscape}, year = {2018}, month = {12}, day = {31}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-henze-phd-thesis.pdf}, publisher = {Shaker Verlag}, address = {Aachen, Germany}, series = {Reports on Communications and Distributed Systems}, edition = {17}, school = {RWTH Aachen University}, type = {Ph.D. Thesis}, language = {en}, ISBN = {978-3-8440-6389-9}, author = {Henze, Martin} } @Inproceedings { 2018-zimmermann-webready, title = {Is the Web ready for HTTP/2 Server Push?}, year = {2018}, month = {12}, day = {4}, tags = {maki}, url = {https://dl.acm.org/citation.cfm?id=3281434}, web_url = {https://arxiv.org/abs/1810.05554}, web_url2 = {https://http2.netray.io/interleaving.html}, publisher = {ACM}, booktitle = {Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Crete, Greete}, event_place = {Crete, Greece}, event_name = {CoNEXT 2018}, event_date = {4.12.18 - 7.12.18}, language = {en}, DOI = {10.1145/3281411.3281434}, reviewed = {1}, author = {Zimmermann, Torsten and Wolters, Benedikt and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2018-rueth-mining, title = {Digging into Browser-based Crypto Mining}, year = {2018}, month = {10}, day = {31}, tags = {maki,internet-measurements}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-mining.pdf}, web_url2 = {https://arxiv.org/abs/1808.00811}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '18)}, event_place = {Boston, US}, event_name = {Internet Measurement Conference 2018}, event_date = {31.10.18 - 2.11.18}, language = {en}, DOI = {10.1145/3278532.3278539}, reviewed = {1}, author = {R{\"u}th, Jan and Zimmermann, Torsten and Wolsing, Konrad and Hohlfeld, Oliver} } @Inproceedings { 2018-tzimmermann-toplists, title = {A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists}, year = {2018}, month = {10}, day = {31}, tags = {maki}, url = {https://dl.acm.org/citation.cfm?id=3278574}, web_url = {https://arxiv.org/abs/1805.11506}, publisher = {ACM}, booktitle = {Proceedings of the 2018 Internet Measurement Conference (IMC), Boston, USA}, event_place = {Boston, US}, event_name = {Internet Measurement Conference 2018}, event_date = {31.10.18 - 2.11.18}, language = {en}, DOI = {10.1145/3278532.3278574}, reviewed = {1}, author = {Scheitle, Quirin and Hohlfeld, Oliver and Gamba, Julien and Jelten, Jonas and Zimmermann, Torsten and Strowes, Stephen D. and Vallina-Rodriguez, Narseo} } @Inproceedings { 2018-hiller-lcn-lowlatencyiiot, title = {Secure Low Latency Communication for Constrained Industrial IoT Scenarios}, year = {2018}, month = {10}, tags = {connect,iop,nerd-nrw}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-lcn-secure_low_latency_communication_iiot.pdf}, publisher = {IEEE}, booktitle = {43rd IEEE Conference on Local Computer Networks (LCN), Chicago, USA}, event_place = {Chicago, USA}, event_name = {43nd IEEE Conference on Local Computer Networks (LCN)}, event_date = {October 1-4, 2018}, language = {en}, ISBN = {978-1-5386-4413-3}, DOI = {10.1109/LCN.2018.8638027}, reviewed = {1}, author = {Hiller, Jens and Henze, Martin and Serror, Martin and Wagner, Eric and Richter, Jan Niklas and Wehrle, Klaus} } @Inproceedings { 2018-hohlfeld-santa, title = {Application-Agnostic Offloading of Datagram Processing}, year = {2018}, month = {9}, day = {3}, tags = {maki,ssiclops,reflexes}, url = {https://ieeexplore.ieee.org/document/8493053}, publisher = {IEEE}, booktitle = {Proceedings of the 2018 30th International Teletraffic Congress (ITC 30), Vienna, Austria}, event_place = {Vienna, Austria}, event_name = {International Teletraffic Congress ITC 30}, event_date = {03.09.2018 - 07-09.2018}, language = {en}, DOI = {10.1109/ITC30.2018.00015}, reviewed = {1}, author = {Hohlfeld, Oliver and Reelfs, Jens Helge and R{\"u}th, Jan and Schmidt, Florian and Zimmermann, Torsten and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2018-serror-ares-iotsec, title = {Towards In-Network Security for Smart Homes}, year = {2018}, month = {8}, day = {27}, tags = {consent, iotrust}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-serror-iotsecfor-in-network-security.pdf}, publisher = {ACM}, howpublished = {online}, booktitle = {Proceedings of the 2nd International Workshop on Security and Forensics of IoT (IoT-SECFOR), co-located with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany}, event_place = {Hamburg, Germany}, event_name = {International Conference on Availability, Reliability and Security}, event_date = {August 27--30, 2018}, ISBN = {978-1-4503-6448-5}, DOI = {10.1145/3230833.3232802}, reviewed = {1}, author = {Serror, Martin and Henze, Martin and Hack, Sacha and Schuba, Marko and Wehrle, Klaus} } @Inproceedings { 2018-rueth-reflexnetcompute, title = {Towards In-Network Industrial Feedback Control}, year = {2018}, month = {8}, day = {20}, tags = {reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-reflexnetcompute.pdf}, publisher = {ACM}, booktitle = {Proceedings of the ACM SIGCOMM 2018 1st Workshop on In-Network Computing (NetCompute '18)}, event_place = {Budapest, Hungary}, event_name = {ACM SIGCOMM 2018 1st Workshop on In-Network Computing (NetCompute 2018)}, event_date = {20.08.2018}, DOI = {10.1145/3229591.3229592}, reviewed = {1}, author = {R{\"u}th, Jan and Glebke, Ren{\'e} and Wehrle, Klaus and Causevic, Vedad and Hirche, Sandra} } @Article { 2018-serror-tvt-fb, title = {Finite Blocklength Performance of Cooperative Multi-Terminal Wireless Industrial Networks}, journal = {IEEE Transactions on Vehicular Technology}, year = {2018}, month = {7}, volume = {67}, number = {7}, pages = {5778-5792}, tags = {koi}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-serror-tvt-fbl-performance.pdf}, publisher = {IEEE}, howpublished = {online}, ISSN = {0018-9545}, DOI = {10.1109/TVT.2018.2794178}, reviewed = {1}, author = {Hu, Yulin and Serror, Martin and Wehrle, Klaus and Gross, James} } @Inproceedings { 2018-rueth-iwcdns, title = {Demystifying TCP Initial Window Configurations of Content Distribution Networks}, year = {2018}, month = {6}, day = {26}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-iwcdns.pdf}, web_url = {https://arxiv.org/abs/1902.08937}, web_url2 = {http://tma.ifip.org/2018/wp-content/uploads/sites/3/2018/06/tma2018_paper13.pdf}, booktitle = {In Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '18)}, event_place = {Vienna, Austria}, event_name = {Network Traffic Measurement and Analysis Conference (TMA'18)}, event_date = {26.06.2018 - 29.06.2018}, DOI = {10.23919/TMA.2018.8506549}, reviewed = {1}, author = {R{\"u}th, Jan and Hohlfeld, Oliver} } @Inproceedings { 2018-hiller-ic2e-cpplintegration, title = {Giving Customers Control over Their Data: Integrating a Policy Language into the Cloud}, year = {2018}, month = {4}, day = {19}, pages = {241-249}, tags = {ssiclops,iop}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-ic2e-policy-aware-cloud.pdf}, web_url = {https://ieeexplore.ieee.org/document/8360335}, publisher = {IEEE}, booktitle = {Proceedings of the 2018 IEEE International Conference on Cloud Engineering (IC2E 2018), Orlando, Florida, USA}, event_place = {Orlando, Florida, USA}, event_name = {2018 IEEE International Conference on Cloud Engineering (IC2E 2018)}, event_date = {2018-04-19}, ISBN = {978-1-5386-5008-0}, DOI = {10.1109/IC2E.2018.00050}, reviewed = {1}, author = {Hiller, Jens and Kimmerlin, Mael and Plauth, Max and Heikkila, Seppo and Klauck, Stefan and Lindfors, Ville and Eberhardt, Felix and Bursztynowski, Dariusz and Santos, Jesus Llorente and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2018-matzutt-bitcoin-content-countermeasures, title = {Thwarting Unwanted Blockchain Content Insertion}, year = {2018}, month = {4}, day = {17}, pages = {364-370}, abstract = {Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain.}, keywords = {Bitcoin,blockchain,security,objectionable content,countermeasure}, tags = {mynedata,iop}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-matzutt-blockchain-contents-countermeasures.pdf}, web_url = {https://ieeexplore.ieee.org/document/8360355}, publisher = {IEEE}, booktitle = {Proceedings of the First IEEE Workshop on Blockchain Technologies and Applications (BTA), co-located with the IEEE International Conference on Cloud Engineering 2018 (IC2E 2018)}, event_place = {Orlando, Florida, USA}, event_name = {First IEEE Workshop on Blockchain Technologies and Applications (BTA)}, event_date = {2018-04-17}, language = {English}, ISBN = {978-1-5386-5008-0}, DOI = {10.1109/IC2E.2018.00070}, reviewed = {1}, author = {Matzutt, Roman and Henze, Martin and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Article { 2018-scheitle-ccr-caa, title = {A First Look at Certification Authority Authorization (CAA)}, journal = {ACM SIGCOMM Computer Communications Review (CCR)}, year = {2018}, month = {4}, volume = {48}, pages = {10-23}, note = {https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/caa17.pdf}, tags = {internet-measurements}, url = {https://ccronline.sigcomm.org/wp-content/uploads/2018/05/sigcomm-ccr-final163.pdf}, web_url = {https://ccronline.sigcomm.org/2018/a-first-look-at-certification-authority-authorization-caa/}, web_url_date = {2018-06-05}, DOI = {10.1145/3213232.3213235}, reviewed = {1}, author = {Scheitle, Quirin and Chung, Taejoong and Hiller, Jens and Gasser, Oliver and Naab, Johannes and van Rijswijk-Deij, Roland and Hohlfeld, Oliver and Holz, Ralph and Choffnes, Dave and Mislove, Alan and Carle, Georg} } @Inproceedings { 2018-rueth-quicadoptionstudy, title = {A First Look at QUIC in the Wild}, year = {2018}, month = {3}, day = {26}, pages = {255-268}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-quicadoptionstudy.pdf}, web_url2 = {https://arxiv.org/abs/1801.05168}, publisher = {Springer, Cham}, booktitle = {In Proceedings of the Passive and Active Measurement Conference (PAM '18)}, event_place = {Berlin, Germany}, event_name = {Passive and Active Measurement Conference (PAM 2018)}, event_date = {26.3.2018 - 27.3.2018}, language = {en}, ISBN = {978-3-319-76481-8}, DOI = {10.1007/978-3-319-76481-8_19}, reviewed = {1}, author = {R{\"u}th, Jan and Poese, Ingmar and Dietzel, Christoph and Hohlfeld, Oliver} } @Inproceedings { 2018-tzimmermann-metacdn, title = {Characterizing a Meta-CDN}, year = {2018}, month = {3}, day = {26}, pages = {114-128}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hohlfeld-metacdn.pdf}, web_url = {https://arxiv.org/abs/1803.09990}, publisher = {Springer, Cham}, booktitle = {In Proceedings of the Passive and Active Measurement Conference (PAM '18)}, event_place = {Berlin, Germany}, event_name = {Passive and Active Measurement Conference (PAM 2018)}, event_date = {26.3.2018 - 27.3.2018}, language = {en}, ISBN = {978-3-319-76480-1}, DOI = {10.1007/978-3-319-76481-8_9}, reviewed = {1}, author = {Hohlfeld, Oliver and R{\"u}th, Jan and Wolsing, Konrad and Zimmermann, Torsten} } @Article { 2016-fgcs-ziegeldorf-bitcoin, title = {Secure and anonymous decentralized Bitcoin mixing}, journal = {Future Generation Computer Systems}, year = {2018}, month = {3}, volume = {80}, pages = {448-466}, keywords = {Pseudonymity, anonymity, and untraceability}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-ziegeldorf-fgcs-bitcoin.pdf}, misc2 = {Online}, publisher = {Elsevier}, language = {en}, ISSN = {0167-739X}, DOI = {10.1016/j.future.2016.05.018}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Matzutt, Roman and Henze, Martin and Grossmann, Fred and Wehrle, Klaus} } @Inproceedings { 2018-matzutt-bitcoin-content, title = {A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin}, year = {2018}, month = {2}, day = {26}, abstract = {Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin's blockchain. Although most data originates from benign extensions to Bitcoin's protocol, our analysis reveals more than 1600 files on the blockchain, over 99\% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly.}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018_matzutt_bitcoin-contents_preproceedings-version.pdf}, web_url_date = {2018-01-07}, misc2 = {Online}, publisher = {Springer}, booktitle = {Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Cura\c{c}ao}, event_place = {Nieuwpoort, Cura\c{c}ao}, event_name = {Financial Cryptography and Data Security 2018}, language = {en}, DOI = {10.1007/978-3-662-58387-6_23}, reviewed = {1}, author = {Matzutt, Roman and Hiller, Jens and Henze, Martin and Ziegeldorf, Jan Henrik and M{\"u}llmann, Dirk and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2018-tzimmermann-split, title = {SPLIT: Smart Protocol Loading for the IoT}, year = {2018}, month = {2}, day = {14}, tags = {iop}, url = {https://jenshiller.com/publication/2018-zimmermann-ewsn-split/2018-zimmermann-ewsn-split.pdf}, web_url = {https://dl.acm.org/citation.cfm?id=3234847.3234854}, publisher = {ACM}, booktitle = {Proceedings of the 15th European Conference on Wireless Sensor Networks (EWSN 2018), Madrid, Spain}, event_place = {Madrid, Spain}, event_name = {European Conference on Wireless Sensor Networks (EWSN 2018)}, event_date = {14.2.2018 - 16.2.2018}, language = {en}, ISBN = {978-0-9949886-2-1}, reviewed = {1}, author = {Zimmermann, Torsten and Hiller, Jens and Reelfs, Jens Helge and Hein, Pascal and Wehrle, Klaus} } @Inproceedings { 2018-dedin-energy-packets, title = {A new solution for the Energy Packet-based Dispatching using power/signal dual modulation}, year = {2018}, booktitle = {Proceedings of the Ninth International Conference on Future Energy Systems (ACM e-Energy '18)}, event_place = {Karlsruhe, Germany}, event_name = {Ninth International Conference on Future Energy Systems}, event_date = {2018-06-15}, DOI = {10.1145/3208903.3208931}, reviewed = {1}, author = {De Din, Edoardo and Monti, Antonello and Hagenmeyer, Veit and Wehrle, Klaus} } @Article { 2017-pennekamp-pmc-survey, title = {A Survey on the Evolution of Privacy Enforcement on Smartphones and the Road Ahead}, journal = {Pervasive and Mobile Computing}, year = {2017}, month = {12}, volume = {42}, pages = {58-76}, abstract = {With the increasing proliferation of smartphones, enforcing privacy of smartphone users becomes evermore important. Nowadays, one of the major privacy challenges is the tremendous amount of permissions requested by applications, which can significantly invade users' privacy, often without their knowledge. In this paper, we provide a comprehensive review of approaches that can be used to report on applications' permission usage, tune permission access, contain sensitive information, and nudge users towards more privacy-conscious behavior. We discuss key shortcomings of privacy enforcement on smartphones so far and identify suitable actions for the future.}, keywords = {Smartphones; Permission Granting; Privacy; Nudging}, tags = {trinics}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-pennekamp-pmc-survey.pdf}, misc2 = {Online}, publisher = {Elsevier}, language = {en}, ISSN = {1574-1192}, DOI = {10.1016/j.pmcj.2017.09.005}, reviewed = {1}, author = {Pennekamp, Jan and Henze, Martin and Wehrle, Klaus} } @Incollection { 2017-cps-henze-network, title = {Network Security and Privacy for Cyber-Physical Systems}, year = {2017}, month = {11}, day = {13}, pages = {25-56}, tags = {sensorcloud,ipacs}, editor = {Song, Houbing and Fink, Glenn A. and Jeschke, Sabina}, publisher = {Wiley-IEEE Press}, edition = {First}, chapter = {2}, booktitle = {Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications}, language = {en}, ISBN = {978-1-119-22604-8}, DOI = {10.1002/9781119226079.ch2}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus and Ziegeldorf, Jan Henrik} } @Inproceedings { 2017-henze-mobiquitous-comparison, title = {Privacy-preserving Comparison of Cloud Exposure Induced by Mobile Apps}, year = {2017}, month = {11}, day = {7}, pages = {543-544}, tags = {trinics}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-comparison.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous) - Poster Session, Melbourne, VIC, Australia}, language = {en}, ISBN = {978-1-4503-5368-7}, DOI = {10.1145/3144457.3144511}, reviewed = {1}, author = {Henze, Martin and Inaba, Ritsuma and Fink, Ina Berenice and Ziegeldorf, Jan Henrik} } @Inproceedings { 2017-henze-mobiquitous-cloudanalyzer, title = {CloudAnalyzer: Uncovering the Cloud Usage of Mobile Apps}, year = {2017}, month = {11}, day = {7}, pages = {262-271}, abstract = {Developers of smartphone apps increasingly rely on cloud services for ready-made functionalities, e.g., to track app usage, to store data, or to integrate social networks. At the same time, mobile apps have access to various private information, ranging from users' contact lists to their precise locations. As a result, app deployment models and data flows have become too complex and entangled for users to understand. We present CloudAnalyzer, a transparency technology that reveals the cloud usage of smartphone apps and hence provides users with the means to reclaim informational self-determination. We apply CloudAnalyzer to study the cloud exposure of 29 volunteers over the course of 19 days. In addition, we analyze the cloud usage of the 5000 most accessed mobile websites as well as 500 popular apps from five different countries. Our results reveal an excessive exposure to cloud services: 90 \% of apps use cloud services and 36 \% of apps used by volunteers solely communicate with cloud services. Given the information provided by CloudAnalyzer, users can critically review the cloud usage of their apps.}, keywords = {Privacy; Smartphones; Cloud Computing; Traffic Analysis}, tags = {trinics}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-cloudanalyzer.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '17), November 7-10, 2017, Melbourne, VIC, Australia}, event_place = {Melbourne, VIC, Australia}, event_date = {November 7-10, 2017}, language = {en}, ISBN = {978-1-4503-5368-7}, DOI = {10.1145/3144457.3144471}, reviewed = {1}, author = {Henze, Martin and Pennekamp, Jan and Hellmanns, David and M{\"u}hmer, Erik and Ziegeldorf, Jan Henrik and Drichel, Arthur and Wehrle, Klaus} } @Inproceedings { 2017-rueth-iwmeasure, title = {Large-Scale Scanning of TCP’s Initial Window}, year = {2017}, month = {11}, day = {1}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-rueth-iwmeasure.pdf}, publisher = {ACM}, booktitle = {In Proceedings of the Internet Measurement Conference (IMC '17)}, event_place = {London, UK}, event_name = {Proceedings of the 2017 Internet Measurement Conference}, event_date = {01.11.2017 - 03.11.2017}, language = {en}, DOI = {10.1145/3131365.3131370}, reviewed = {1}, author = {R{\"u}th, Jan and Bormann, Christian and Hohlfeld, Oliver} } @Inproceedings { 2017-panchenko-wpes-fingerprinting, title = {Analysis of Fingerprinting Techniques for Tor Hidden Services}, year = {2017}, month = {10}, day = {30}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-panchenko-wpes-fingerprinting.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 16th Workshop on Privacy in the Electronic Society (WPES), co-located with the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, TX, USA}, language = {en}, ISBN = {978-1-4503-5175-1}, DOI = {10.1145/3139550.3139564}, reviewed = {1}, author = {Panchenko, Andriy and Mitseva, Asya and Henze, Martin and Lanze, Fabian and Wehrle, Klaus and Engel, Thomas} } @Conference { 2017-fink-brainlab-gmds, title = {BrainLab - Ein Framework f{\"u}r mobile neurologische Untersuchungen}, year = {2017}, month = {8}, day = {29}, note = {Best Abstract Award}, web_url = {https://www.egms.de/static/en/meetings/gmds2017/17gmds137.shtml}, web_url_date = {06.09.19}, publisher = {German Medical Science GMS Publishing House (2017)}, booktitle = {62. Jahrestagung der Deutschen Gesellschaft f{\"u}r Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS).}, event_place = {Oldenburg}, event_name = {GMDS 2017}, event_date = {17-21 September 2017}, DOI = {10.3205/17gmds137}, reviewed = {1}, author = {Fink, Ina Berenice and Hankammer, Bernd and Stopinski, Thomas and Titgemeyer, Yannic and Ramos, Roann and Kutafina, Ekaterina and Bitsch, J{\'o} Agila and Jonas, Stephan Michael} } @Proceedings { 2017-SymPerfPoster, title = {SymPerf: Predicting Network Function Performance}, year = {2017}, month = {8}, day = {21}, tags = {spp,erc,symbiosys,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-rath-sym-perf-poster.pdf}, publisher = {ACM}, event_place = {Los Angeles, USA}, event_name = {ACM SIGCOMM 2017 Poster}, event_date = {21.8.2017 - 25.8.2017}, language = {en}, ISBN = {978-1-4503-5057-0/17/08}, DOI = {10.1145/3123878.3131977}, reviewed = {1}, author = {Rath, Felix and Krude, Johannes and R{\"u}th, Jan and Schemmel, Daniel and Hohlfeld, Oliver and Bitsch Link, J{\'o} Agila and Wehrle, Klaus} } @Inproceedings { 2017-zimmermann-qoe, title = {A QoE Perspective on HTTP/2 Server Push}, year = {2017}, month = {8}, day = {21}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-zimmermann-internetqoe-push.pdf}, publisher = {ACM}, booktitle = {ACM SIGCOMM 2017 2nd Workshop on QoE-based Analysis and Management of Data Communication Networks (Internet-QoE 2017), Los Angeles, USA}, event_place = {Los Angeles, USA}, event_name = {ACM SIGCOMM 2017 2nd Workshop on QoE-based Analysis and Management of Data Communication Networks (Internet-QoE 2017)}, event_date = {21.8.2017 - 25.8.2017}, language = {en}, ISBN = {978-1-4503-5056-3}, DOI = {10.1145/3098603.3098604}, reviewed = {1}, author = {Zimmermann, Torsten and Wolters, Benedikt and Hohlfeld, Oliver} } @Inproceedings { 2017-henze-trustcom-dcam, title = {Distributed Configuration, Authorization and Management in the Cloud-based Internet of Things}, year = {2017}, month = {8}, day = {1}, pages = {185-192}, tags = {sscilops, ipacs}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-trustcom-dcam.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom), Sydney, NSW, Australia}, language = {en}, ISBN = {978-1-5090-4905-9}, ISSN = {2324-9013}, DOI = {10.1109/Trustcom/BigDataSE/ICESS.2017.236}, reviewed = {1}, author = {Henze, Martin and Wolters, Benedikt and Matzutt, Roman and Zimmermann, Torsten and Wehrle, Klaus} } @Article { 2017-ziegeldorf-bmcmedgenomics-bloom, title = {BLOOM: BLoom filter based Oblivious Outsourced Matchings}, journal = {BMC Medical Genomics}, year = {2017}, month = {7}, day = {26}, volume = {10}, number = {Suppl 2}, pages = {29-42}, abstract = {Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (\(\sigma\)=8.73 s) with our first approach and a mere 0.07 s (\(\sigma\)=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.}, note = {Proceedings of the 5th iDASH Privacy and Security Workshop 2016}, keywords = {Secure outsourcing; Homomorphic encryption; Bloom filters}, tags = {sscilops; mynedata; rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf}, misc2 = {Online}, publisher = {BioMed Central}, event_place = {Chicago, IL, USA}, event_date = {November 11, 2016}, language = {en}, ISSN = {1755-8794}, DOI = {10.1186/s12920-017-0277-y}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Pennekamp, Jan and Hellmanns, David and Schwinger, Felix and Kunze, Ike and Henze, Martin and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2017-henze-tma-cloudemail, title = {Veiled in Clouds? Assessing the Prevalence of Cloud Computing in the Email Landscape}, year = {2017}, month = {6}, day = {21}, tags = {trinics, ssiclops}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-tma-cloudemail.pdf}, misc2 = {Online}, publisher = {IEEE / IFIP}, booktitle = {Proceedings of the 2017 Network Traffic Measurement and Analysis Conference (TMA 2017), Dublin, Ireland}, language = {en}, ISBN = {978-3-901882-95-1}, DOI = {10.23919/TMA.2017.8002910}, reviewed = {1}, author = {Henze, Martin and Sanford, Mary Peyton and Hohlfeld, Oliver} } @Inproceedings { 2017-zimmermann-networking-http2, title = {How HTTP/2 Pushes the Web: An Empirical Study of HTTP/2 Server Push}, year = {2017}, month = {6}, day = {12}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-zimmermann-networking-push.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 16th International IFIP Networking Conference (NETWORKING'17), Stockholm, Sweden}, event_place = {Stockholm, Sweden}, event_name = {IFIP Networking 2017}, event_date = {12.-16.6.2017}, ISBN = {978-3-901882-94-4}, DOI = {10.23919/IFIPNetworking.2017.8264830}, reviewed = {1}, author = {Zimmermann, Torsten and R{\"u}th, Jan and Wolters, Benedikt and Hohlfeld, Oliver} } @Article { dombrowski-vdi, title = {Funktechnologien f{\"u}r Industrie 4.0}, journal = {VDE Positionspapier}, year = {2017}, month = {6}, day = {1}, publisher = {VDE - Verband der Elektrotechnik, Elektronik, Informationstechnik e.V.}, address = {Stresemannallee 15, 60596 Frankfurt am Main, Germany}, author = {Aktas, Ismet and Bentkus, Alexander and Bonanati, Florian and Dekorsy, Armin and Dombrowski, Christian and Doubrava, Michael and Golestani, Ali and Hofmann, Frank and Heidrich, Mike and Hiensch, Stefan and Kays, R{\"u}diger and Meyer, Michael and M{\"u}ller, Andreas and ten Brink, Stephan and Petreska, Neda and Popovic, Milan and Rauchhaupt, Lutz and Saad, Ahmad and Schotten, Hans and W{\"o}ste, Christoph and Wolff, Ingo} } @Inproceedings { 2017-serror-ew-koi, title = {From Radio Design to System Evaluations for Ultra-Reliable and Low-Latency Communication}, year = {2017}, month = {5}, day = {17}, tags = {koi}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-serror-radio-design-ew17.pdf}, publisher = {IEEE}, booktitle = {Proc. of 23rd European Wireless Conference (EW17), Dresden, Germany}, event_place = {Dresden, Germany}, event_name = {Proc. of 23rd European Wireless Conference (EW17)}, event_date = {17.-19. May 2017}, reviewed = {1}, author = {Ashraf, Shehzad Ali and Wang, Y.-P. Eric and Eldessoki, Sameh and Holfeld, Bernd and Parruca, Donald and Serror, Martin and Gross, James} } @Conference { 2017-fink-brainlab, title = {BrainLab – towards mobile brain research}, year = {2017}, month = {4}, day = {24}, pages = {2}, url = {/fileadmin/papers/2017/2017-fink-brainlab.pdf}, web_url2 = {http://informaticsforhealth.org/wp-content/uploads/2017/04/IFH2017-Digital-Programme.pdf}, web_url2_date = {2017-05-09}, misc2 = {Online}, booktitle = {Informatics for Health 2017, Manchester UK}, event_place = {Manchester, UK}, event_name = {Informatics for Health 2017, Manchester UK}, event_date = {24-26 April 2017}, language = {en}, reviewed = {1}, author = {Fink, Ina Berenice and Hankammer, Bernd and Stopinsky, Thomas and Ramos, Roann and Kutafina, Ekaterina and Bitsch Link, J{\'o} Agila and Jonas, Stephan} } @Inproceedings { 2017-henze-ic2e-prada, title = {Practical Data Compliance for Cloud Storage}, year = {2017}, month = {4}, day = {4}, pages = {252-258}, tags = {ssiclops, ipacs}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-ic2e-prada.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2017 IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, BC, Canada}, language = {en}, ISBN = {978-1-5090-5817-4}, DOI = {10.1109/IC2E.2017.32}, reviewed = {1}, author = {Henze, Martin and Matzutt, Roman and Hiller, Jens and M{\"u}hmer, Erik and Ziegeldorf, Jan Henrik and van der Giet, Johannes and Wehrle, Klaus} } @Inproceedings { 2017-ziegeldorf-codaspy-priward, title = {Privacy-Preserving HMM Forward Computation}, year = {2017}, month = {3}, day = {22}, pages = {83-94}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-codaspy-priward.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY 2017), Scottsdale, AZ, USA}, language = {en}, ISBN = {978-1-4503-4523-1}, DOI = {10.1145/3029806.3029816}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Metzke, Jan and R{\"u}th, Jan and Henze, Martin and Wehrle, Klaus} } @Proceedings { 2017-serror-netsys-industrial, title = {Demo: A Realistic Use-case for Wireless Industrial Automation and Control}, year = {2017}, month = {3}, day = {16}, tags = {koi}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/Ansari_et_al_Wireless_Industrial_Automation_Demo_NetSys_2017.pdf}, publisher = {IEEE}, event_place = {G{\"o}ttingen, Germany}, event_name = {International Conference on Networked Systems (NetSys 2017)}, DOI = {10.1109/NetSys.2017.7931496}, reviewed = {1}, author = {Ansari, Junaid and Aktas, Ismet and Brecher, Christian and Pallasch, Christoph and Hoffmann, Nicolai and Obdenbusch, Markus and Serror, Martin and Wehrle, Klaus and Gross, James} } @Inproceedings { 2017-ziegeldorf-wons-tracemixer, title = {TraceMixer: Privacy-Preserving Crowd-Sensing sans Trusted Third Party}, year = {2017}, month = {2}, day = {21}, pages = {17-24}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-wons-tracemixer.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2017 13th Annual Conference on Wireless On-demand Network Systems and Services (WONS), Jackson Hole, WY, USA}, language = {en}, ISBN = {978-3-901882-88-3}, DOI = {10.1109/WONS.2017.7888771}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Henze, Martin and Bavendiek, Jens and Wehrle, Klaus} } @Article { 2017-comnet-lru, title = {Performance Evaluation for New Web Caching Strategies Combining LRU with Score Based Object Selection}, journal = {Elsevier Computer Networks}, year = {2017}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/COMNET-D-16-957R1-Updated-Submit.pdf}, state = {accepted}, author = {Hasslinger, Gerhard and Ntougias, Konstantinos and Hasslinger, Frank and Hohlfeld, Oliver} } @Inproceedings { 2017-matzutt-mynedata, title = {myneData: Towards a Trusted and User-controlled Ecosystem for Sharing Personal Data}, year = {2017}, pages = {1073-1084}, abstract = {Personal user data is collected and processed at large scale by a handful of big providers of Internet services. This is detrimental to users, who often do not understand the privacy implications of this data collection, as well as to small parties interested in gaining insights from this data pool, e.g., research groups or small and middle-sized enterprises. To remedy this situation, we propose a transparent and user-controlled data market in which users can directly and consensually share their personal data with interested parties for monetary compensation. We define a simple model for such an ecosystem and identify pressing challenges arising within this model with respect to the user and data processor demands, legal obligations, and technological limits. We propose myneData as a conceptual architecture for a trusted online platform to overcome these challenges. Our work provides an initial investigation of the resulting myneData ecosystem as a foundation to subsequently realize our envisioned data market via the myneData platform.}, note = {Presentation slides are in German}, keywords = {Personal User Data, Personal Information Management, Data Protection Laws, Privacy Enhancing Technologies, Platform Design, Profiling}, tags = {mynedata_show}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-matzutt-informatik-mynedata.pdf}, web_url = {https://www.comsys.rwth-aachen.de/fileadmin/misc/mynedata/talks/2017-matzutt-informatik-mynedata-presentation.pdf}, web_url_date = {Presentation slides}, editor = {Eibl, Maximilian and Gaedke, Martin}, publisher = {Gesellschaft f{\"u}r Informatik, Bonn}, booktitle = {INFORMATIK 2017}, event_place = {Chemnitz}, event_name = {INFORMATIK 2017}, event_date = {2017-09-28}, language = {English}, ISBN = {978-3-88579-669-5}, ISSN = {1617-5468}, DOI = {10.18420/in2017_109}, reviewed = {1}, author = {Matzutt, Roman and M{\"u}llmann, Dirk and Zeissig, Eva-Maria and Horst, Christiane and Kasugai, Kai and Lidynia, Sean and Wieninger, Simon and Ziegeldorf, Jan Henrik and Gudergan, Gerhard and Spiecker gen. D{\"o}hmann, Indra and Wehrle, Klaus and Ziefle, Martina} } @Inproceedings { 2016-henze-cloudcom-trinics, title = {Towards Transparent Information on Individual Cloud Service Usage}, year = {2016}, month = {12}, day = {12}, pages = {366-370}, tags = {trinics}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-cloudcom-trinics.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Luxembourg, Luxembourg}, language = {en}, ISBN = {978-1-5090-1445-3}, DOI = {10.1109/CloudCom.2016.0064}, reviewed = {1}, author = {Henze, Martin and Kerpen, Daniel and Hiller, Jens and Eggert, Michael and Hellmanns, David and M{\"u}hmer, Erik and Renuli, Oussama and Maier, Henning and St{\"u}ble, Christian and H{\"a}u{\ss}ling, Roger and Wehrle, Klaus} } @Inproceedings { 2016-henze-wpes-cppl, title = {CPPL: Compact Privacy Policy Language}, year = {2016}, month = {10}, day = {24}, pages = {99-110}, tags = {ssiclops}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-wpes-cppl.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 15th Workshop on Privacy in the Electronic Society (WPES), co-located with the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria}, language = {en}, ISBN = {978-1-4503-4569-9}, DOI = {10.1145/2994620.2994627}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Schmerling, Sascha and Ziegeldorf, Jan Henrik and Wehrle, Klaus} } @Inproceedings { 2016-mitseva-ccs-fingerprinting, title = {POSTER: Fingerprinting Tor Hidden Services}, year = {2016}, month = {10}, day = {24}, pages = {1766-1768}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-mitseva-ccs-fingerprinting.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria}, language = {en}, ISBN = {978-1-4503-4139-4}, DOI = {10.1145/2976749.2989054}, reviewed = {1}, author = {Mitseva, Asya and Panchenko, Andriy and Lanze, Fabian and Henze, Martin and Wehrle, Klaus and Engel, Thomas} } @Inproceedings { 2016-matzutt-ccs-bitcoin, title = {POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store}, year = {2016}, month = {10}, day = {24}, pages = {1769-1771}, tags = {mynedata}, url = {/fileadmin/papers/2016/2016-matzutt-ccs-blockchaincontent.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria}, language = {en}, ISBN = {978-1-4503-4139-4}, DOI = {10.1145/2976749.2989059}, reviewed = {1}, author = {Matzutt, Roman and Hohlfeld, Oliver and Henze, Martin and Rawiel, Robin and Ziegeldorf, Jan Henrik and Wehrle, Klaus} } @Conference { 2016-itc-caching, title = {Performance Evaluation for New Web Caching Strategies Combining RU with Score Based Object Selection}, year = {2016}, month = {9}, booktitle = {ITC 28}, event_name = {ITC 28}, author = {Hasslinger, Gerhard and Ntougias, Kostas and Hasslinger, Frank and Hohlfeld, Oliver} } @Conference { 2016-hohlfeld-qcman, title = {Insensitivity to Network Delay: Minecraft Gaming Experience of Casual Gamers}, year = {2016}, month = {9}, abstract = {Assessing the impact of network delay on perceived quality of gaming has been subject to many studies involving different genres ranging from fast-paced first-person shooters to strategy games. This paper assesses the impact of network latency on the Quality of Experience (QoE) of casual gamers playing Minecraft. It is based on a user study involving 12 casual gamers with no prior experience with Minecraft. QoE is assessed using the Game Experience Questionnaire (GEQ) and dedicated questions for the overall perceived quality and experienced gameplay interruptions. The main finding is that casual Minecraft players are rather insensitive to network delay of up to 1 sec.}, url = {https://i-teletraffic.org/_Resources/Persistent/bc99ba4324ebc7cf1369f09a6caa334c0203943f/Hohlfeld2016.pdf}, web_url = {http://ieeexplore.ieee.org/abstract/document/7810715/?reload=true}, booktitle = {IEEE QCMan}, event_name = {IEEE QCMan}, DOI = {10.1109/ITC-28.2016.313}, author = {Hohlfeld, Oliver and Fiedler, Hannes and Pujol, Enric and Guse, Dennis} } @Techreport { 2016-henze-aib-sensorcloud, title = {The SensorCloud Protocol: Securely Outsourcing Sensor Data to the Cloud}, year = {2016}, month = {7}, day = {11}, number = {AIB-2016-06}, number2 = {arXiv:1607.03239 [cs.NI]}, pages = {1--24}, tags = {sensorcloud}, url = {fileadmin/papers/2016/2016-henze-aib-sensorcloud.pdf}, misc2 = {Online}, publisher = {Department of Computer Science, RWTH Aachen University}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {Department of Computer Science, RWTH Aachen University}, type = {Technical Report}, language = {en}, ISSN = {0935-3232}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus} } @Article { 2016-hohlfeld-nfv_ccr, title = {New Kid on the Block: Network Functions Virtualization: From Big Boxes to Carrier Clouds}, journal = {ACM SIGCOMM CCR}, year = {2016}, month = {7}, url = {http://ccracmsigcomm.info.ucl.ac.be/wp-content/uploads/2016/07/sigcomm-ccr-paper29.pdf}, author = {Nobach, Leonhard and Hohlfeld, Oliver and Hausheer, David} } @Inproceedings { 2016-serror-wowmom-arq, title = {Performance Analysis of Cooperative ARQ Systems for Wireless Industrial Networks}, year = {2016}, month = {6}, day = {21}, tags = {koi}, publisher = {IEEE}, howpublished = {online}, booktitle = {17th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (IEEE WoWMoM 2016), Coimbra, Portugal}, event_place = {Coimbra, Portugal}, language = {en}, DOI = {10.1109/WoWMoM.2016.7523534}, reviewed = {1}, author = {Serror, Martin and Hu, Yulin and Dombrowski, Christian and Wehrle, Klaus and Gross, James} } @Inproceedings { 2016-werner-networking-stean, title = {STEAN: A Storage and Transformation Engine for Advanced Networking Context}, year = {2016}, month = {5}, day = {17}, tags = {maki}, publisher = {IEEE}, booktitle = {Proceedings of the 15th International IFIP Networking Conference (NETWORKING'16), Vienna, Austira}, event_place = {Vienna, Austria}, event_name = {IFIP Networking 2016}, event_date = {17.-19.5.2016}, ISBN = {978-3-9018-8283-8}, DOI = {10.1109/IFIPNetworking.2016.7497203}, reviewed = {1}, author = {Werner, Marc and Schwandtke, Johannes and Hollick, Matthias and Hohlfeld, Oliver and Zimmermann, Torsten and Wehrle, Klaus} } @Inproceedings { 2016-henze-claw-dpc, title = {Moving Privacy-Sensitive Services from Public Clouds to Decentralized Private Clouds}, year = {2016}, month = {4}, day = {8}, pages = {130-135}, tags = {ssiclops}, url = {/fileadmin/papers/2016/2016-henze-claw-dpc.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the Second International Workshop on Legal and Technical Issues in Cloud Computing and Cloud-Supported Internet of Things (CLaw 2016), co-located with the 2016 IEEE International Conference on Cloud Engineering (IC2E 2016), Berlin, Germany}, language = {en}, ISBN = {978-1-5090-3684-4}, DOI = {10.1109/IC2EW.2016.24}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Hohlfeld, Oliver and Wehrle, Klaus} } @Article { 2016-fgcs-henze-iotprivacy, title = {A Comprehensive Approach to Privacy in the Cloud-based Internet of Things}, journal = {Future Generation Computer Systems}, year = {2016}, month = {3}, volume = {56}, pages = {701-718}, tags = {ipacs}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-fgcs-iotprivacy.pdf}, misc2 = {Online}, publisher = {Elsevier}, language = {en}, ISSN = {0167-739X}, DOI = {10.1016/j.future.2015.09.016}, reviewed = {1}, author = {Henze, Martin and Hermerschmidt, Lars and Kerpen, Daniel and H{\"a}u{\ss}ling, Roger and Rumpe, Bernhard and Wehrle, Klaus} } @Inproceedings { 2016-panchenko-ndss-fingerprinting, title = {Website Fingerprinting at Internet Scale}, year = {2016}, month = {2}, day = {21}, abstract = {The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a client) of encrypted and anonymized connections by observing patterns of data flows such as packet size and direction. This attack can be performed by a local passive eavesdropper – one of the weakest adversaries in the attacker model of anonymization networks such as Tor. In this paper, we present a novel website fingerprinting attack. Based on a simple and comprehensible idea, our approach outperforms all state-of-the-art methods in terms of classification accuracy while being computationally dramatically more efficient. In order to evaluate the severity of the website fingerprinting attack in reality, we collected the most representative dataset that has ever been built, where we avoid simplified assumptions made in the related work regarding selection and type of webpages and the size of the universe. Using this data, we explore the practical limits of website fingerprinting at Internet scale. Although our novel approach is by orders of magnitude computationally more efficient and superior in terms of detection accuracy, for the first time we show that no existing method – including our own – scales when applied in realistic settings. With our analysis, we explore neglected aspects of the attack and investigate the realistic probability of success for different strategies a real-world adversary may follow.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-panchenko-ndss-fingerprinting.pdf}, web_url = {https://www.informatik.tu-cottbus.de/\verb=~=andriy/zwiebelfreunde/}, publisher = {Internet Society}, booktitle = {Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS '16), February 21-24, 2016, San Diego, CA, USA}, event_place = {San Diego, CA, USA}, event_date = {February 21-24, 2016}, ISBN = {978-1-891562-41-9}, DOI = {10.14722/ndss.2016.23477}, reviewed = {1}, author = {Panchenko, Andriy and Lanze, Fabian and Zinnen, Andreas and Henze, Martin and Pennekamp, Jan and Wehrle, Klaus and Engel, Thomas} } @Article { 2016-sdnflex_si, title = {Editorial: Special issue on Software-Defined Networking and Network Functions Virtualization for flexible network management}, journal = {Wiley Journal of Network Management}, year = {2016}, volume = {26}, number = {1}, url = {http://onlinelibrary.wiley.com/doi/10.1002/nem.1915/pdf}, author = {Hohlfeld, Oliver and Zinner, Thomas and Benson, Theophilus and Hausheer, David} } @Conference { 2016-erwin, title = {ERWIN - Enabling the Reproducible Investigation of Waiting Times for Arbitrary Workflows}, year = {2016}, web_url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7498938\&tag=1}, booktitle = {IEEE QoMEX}, event_name = {IEEE QoMEX}, DOI = {10.1109/QoMEX.2016.7498938}, author = {Zinner, Thomas and Hirth, Matthias and Fischer, Valentin and Hohlfeld, Oliver} } @Inproceedings { 2015-ziegeldorf-cans-boma, title = {Bandwidth-optimized Secure Two-Party Computation of Minima}, year = {2015}, month = {12}, day = {8}, volume = {9476}, pages = {197-213}, url = {/fileadmin/papers/2015/2015-ziegeldorf-cans-boma.pdf}, misc2 = {Online}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, booktitle = {14th International Conference on Cryptology and Network Security (CANS 2015), Marrakesh, Morocco}, language = {en}, ISBN = {978-3-319-26822-4}, DOI = {10.1007/978-3-319-26823-1_14}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Hiller, Jens and Henze, Martin and Wirtz, Hanno and Wehrle, Klaus} } @Inproceedings { 2015-ziegeldorf-dpm-comparison, title = {Comparison-based Privacy: Nudging Privacy in Social Media (Position Paper)}, year = {2015}, month = {9}, day = {22}, volume = {9481}, pages = {226-234}, url = {fileadmin/papers/2015/2015-ziegeldorf-dpm-cbp.pdf}, misc2 = {Online}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, booktitle = {The 10th DPM International Workshop on Data Privacy Management, Vienna, Austria}, language = {en}, ISBN = {978-3-319-29882-5}, DOI = {10.1007/978-3-319-29883-2_15}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Henze, Martin and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2015-gerdes-authorization, title = {Autorisierungsmanagement f{\"u}r das Internet of Things}, year = {2015}, month = {9}, tags = {iotsec}, misc2 = {Online}, booktitle = {D•A•CH Security 2015}, event_place = {Sankt Augustin, Germany}, event_name = {D•A•CH Security 2015}, event_date = {08.09. - 09.09.2015}, state = {accepted}, language = {de}, reviewed = {1}, author = {Gerdes, Stefanie and Hummen, Ren{\'e} and Bergmann, Olaf} } @Inproceedings { 2015-schmidt-santa, title = {Santa: Faster Packet Delivery for Commonly Wished Replies [Poster Abstract]}, year = {2015}, month = {8}, day = {19}, tags = {ssiclops}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-schmidt-sigcomm-santa.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 43rd ACM SIGCOMM Conference (SIGCOMM '15), London, United Kingdom}, event_place = {London, United Kingdom}, event_name = {43rd ACM SIGCOMM Conference (SIGCOMM '15)}, event_date = {17–21 August, 2015}, language = {en}, DOI = {10.1145/2785956.2790014}, reviewed = {1}, author = {Schmidt, Florian and Hohlfeld, Oliver and Glebke, Ren{\'e} and Wehrle, Klaus} } @Techreport { 2015-draft-moskowitz-hip-dex-04, title = {HIP Diet EXchange (DEX)}, year = {2015}, month = {7}, day = {20}, number = {draft-moskowitz-hip-dex-04}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Phdthesis { 2015-hummen-resource-conscious, title = {Resource-Conscious Network Security for the IP-Based Internet of Things}, year = {2015}, month = {6}, day = {30}, tags = {iot}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-hummen-phd-thesis.pdf}, publisher = {Shaker Verlag}, address = {Aachen, Germany}, series = {Reports on Communications and Distributed Systems}, edition = {11}, school = {RWTH Aachen University}, institute = {Chair of Communication and Distributed Systems}, type = {Ph.D. Thesis}, ISBN = {978-3-8440-3755-5}, author = {Hummen, Ren{\'e}} } @Techreport { 2015-draft-moskowitz-hip-dex-03, title = {HIP Diet EXchange (DEX)}, year = {2015}, month = {6}, day = {19}, number = {draft-moskowitz-hip-dex-03}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-03}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Inproceedings { 2015-ziegeldorf-iwpe-comparison, title = {Choose Wisely: A Comparison of Secure Two-Party Computation Frameworks}, year = {2015}, month = {5}, day = {21}, pages = {198-205}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-ziegeldorf-iwpe-choose.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {2015 International Workshop on Privacy Engineering (IWPE'15), part of 2015 IEEE Security and Privacy Workshops (SPW 2015), San Jose, CA, USA}, language = {en}, DOI = {10.1109/SPW.2015.9}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Metzke, Jan and Henze, Martin and Wehrle, Klaus} } @Proceedings { 2015-sdnflex-heuschkel-dyns, title = {Protocol Virtualization through Dynamic Network Stacks}, year = {2015}, month = {3}, day = {9}, publisher = {IEEE}, event_place = {Cottbus}, event_name = {SDNFlex Workshop (NetSys 2015)}, event_date = {March 2015, 9-12}, language = {en}, DOI = {10.1109/NetSys.2015.7089055}, reviewed = {1}, author = {Heuschkel, Jens and Schweizer, Immanuel and Zimmermann, Torsten and Wehrle, Klaus and M{\"u}hlh{\"a}user, Max} } @Inproceedings { 2014-ziegeldorf-codaspy-coinparty, title = {CoinParty: Secure Multi-Party Mixing of Bitcoins}, year = {2015}, month = {3}, day = {2}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-ziegeldorf-codaspy-coinparty.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY 2015), San Antonio, TX, USA}, event_place = {San Antonio, TX, USA}, event_name = {The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY 2015)}, language = {en}, ISBN = {978-1-4503-3191-3}, DOI = {10.1145/2699026.2699100}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Grossmann, Fred and Henze, Martin and Inden, Nicolas and Wehrle, Klaus} } @Inproceedings { 2015-ewsn-schmidt-canttaketheheat, title = {If You Can't Take The Heat: Temperature Effects On Low-Power Wireless Networks And How To Mitigate Them}, year = {2015}, month = {2}, day = {10}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-schmidt-ewsn-canttaketheheat.pdf}, misc2 = {Online}, publisher = {Springer}, booktitle = {Proceedings of the 12th European Conference on Wireless Sensor Networks (EWSN 2015), Porto, Portugal}, event_place = {Porto, Portugal}, event_name = {12th European Conference on Wireless Sensor Networks (EWSN 2015)}, event_date = {9-11 February, 2015}, language = {en}, ISBN = {978-3-319-15581-4}, DOI = {10.1007/978-3-319-15582-1_19}, reviewed = {1}, author = {Schmidt, Florian and Ceriotti, Matteo and Hauser, Niklas and Wehrle, Klaus} } @Phdthesis { 2015-hummen-phdthesis, title = {Resource-Conscious Network Security for the IP-Based Internet of Things}, year = {2015}, school = {RWTH Aachen University}, author = {Hummen, Ren{\'e}} } @Techreport { 2014-draft-moskowitz-hip-dex-02, title = {HIP Diet EXchange (DEX)}, year = {2014}, month = {12}, day = {19}, number = {draft-moskowitz-hip-dex-02}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-02}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Incollection { 2014-tcc-henze-trustpoint, title = {A Trust Point-based Security Architecture for Sensor Data in the Cloud}, year = {2014}, month = {12}, day = {14}, pages = {77-106}, tags = {sensorcloud}, misc2 = {Online}, editor = {Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard}, publisher = {Springer}, booktitle = {Trusted Cloud Computing}, ISBN = {978-3-319-12717-0}, DOI = {10.1007/978-3-319-12718-7_6}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus} } @Incollection { 2013-wtc-eggert-sensorcloud, title = {SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators}, year = {2014}, month = {12}, day = {14}, pages = {203-218}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-wtc-eggert-sensorcloud.pdf}, misc2 = {Online}, editor = {Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard}, publisher = {Springer}, booktitle = {Trusted Cloud Computing}, language = {en}, ISBN = {978-3-319-12717-0}, DOI = {10.1007/978-3-319-12718-7_13}, reviewed = {1}, author = {Eggert, Michael and H{\"a}u{\ss}ling, Roger and Henze, Martin and Hermerschmidt, Lars and Hummen, Ren{\'e} and Kerpen, Daniel and Navarro P{\'e}rez, Antonio and Rumpe, Bernhard and Thi{\ss}en, Dirk and Wehrle, Klaus} } @Techreport { 2015-aib-schmidt-hotbox, title = {HotBox: Testing Temperature Effects in Sensor Networks}, year = {2014}, month = {12}, day = {4}, number = {AIB-2014-14}, number2 = {arXiv:1412.2257 [cs.NI]}, pages = {1--17}, tags = {senserr}, url = {fileadmin/papers/2014/2014-schmidt-aib-hotbox.pdf}, misc2 = {Online}, publisher = {Department of Computer Science, RWTH Aachen}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {Department of Computer Science, RWTH Aachen}, type = {Technical Report}, language = {en}, ISSN = {0935-3232}, author = {Schmidt, Florian and Ceriotti, Matteo and Hauser, Niklas and Wehrle, Klaus} } @Conference { HohlfeldIMC, title = {A QoE Perspective on Sizing Network Buffers}, year = {2014}, month = {11}, booktitle = {ACM Internet Measurement Conference}, state = {accepted}, author = {Hohlfeld, Oliver and Pujol, Enric and Ciucu, Florin and Feldmann, Anja and Barford, Paul} } @Proceedings { 2014-kuvs-zimmermann-mindgap, title = {Mind the Gap – Understanding the Traffic Gap when Switching Communication Protocols}, year = {2014}, month = {9}, day = {29}, event_place = {Stuttgart}, event_name = {1st KuVS Workshop on Anticipatory Networks}, event_date = {September 29-30, 2014}, reviewed = {1}, author = {Werner, Marc and Lange, Tobias and Hollick, Matthias and Zimmermann, Torsten and Wehrle, Klaus} } @Inproceedings { 2014-aasnet-henze-scslib, title = {SCSlib: Transparently Accessing Protected Sensor Data in the Cloud}, year = {2014}, month = {9}, day = {24}, volume = {37}, pages = {370-375}, tags = {sensorcloud}, url = {/fileadmin/papers/2014/2014-henze-aasnet-scslib.pdf}, misc2 = {Online}, publisher = {Elsevier}, series = {Procedia Computer Science}, booktitle = {The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14), Halifax, NS, Canada}, event_place = {Halifax, NS, Canada}, event_name = {The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14)}, language = {en}, DOI = {10.1016/j.procs.2014.08.055}, reviewed = {1}, author = {Henze, Martin and Bereda, Sebastian and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2014-ficloud-henze-upecsi, title = {User-driven Privacy Enforcement for Cloud-based Services in the Internet of Things}, year = {2014}, month = {8}, day = {27}, pages = {191-196}, tags = {ipacs}, url = {/fileadmin/papers/2014/2014-ficloud-henze-upecsi.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014), Barcelona, Spain}, event_place = {Barcelona, Spain}, event_name = {2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014)}, language = {en}, ISBN = {978-1-4799-4357-9}, DOI = {10.1109/FiCloud.2014.38}, reviewed = {1}, author = {Henze, Martin and Hermerschmidt, Lars and Kerpen, Daniel and H{\"a}u{\ss}ling, Roger and Rumpe, Bernhard and Wehrle, Klaus} } @Poster { 2014-wisec-ziegeldorf-ipin, title = {POSTER: Privacy-preserving Indoor Localization}, year = {2014}, month = {7}, day = {23}, tags = {rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-ziegeldorf-poster-wisec.pdf}, organization = {7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '14) (Poster)}, language = {en}, DOI = {10.13140/2.1.2847.4886}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Viol, Nicolai and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2014-hummen-delegation, title = {Delegation-based Authentication and Authorization for the IP-based Internet of Things}, year = {2014}, month = {6}, day = {30}, pages = {284-292}, tags = {iotsec; sensorcloud}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-hummen-secon-delegation.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {11th IEEE International Conference on Sensing, Communication, and Networking (SECON 2014)}, event_place = {Singapore}, event_name = {11th IEEE International Conference on Sensor, Communication, and Networking (SECON 2014)}, event_date = {30.06. - 03.07.2014}, language = {en}, DOI = {10.1109/SAHCN.2014.6990364}, reviewed = {1}, author = {Hummen, Ren{\'e} and Shafagh, Hossein and Raza, Shahid and Voigt, Thiemo and Wehrle, Klaus} } @Inproceedings { 2014-schmidt-piccett, title = {Piccett: Protocol-Independent Classification of Corrupted Error-Tolerant Traffic}, year = {2014}, month = {6}, day = {24}, tags = {refector}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-schmidt-iscc-piccett.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 18th IEEE Symposium on Computers and Communications (ISCC), Madeira, Portugal}, language = {en}, DOI = {10.1109/ISCC.2014.6912582}, reviewed = {1}, author = {Schmidt, Florian and Henze, Martin and Wehrle, Klaus} } @Conference { 2014-hohlfeld-harvester, title = {The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape}, year = {2014}, month = {6}, url = {http://downloads.ohohlfeld.com/paper/harvesters-asiaccs2014.pdf}, web_url = {http://asiaccs2014.nict.go.jp/}, publisher = {ACM}, booktitle = {9th ACM Symposium on Information, Computer and Communications Security}, DOI = {10.1145/2590296.2590302}, reviewed = {1}, author = {Stringhini, Gianluca and Hohlfeld, Oliver and Kruegel, Christopher and Vigna, Giovanni} } @Conference { CiucuPH2014, title = {On Capacity Dimensioning in Dynamic Scenarios: The Key Role of Peak Values}, year = {2014}, month = {5}, web_url = {http://www.ieee-lanman.org/}, publisher = {IEEE}, booktitle = {IEEE LANMAN}, event_place = {Reno, NV, USA}, reviewed = {1}, author = {Ciucu, Florin and Poloczek, Felix and Hohlfeld, Oliver} } @Techreport { 2014-draft-moskowitz-hip-dex-01, title = {HIP Diet EXchange (DEX)}, year = {2014}, month = {3}, day = {4}, number = {draft-moskowitz-hip-dex-01}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the HIP Base EXchange (HIP BEX) [rfc5201-bis]. The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIP BEX. The HIP DEX protocol is primarily targeted at computation or memory-constrained sensor devices. Like HIP BEX, it is expected to be used together with another suitable security protocol such as the Encapsulated Security Payload (ESP) [rfc5202-bis] for the protection of upper layer protocols. HIP DEX can also be used as a keying mechanism for a MAC layer security protocol as is supported by IEEE 802.15.4 [IEEE.802-15-4.2011].}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Inproceedings { 2014-comsnets-aktas-graph-based-redundancy-removal, title = {Graph-based Redundancy Removal Approach for Multiple Cross-Layer Interactions}, year = {2014}, month = {1}, day = {7}, pages = {1-8}, tags = {crawler}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-aktas-comsnets-redundancy.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2014 Sixth International Conference on Communication Systems and Networks (COMSNETS), Bangalore, India}, event_place = {Bangalore, India}, event_name = {2014 Sixth International Conference on Communication Systems and Networks (COMSNETS)}, event_date = {7-10 January, 2014}, language = {en}, ISBN = {978-1-4799-3635-9}, DOI = {10.1109/COMSNETS.2014.6734899}, reviewed = {1}, author = {Aktas, Ismet and Henze, Martin and Alizai, Muhammad Hamad and M{\"o}llering, Kevin and Wehrle, Klaus} } @Article { HohlfeldCCR14, title = {An Internet census taken by an illegal botnet - A qualitative assessment of published measurements}, journal = {ACM SIGCOMM Computer Communication Review}, year = {2014}, volume = {44}, number = {3}, url = {http://www.sigcomm.org/sites/default/files/ccr/papers/2014/July/0000000-0000013.pdf}, web_url = {http://www.sigcomm.org/ccr/papers/2014/July}, author = {Krenc, Thomas and Hohlfeld, Oliver and Feldmann, Anja} } @Inproceedings { 2013-cloudcom-henze-cloud-data-handling, title = {Towards Data Handling Requirements-aware Cloud Computing (Poster Abstract)}, year = {2013}, month = {12}, day = {2}, pages = {266-269}, tags = {ipacs}, url = {fileadmin/papers/2013/2013-cloudcom-henze-cloud-data-handling.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Bristol, UK}, event_place = {Bristol, UK}, event_name = {2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)}, language = {en}, ISBN = {978-0-7695-5095-4}, DOI = {10.1109/CloudCom.2013.145}, reviewed = {1}, author = {Henze, Martin and Gro{\ss}fengels, Marcel and Koprowski, Maik and Wehrle, Klaus} } @Article { 2013-ijghpc-henze-sensorcloud, title = {Maintaining User Control While Storing and Processing Sensor Data in the Cloud}, journal = {International Journal of Grid and High Performance Computing (IJGHPC)}, year = {2013}, month = {12}, volume = {5}, number = {4}, pages = {97-112}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-ijghpc-henze-sensorcloud.pdf}, misc2 = {Online}, publisher = {IGI Global}, language = {en}, ISSN = {1938-0259}, DOI = {10.4018/ijghpc.2013100107}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Catrein, Daniel and Wehrle, Klaus} } @Techreport { 2013-draft-hummen-dtls-extended-session-resumption-01, title = {Extended DTLS Session Resumption for Constrained Network Environments}, year = {2013}, month = {10}, day = {18}, number = {draft-hummen-dtls-extended-session-resumption-01}, abstract = {This draft defines two extensions for the existing session resumption mechanisms of TLS that specifically apply to Datagram TLS (DTLS) in constrained network environments. Session resumption type negotiation enables the client and the server to explicitly agree on the session resumption mechanism for subsequent handshakes, thus avoiding unnecessary overheads occurring with the existing specifications. Session resumption without client-side state additionally enables a constrained DTLS client to resume a session without the need to maintain state while the session is inactive. The extensions defined in this draft update [RFC5077] and [RFC5246].}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-dtls-extended-session-resumption-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Gilger, Johannes and Shafagh, Hossein} } @Inproceedings { 2013-hummen-standards, title = {Standards-based End-to-End IP Security for the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-3}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-standards.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {PhD Forum of 21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum)}, event_date = {7 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733648}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2013-hummen-slimfit, title = {Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {259-266}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on}, event_place = {Lyon, France}, event_name = {IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013)}, language = {en}, ISBN = {978-1-4577-2014-7}, ISSN = {2160-4886}, DOI = {10.1109/WiMOB.2013.6673370}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2013-icnp-hummen-tailoring, title = {Tailoring End-to-End IP Security Protocols to the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-10}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {21st IEEE International Conference on Network Protocols (ICNP 2013)}, event_date = {7-10 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733571}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Article { 2013-raza-lithe, title = {Lithe: Lightweight Secure CoAP for the Internet of Things}, journal = {IEEE Sensors Journal}, year = {2013}, month = {10}, volume = {13}, number = {10}, pages = {3711-3720}, keywords = {Internet of Things;operating systems (computers);personal area networks;protocols;security of data;6LoWPAN standard;Contiki operating system;DTLS;Internet of Things;IoT;Lithe;authenticated confidential communication;constrained application protocol;datagram transport layer security;e-health domain;end-to-end security;lightweight secure CoAP;resource-constrained devices;Encoding;Internet;Payloads;Protocols;Security;Sensors;Standards;6LoWPAN;CoAP;CoAPs;DTLS;IoT;security}, tags = {iotsec}, language = {en}, ISSN = {1530-437X}, DOI = {10.1109/JSEN.2013.2277656}, reviewed = {1}, author = {Raza, Shahid and Shafagh, Hossein and Hewage, Kasun and Hummen, Ren{\'e} and Voigt, Thiemo} } @Techreport { 2013-draft-garcia-core-security-06, title = {Security Considerations in the IP-based Internet of Things}, year = {2013}, month = {9}, day = {11}, number = {draft-garcia-core-security-06}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-06}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { draft-hummen-dtls-extended-session-resumption-00, title = {Extended DTLS Session Resumption for Constrained Network Environments}, year = {2013}, month = {7}, day = {15}, number = {draft-hummen-dtls-extended-session-resumption-00}, abstract = {This draft defines two extensions for the existing session resumption mechanisms of TLS that specifically apply to Datagram TLS (DTLS) in constrained network environments. Session resumption type negotiation enables the client and the server to explicitly agree on the session resumption mechanism for subsequent handshakes, thus avoiding unnecessary overheads occurring with the existing specifications. Session resumption without client-side state additionally enables a constrained DTLS client to resume a session without the need to maintain state while the session is inactive. The extensions defined in this draft update [RFC5077] and [RFC5246].}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-dtls-extended-session-resumption-00}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Gilger, Johannes} } @Inproceedings { 2013-sec-routing-switching-maki, title = {A Blueprint for Switching Between Secure Routing Protocols in Wireless Multihop Networks}, year = {2013}, month = {6}, day = {4}, booktitle = {Proceedings of the 4th IEEE International Workshop on Data Security and Privacy in Wireless Networks (D-SPAN 2013)}, state = {accepted}, reviewed = {1}, author = {Werner, Marc and Kaiser, J{\"o}rg and Hollick, Matthias and Weingaertner, Elias and Wehrle, Klaus} } @Inproceedings { 2013-duma-henze-cloud-annotations, title = {The Cloud Needs Cross-Layer Data Handling Annotations (Position Paper)}, year = {2013}, month = {5}, day = {23}, pages = {18-22}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-duma-henze-cloudannotations.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 4th International Workshop on Data Usage Management (DUMA 2013), part of 2013 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA}, language = {en}, ISBN = {978-1-4799-0458-7}, DOI = {10.1109/SPW.2013.31}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2013-hummen-towards, title = {Towards Viable Certificate-based Authentication for the Web of Things}, year = {2013}, month = {4}, day = {19}, tags = {iotsec}, url = {fileadmin/papers/2013/2013-hummen-towards.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec '13)}, event_place = {Budapest, Hungary}, event_name = {2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy}, language = {en}, ISBN = {978-1-4503-2003-0}, DOI = {10.1145/2463183.2463193}, reviewed = {1}, author = {Hummen, Ren{\'e} and Ziegeldorf, Jan Henrik and Shafagh, Hossein and Raza, Shahid and Wehrle, Klaus} } @Inproceedings { 2013-hummen-6lowpan, title = {6LoWPAN Fragmentation Attacks and Mitigation Mechanisms}, year = {2013}, month = {4}, day = {17}, tags = {iotsec; sensorcloud}, url = {fileadmin/papers/2013/2013-hummen-6lowpan.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, event_place = {Budapest, Hungary}, event_name = {6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, language = {en}, ISBN = {978-1-4503-1998-0}, DOI = {10.1145/2462096.2462107}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Wirtz, Hanno and Henze, Martin and Shafagh, Hossein and Wehrle, Klaus} } @Article { 2013-fernandez-ceriotti-bitsch-and-then-the-weekend-jsan, title = {“And Then, the Weekend Started”: Story of a WSN Deployment on a Construction Site}, journal = {Journal of Sensor and Actuator Networks}, year = {2013}, month = {3}, day = {11}, volume = {2}, number = {1}, pages = {156--171}, abstract = {Wireless Sensor Networks (WSNs) are versatile monitoring systems that can provide a large amount of real-time data in scenarios where wired infrastructures are inapplicable or expensive. This technology is expected to be handled by domain experts, who perceive a WSN as a (promised to be) easy to deploy black box. This work presents the deployment experience of a WSN, as conducted by domain experts, in a ground improvement area. Building upon off-the-shelf solutions, a fuel cell powered gateway and 21 sensor devices measuring acceleration, inclination, temperature and barometric pressure were installed to monitor ground subsidence. We report about how poor GSM service, malfunctioning hardware, unknown communication patterns and obscure proprietary software required in-field ad-hoc solutions. Through the lessons learned, we look forward to investigating how to make the deployment of these systems an easier task.}, keywords = {sensor network deployment; experiences; in-field debugging}, web_url = {http://www.mdpi.com/2224-2708/2/1/156}, misc2 = {Online}, language = {en}, ISSN = {2224-2708}, DOI = {10.3390/jsan2010156}, reviewed = {1}, author = {Fern{\'a}ndez-Steeger, Tom{\'a}s and Ceriotti, Matteo and Bitsch Link, J{\'o} Agila and May, Matthias and Hentschel, Klaus and Wehrle, Klaus} } @Techreport { 2013-draft-garcia-core-security-05, title = {Security Considerations in the IP-based Internet of Things}, year = {2013}, month = {3}, day = {11}, number = {draft-garcia-core-security-05}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-05}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { 2013-draft-hummen-hip-middle-puzzle-01, title = {HIP Middlebox Puzzle Offloading and End-host Notification}, year = {2013}, month = {1}, day = {9}, number = {draft-hummen-hip-middle-puzzle-01}, abstract = {The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Henze, Martin and Hiller, Jens} } @Article { 2013-pik-hiller-e2e-security-smart, title = {End-to-End Security for Internet-Connected Smart Objects}, journal = {Praxis der Informationsverarbeitung und Kommunikation}, year = {2013}, volume = {36}, number = {1}, pages = {23-29}, language = {en}, ISSN = {1865-8342}, DOI = {10.1515/pik-2012-0141}, author = {Hiller, Jens} } @Inbook { 2013-book-weingaertner-benchmarking-p2p, title = {Benchmarking Peer-to-Peer Systems Understanding Quality of Service in Large-Scale Distributed Systems}, year = {2013}, volume = {7847}, pages = {69-79}, web_url = {http://link.springer.com/chapter/10.1007/978-3-642-38673-2_5}, web_url_date = {2016-11-11}, misc2 = {Print}, editor = {Effelsberg, Wolfgang and Steinmetz, Ralf and Strufe, Thorsten}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, chapter = {Content Delivery Overlays}, language = {EN}, ISBN = {978-3-642-38672-5}, DOI = {10.1007/978-3-642-38673-2_5}, author = {Weingaertner, Elias and Glebke, Ren{\'e} and Hocks, Alexander} } @Inproceedings { 2012-hummen-cloud, title = {A Cloud Design for User-controlled Storage and Processing of Sensor Data}, year = {2012}, month = {12}, day = {3}, pages = {232-240}, tags = {sensorcloud}, url = {fileadmin/papers/2012/2012-hummen-cloud.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), Taipei, Taiwan}, event_place = {Taipei, Taiwan}, event_name = {Fourth IEEE International Conference on Cloud Computing Technology and Science}, language = {en}, ISBN = {978-1-4673-4511-8}, DOI = {10.1109/CloudCom.2012.6427523}, reviewed = {1}, author = {Hummen, Ren{\'e} and Henze, Martin and Catrein, Daniel and Wehrle, Klaus} } @Inproceedings { 2012-mass-wirtz-dlsd, title = {DHT-based Localized Service Discovery in Wireless Mesh Networks}, year = {2012}, month = {10}, pages = {10 S.}, url = {fileadmin/papers/2012/2012-mass-wirtz-dlsd.pdf}, misc2 = {Online}, publisher = {IEEE Computer Society}, address = {Washington, DC, USA}, booktitle = {Proceedings of The Ninth IEEE International Conference on Mobile Ad-hoc and Sensor Systems (IEEE MASS 2012), October 8-11 2012, Las Vegas, NV, USA}, event_place = {Las Vegas, USA}, event_name = {Ninth IEEE International Conference on Mobile Ad-hoc and Sensor Systems (IEEE MASS 2012)}, event_date = {8-11 October 2012}, language = {en}, ISBN = {978-1-4673-2433-5}, DOI = {10.1109/MASS.2012.6502498}, reviewed = {1}, author = {Wirtz, Hanno and Heer, Tobias and Serror, Martin and Wehrle, Klaus} } @Inproceedings { 2012-pimrc-schmidt-ofra, title = {A Receiver-Based 802.11 Rate Adaptation Scheme with On-Demand Feedback}, year = {2012}, month = {9}, day = {10}, pages = {1--7}, abstract = {Classical 802.11 rate adaptation algorithms rely on feedback from the receiver to correctly choose a sending rate, typically in the form of acknowledgments (ACKs). In the absence of such frames, novel techniques are required for rate selection. We present OFRA, a receiver-based rate adaptation algorithm that works with ACK-less traffic. Feedback information is sent on-demand using a control frame to explicitly inform the transmitter about which bit rate to use on subsequent data frames. This approach guarantees standard conformity and exhibits fast and accurate bit rate adaptation at the cost of a modest overhead increase. We evaluate the performance of OFRA against various state-of-the-art rate adaptation schemes by means of simulations. If ACK frames are to be transmitted, OFRA performs better than related work in most considered scenarios, and on par in the others. In the absence of ACKs, OFRA provides large goodput gains under good channel conditions and comparable goodput in other situations.}, tags = {OFRA refector}, url = {fileadmin/papers/2012/2012-schmidt-pimrc-ofra.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 23rd IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC'12), Sydney, Australia}, event_place = {Sydney, Australia}, event_name = {23rd IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC'12)}, event_date = {9-12 September 2012}, language = {en}, ISBN = {978-1-4673-2566-0}, ISSN = {2166-9570}, DOI = {10.1109/PIMRC.2012.6362818}, reviewed = {1}, author = {Schmidt, Florian and Hithnawi, Anwar and Pu{\~n}al, Oscar and Gross, James and Wehrle, Klaus} } @Techreport { 2012-draft-hummen-hip-middle-puzzle, title = {HIP Middlebox Puzzle Offloading and End-host Notification}, year = {2012}, month = {7}, day = {9}, number = {draft-hummen-hip-middle-puzzle-00}, abstract = {The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks targeting its computation and memory overhead. This document specifies an extension that enables middleboxes to assist in the choice of the puzzle difficulty as well as in solving the puzzle on behalf of the host.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-00}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Hummen, Ren{\'e} and Henze, Martin} } @Inproceedings { 2012-hummen-seams, title = {SEAMS: A Signaling Layer for End-host-Assisted Middlebox Services}, year = {2012}, month = {6}, day = {25}, pages = {525--532}, url = {fileadmin/papers/2012/2012-hummen-seams.pdf}, booktitle = {Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-12)}, organization = {IEEE}, event_place = {Liverpool, United Kingdom}, language = {en}, ISBN = {978-1-4673-2172-3}, DOI = {10.1109/TrustCom.2012.250}, reviewed = {1}, author = {Hummen, Ren{\'e} and Ziegeldorf, Jan Henrik and Heer, Tobias and Wirtz, Hanno and Wehrle, Klaus} } @Inproceedings { WirtzHHW2012, title = {Mesh-DHT: A Locality-Based Distributed Look-Up Structure for Wireless Mesh Networks}, year = {2012}, month = {6}, day = {14}, pages = {653-658}, url = {fileadmin/papers/2012/2012_wirtz_icc_mesh_dht.pdf}, misc2 = {Print Online}, publisher = {IEEE}, booktitle = {Proceedings of the IEEE International Conference on Communications (ICC 2012), Ottawa, Canada}, event_place = {Ottawa, Canada}, event_name = {ICC 2012}, event_date = {10.-15.06.2012}, language = {en}, ISBN = {978-1-4577-2051-2}, DOI = {10.1109/ICC.2012.6364336}, reviewed = {1}, author = {Wirtz, Hanno and Heer, Tobias and Hummen, Ren{\'e} and Wehrle, Klaus} } @Techreport { 2012-draft-garcia-core-security, title = {Security Considerations in the IP-based Internet of Things}, year = {2012}, month = {3}, day = {26}, number = {draft-garcia-core-security-04}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Inproceedings { 2012-aktas-simutools-FANTASY:FullyAutomaticNetworkEmulationArchitecturewithCross-LayerSupport-conference, title = {FANTASY: Fully Automatic Network Emulation Architecture with Cross-Layer Support}, year = {2012}, month = {3}, day = {19}, pages = {57-64}, tags = {crawler, fantasy}, url = {fileadmin/papers/2012/2012-aktas-simutools-fantasy.pdf}, web_url = {http://dl.acm.org/citation.cfm?id=2263019\&CFID=88550183\&CFTOKEN=31687193}, misc2 = {Online}, publisher = {ICST}, address = {Brussels, Belgium}, booktitle = {Proceedings of the 5th ACM International ICST Conference on Simulation Tools and Techniques (SIMUTools '12), Desenzano del Garda, Italy}, event_place = {Desenzano, Italy}, event_name = {5th ACM International ICST Conference on Simulation Tools and Techniques (SIMUTools '12)}, event_date = {19-23 March, 2012}, language = {en}, ISBN = {978-1-4503-1510-4}, DOI = {10.4108/icst.simutools.2012.247759}, reviewed = {1}, author = {Aktas, Ismet and vom Lehn, Hendrik and Habets, Christoph and Schmidt, Florian and Wehrle, Klaus} } @Phdthesis { heer2011direct, title = {Direct End-to-Middle Authentication in Cooperative Networks}, year = {2012}, month = {2}, day = {7}, url = {http://darwin.bth.rwth-aachen.de/opus3/volltexte/2012/3938/}, publisher = {Shaker}, address = {Aachen, Germany}, series = {Reports on Communications and Distributed Systems}, edition = {3}, school = {RWTH Aachen University}, institute = {Chair for Communication and Distributed Systems}, type = {Ph.D. Thesis}, ISBN = {978-3-8440-0710-7}, reviewed = {1}, author = {Heer, Tobias} } @Inproceedings { 2011-wirtz-kaleidoscope, title = {Cooperative Wi-Fi-Sharing: Encouraging Fair Play}, year = {2011}, month = {12}, day = {14}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-wirtz-kaleidoscope.pdf}, misc = {Online}, address = {ITU}, booktitle = {Proceedings of the ITU-T Kaleidoscope Event 2011, Cape Town, South Africa}, event_place = {Cape Town, South Africa}, event_name = {ITU-T Kaleidoscope: The fully networked human?}, event_date = {2011-12-12}, language = {en}, ISBN = {978-92-61-13651-2}, reviewed = {1}, author = {Wirtz, Hanno and Hummen, Ren{\'e} and Viol, Nicolai and Heer, Tobias and Lora Gir{\'o}n, M{\'o}nica Alejandra and Wehrle, Klaus} } @Inproceedings { Varj1112:Secure, title = {Secure Resolution of {End-Host} Identifiers for Mobile Clients}, year = {2011}, month = {12}, day = {5}, abstract = {Many efforts of the network research community focus on the introduction ofa new identifier to relieve the IP address from its dual role of end-hostidentifier and routable locator. This identifier-locator split introduces anew identifier between human readable domain names and routable IPaddresses. Mapping between identifiers and locators requires additionalname mapping mechanisms because their relation is not trivial. Despite itspopularity and efficiency, the DNS system is not a perfect choice forperforming this mapping because identifiers are not hierarchicallystructured and mappings are frequently updated by users. In this paper wediscuss the features needed to resolve flat identifiers to locators in asecure manner. In particular, we focus on the features and the performancethat identifier-locator split protocols require from a mapping system. Tothis end, we consider a mapping system for an identifier-locator splitbased mobility solution and evaluate its performance. IndexTerms—Identifier-locator split, Name resolution, Host Identity Protocol,Security, DNS, DHT, OpenDHT}, keywords = {DHT; DNS; Host Identity Protocol; Security; Identifier-locator split; Nameresolution}, url = {fileadmin/papers/2011/2011-varjonen-secure.pdf}, misc2 = {Online}, publisher = {IEEE}, address = {Piscataway, NJ, USA}, booktitle = {IEEE GLOBECOM 2011 - Next Generation Networking Symposium (GC'11 - NGN), Awarded the NGN Best Paper Award}, state = {accepted}, language = {en}, ISBN = {978-1-4244-9268-8}, ISSN = {1930-529X}, reviewed = {1}, author = {Varjonen, Samu and Heer, Tobias and Rimey, Kenneth and Gurtov, Andrei} } @Techreport { 2011-draft-garcia-core-security-03, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {10}, day = {31}, number = {draft-garcia-core-security-03}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-03}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Article { 2011-heer-iot-journal, title = {Security Challenges in the IP-based Internet of Things}, journal = {Springer Wireless Personal Communications Journal}, year = {2011}, month = {10}, volume = {61}, number = {3}, pages = {527-542}, abstract = {A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.}, tags = {iotsec}, url = {fileadmin/papers/2011/2011-heer-iot-challenges.pdf}, misc2 = {Online}, publisher = {Springer}, address = {Netherlands}, language = {en}, ISSN = {0929-6212}, DOI = {10.1007/s11277-011-0385-5}, reviewed = {1}, author = {Heer, Tobias and Garcia-Morchon, Oscar and Hummen, Ren{\'e} and Keoh, Sye Loong and Kumar, Sandeep S. and Wehrle, Klaus} } @Inproceedings { 2011-wirtz-chants, title = {Establishing Mobile Ad-Hoc Networks in 802.11 Infrastructure Mode}, year = {2011}, month = {9}, day = {23}, url = {fileadmin/papers/2011/2011-wirtz-chants.pdf}, misc = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the ACM MobiCom Workshop on Challenged Networks (Chants 2011), Las Vegas, NV, USA}, event_place = {Las Vegas, NV, USA}, event_name = {ACM MobiCom Workshop on Challenged Networks (Chants 2011)}, event_date = {2011-09-23}, language = {en}, ISBN = {978-1-4503-0870-0}, DOI = {10.1145/2030652.2030666}, reviewed = {1}, author = {Wirtz, Hanno and Heer, Tobias and Backhaus, Robert and Wehrle, Klaus} } @Inproceedings { 2011-wintech-wirtz, title = {Demo: Establishing Mobile Ad-Hoc Networks in 802.11 Infrastructure Mode}, year = {2011}, month = {9}, day = {19}, pages = {89-90}, abstract = {Mobile Ad-Hoc Networks (MANETs) rely on the 802.11 ad- hoc mode to establish communication with nearby peers. In practice, this makes MANETs hard to realize. While 802.11-compliant mobile devices implement the ad-hoc mode on the hardware layer, the software layer typically does not implement support for ad-hoc networking in terms of ad-hoc routing and name resolution protocols. Modern mobile operating systems, such as Android and iOS, even hide the inherent ad-hoc functionality of the wireless card through restrictions in the OS. In contrast to this, support for the 802.11 infrastructure mode is a commodity. We propose establishing ad-hoc networks using the 802.11 infrastructure mode. In MA-Fi (Mobile Ad-Hoc Wi-Fi), a small core of mobile router nodes (RONs) provides infrastruc-ture mode network access to mobile station nodes (STANs). As RONs also act as a station in infrastructure networks of other RONs, MA-Fi achieves multi-hop communication between RON and STAN devices in the overall network. We show the creation and operation of mobile ad-hoc networks using MA-Fi. We focus on mobility of RONs and STANs as well as topology control in the overall network.}, url = {fileadmin/papers/2011/2011-wirtz-wintech.pdf}, misc = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization (WiNTECH 2011), Las Vegas, NV, USA}, event_place = {Las Vegas, Nevada, USA}, event_name = {The Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization}, event_date = {2011-09-19}, language = {en}, ISBN = {978-1-4503-0867-0}, DOI = {10.1145/2030718.2030737}, reviewed = {1}, author = {Wirtz, Hanno and Backhaus, Robert and Hummen, Ren{\'e} and Wehrle, Klaus} } @Techreport { 2011-draft-garcia-core-security-02, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {7}, day = {11}, number = {draft-garcia-core-security-02}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-02}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Inproceedings { 2011-hummen-pisa-demo, title = {PISA-SA - Security and Mobility in a Collaborative Muni-Fi (Demo Abstract)}, year = {2011}, month = {6}, day = {15}, volume = {15}, pages = {35--36}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-hummen-wisec-pisa-sa-demo.pdf}, misc2 = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the fourth ACM Conference on Wireless Network Security, Hamburg, Germany}, event_place = {Hamburg, Germany}, event_name = {Wireless Network Security 2011 (WiSec 2011)}, language = {en}, ISSN = {1559-1662}, DOI = {10.1145/2073290.2073297}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Viol, Nicolai and Heer, Tobias and Wehrle, Klaus} } @Techreport { rfc6253, title = {{Host Identity Protocol Certificates}}, year = {2011}, month = {5}, number = {rfc6253}, abstract = {The Certificate (CERT) parameter is a container for digital certificates. It is used for carrying these certificates in Host Identity Protocol (HIP) control packets. This document specifies the CERT parameter and the error signaling in case of a failed verification. Additionally, this document specifies the representations of Host Identity Tags in X.509 version 3 (v3) and Simple Public Key Infrastructure (SPKI) certificates. The concrete use of certificates, including how certificates are obtained, requested, and which actions are taken upon successful or failed verification, is specific to the scenario in which the certificates are used. Hence, the definition of these scenario- specific aspects is left to the documents that use the CERT parameter.}, tags = {mobile_access}, url = {http://www.ietf.org/rfc/rfc6253.txt}, publisher = {IETF}, howpublished = {RFC 6253 (Experimental)}, series = {Request for Comments}, organization = {Internet Engineering Task Force}, institution = {Internet Engineering Task Force}, type = {Request For Commments (Experimental Standard)}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Inproceedings { 2011-nsdi-slicetime-weingaertner, title = {SliceTime: A platform for scalable and accurate network emulation}, year = {2011}, month = {3}, day = {30}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2011/2011-weingaertner-nsdi-slicetime-camera_ready_14P.pdf}, misc2 = {Online}, publisher = {USENIX}, address = {Berkeley, CA, USA}, booktitle = {Proceedings of the 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI '11), Boston, MA, USA}, event_place = {Boston, Massachusetts}, language = {en}, reviewed = {1}, author = {Weingaertner, Elias and Schmidt, Florian and vom Lehn, Hendrik and Heer, Tobias and Wehrle, Klaus} } @Inproceedings { OttHLVK2011, title = {Floating Content: Information Sharing in Urban Areas}, year = {2011}, month = {3}, day = {21}, abstract = {Content sharing using personal web pages, blogs, or online social networks is a common means for people to maintain contact with their friends, colleagues, and acquaintances. While such means are essential to overcome distances, using infrastructure services for location-based services may not be desirable. In this paper, we analyze a fully distributed variant of an ephemeral content sharing service, solely dependent on the mobile devices in the vicinity using principles of opportunistic networking. The net result is a best effort service for floating content in which: 1) information dissemination is geographically limited; 2) the lifetime and spreading of information depends on interested nodes being available; 3) content can only be created and distributed locally; and 4) content can only be added, but not explicitly deleted. First we present our system design and summarize its analytical modeling. Then we perform extensive evaluation for a map-based mobility model in downtown Helsinki to assess the operational range for floating content, which, at the same time also validate the analytical results obtained for a more abstract model of the system.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2011/2011-percom-vaegs-floatingcontent.pdf}, misc2 = {Online}, publisher = {IEEE}, address = {Piscataway, NJ, USA}, booktitle = {Proceedings of the 9th IEEE International Conference on Pervasive Computing and Communications (PerCom 2011), Seattle, WA, USA}, event_place = {Seattle, USA}, event_name = {9th IEEE International Conference on Pervasive Computing and Communications}, event_date = {March 21 - 25, 2011}, language = {en}, ISBN = {978-1-4244-9529-0}, reviewed = {1}, author = {Ott, J{\"o}rg and Hyyti{\"a}, Esa and Lassila, Pasi and Vaegs, Tobias and Kangasharju, Jussi} } @Techreport { 2011-draft-garcia-core-security-01, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {3}, day = {14}, number = {draft-garcia-core-security-01}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { 2011-draft-garcia-core-security-00, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {3}, day = {7}, number = {draft-garcia-core-security-00}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-00}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Article { 2011-03-Zimmermann, title = {IP address assignment in wireless mesh networks}, journal = {Wireless Communications and Mobile Computing}, year = {2011}, month = {3}, volume = {11}, number = {3}, pages = {321-337}, misc2 = {Online}, publisher = {John Wiley \& Sons Ltd.}, address = {Hoboken, NJ, USA}, language = {en}, DOI = {10.1002/wcm.982}, reviewed = {1}, author = {Zimmermann, Alexander and Hannemann, Arnd and Schleinzer, Benjamin} } @Techreport { rfc5201-bis-04, title = {{Host Identity Protocol Version 2}}, year = {2011}, month = {1}, volume = {1}, number = {draft-ietf-hip-rfc5201-bis-04.txt}, note = {{expires: July 24, 2011 (work in progress)}}, tags = {mobile_access}, url = {http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-04}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-04}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz, Robert and Jokela, Petri and Henderson, Thomas R. and Heer, Tobias} } @Techreport { draft-ietf-hip-cert-08, title = {{Host Identity Protocol Certificates}}, year = {2011}, month = {1}, volume = {1}, number = {draft-ietf-hip-cert-08.txt}, note = {{expires: July 22, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-08}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-08}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { draft-ietf-hip-cert-07, title = {{Host Identity Protocol Certificates}}, year = {2011}, month = {1}, volume = {1}, number = {draft-ietf-hip-cert-07.txt}, note = {{expires: July 16, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-07}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-07}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { draft-ietf-hip-cert-09, title = {{Host Identity Protocol Certificates}}, year = {2011}, month = {1}, volume = {1}, number = {draft-ietf-hip-cert-09.txt}, pages = {1}, note = {{expires: July 22, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-09}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-09}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { 2011-heer-draft-middle-auth, title = {End-Host Authentication for HIP Middleboxes (Version 4)}, year = {2011}, number = {draft-heer-hip-middle-auth-04}, abstract = {The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes.}, note = {Work in progress}, tags = {ietf, mobile_access}, url = {http://tools.ietf.org/html/draft-heer-hip-middle-auth-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Heer, Tobias and Komu, Miika and Hummen, Ren{\'e} and Wehrle, Klaus} } @Techreport { draft-ietf-hip-cert-06, title = {{Host Identity Protocol Certificates}}, year = {2010}, month = {11}, volume = {1}, number = {draft-ietf-hip-cert-06.txt}, note = {{expires: May 23, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-06}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-06}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { draft-ietf-hip-cert-05, title = {{Host Identity Protocol Certificates}}, year = {2010}, month = {11}, volume = {1}, number = {draft-ietf-hip-cert-05.txt}, note = {{expires: May 12, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-05}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-05}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Proceedings { 2010-wirtz-kuvs-service-overlay, title = {A Generic Service Overlay for Wireless Mesh Networks}, year = {2010}, month = {10}, abstract = {Service discovery in traditional networks is realized either by broadcasting requests in the network or by a central entity that holds the necessary information of every service in the network. These techniques are applicable in wireless networks as well, however, only under certain limiting conditions. The authors present a generic overlay that caters to the special requirements of providing and discovering services in wireless mesh networks. The focus of the approach lies on maintaining scalability in large-scale dynamic networks as well as routing efficiency with regard to the communication characteristics of the underlying network.}, affiliation = {RWTH Aachen University - ComSys}, note = {/fileadmin/papers/2010/2010-wirtz-kuvs-service-overlay.pdf}, publisher = {Gesellschaft f{\"u}r Informatik KuVS}, address = {Berlin, Germany}, booktitle = {3rd GI/ITG KuVS Fachgespr{\"a}ch on NG SDPs, Berlin, Germany}, event_place = {Berlin, Germany}, event_name = {3rd GI/ITG KuVS Fachgespr{\"a}ch on NG SDPs}, event_date = {October 14, 2010}, language = {english}, author = {Wirtz, Hanno and Heer, Tobias and Wehrle, Klaus} } @Techreport { rfc5201-bis-03, title = {{Host Identity Protocol Version 2}}, year = {2010}, month = {10}, volume = {1}, number = {draft-ietf-hip-rfc5201-bis-03.txt}, note = {{expires: April 26, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-03}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-03}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz, Robert and Jokela, Petri and R. Henderson, Thomas and Heer, Tobias} } @Techreport { draft-ietf-hip-cert-04, title = {{Host Identity Protocol Certificates}}, year = {2010}, month = {9}, volume = {1}, number = {draft-ietf-hip-cert-04.txt}, note = {{expires: March 27, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-04}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-04}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { rfc5201-bis-01, title = {{Host Identity Protocol Version 2}}, year = {2010}, month = {9}, volume = {1}, number = {draft-ietf-hip-rfc5201-bis-01.txt}, note = {{expires: March 7, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-01}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-01}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz, Robert and Jokela, Petri and R. Henderson, Thomas and Heer, Tobias} } @Inproceedings { 2010-heer-pisa-sa, title = {PiSA-SA: Municipal Wi-Fi Based on Wi-Fi Sharing}, year = {2010}, month = {8}, day = {2}, volume = {1}, pages = {588-593}, abstract = {With the goal of providing ubiquitous wireless services (e.g., tourist guides, environmental information, pedestrian navigation), municipal wireless networks are currently being established all around the world. For municipalities, it is often challenging to achieve the bandwidth and coverage that is necessary for many of the envisioned network services. At the same time, Wi-Fi-sharing communities achieve high bandwidth and good coverage at a very low cost by capitalizing on the dense deployment of private access points in urban areas. However, from a technical, conceptual, and security perspective, Wi-Fi sharing community networks resemble a patchwork of heterogeneous networks instead of one well-planned city-wide network. This patchwork character stands in stark contrast to a uniform, secure platform for public and commercial services desirable for the economic success of such a network. Hence, despite its cost-efficiency, the community-based approach cannot be adopted by municipalities easily. In this paper, we show how to realize municipal wireless services on top of a Wi-Fi-sharing infrastructure in a technically sound and economically attractive fashion. In particular, we focus on how to securely provide services to mobile clients with and without client-side software support. Our solution cleanly separates the roles of controlling and administering the network from providing bandwidth and wireless access. With this separation, commercial ISPs and citizens with their private Wi-Fi can contribute to the network infrastructure. This allows municipalities in turn to focus their resources on municipal wireless services.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-icc-pisa-sa.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {International Conference on Computer Communication Networks, ICCCN 2010, Zurich}, event_place = {Zurich, Switzerland}, event_name = {International Conference on Computer Communication Networks, ICCCN 2010}, language = {en}, ISBN = {978-1-4244-7114-0}, DOI = {10.1109/ICCCN.2010.5560103}, reviewed = {1}, author = {Heer, Tobias and Jansen, Thomas and Hummen, Ren{\'e} and Wirtz, Hanno and G{\"o}tz, Stefan and Weingaertner, Elias and Wehrle, Klaus} } @Techreport { moskowitz-rfc5201-bis-02, title = {{Host Identity Protocol Version 2}}, year = {2010}, month = {7}, volume = {1}, number = {draft-moskowitz-hip-rfc5201-bis-02.txt}, note = {{expires: January 2, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-rfc5201-bis-02}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-moskowitz-hip-rfc5201-bis-02}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz, Robert and Jokela, Petri and R. Henderson, Thomas and Heer, Tobias} } @Techreport { rfc5201-bis-02, title = {{Host Identity Protocol Version 2}}, year = {2010}, month = {7}, volume = {1}, number = {draft-ietf-hip-rfc5201-bis-02.txt}, note = {{expires: March 7, 2011 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-02}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-02}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz, Robert and Jokela, Petri and R. Henderson, Thomas and Heer, Tobias} } @Inproceedings { 2010-percomws-heer-munifi, title = {Collaborative Municipal Wi-Fi Networks - Challenges and Opportunities}, journal = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), IEEE.}, year = {2010}, month = {4}, day = {2}, volume = {1}, pages = {588 - 593}, abstract = {Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-percomws-collaborative-municipal-wi-fi.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), Mannheim, Germany.}, event_place = {Mannheim, Germany}, event_name = {Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010)}, event_date = {April 02, 2010}, language = {en}, ISBN = {978-1-4244-6605-4}, DOI = {10.1109/PERCOMW.2010.5470505}, author = {Heer, Tobias and Hummen, Ren{\'e} and Viol, Nicolai and Wirtz, Hanno and G{\"o}tz, Stefan and Wehrle, Klaus} } @Techreport { draft-ietf-hip-cert-03, title = {{Host Identity Protocol Certificates}}, year = {2010}, month = {4}, volume = {1}, number = {draft-ietf-hip-cert-03.txt}, note = {{expires: October 30, 2010 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-03}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-03}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { moskowitz-rfc5201-bis-01, title = {{Host Identity Protocol Version 2}}, year = {2010}, month = {3}, volume = {1}, number = {draft-moskowitz-hip-rfc5201-bis-01.txt}, note = {{expires: September 10, 2010 (work in progress)}}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-rfc5201-bis-01}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-moskowitz-hip-rfc5201-bis-01}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz Pekka Nikander, Robert and Jokela, Petri and R. Henderson, Thomas and Heer, Tobias} } @Article { VaegsDHH2010, title = {Learning by gaming: facts and myths}, journal = {International Journal of Technology Enhanced Learning (IJTEL)}, year = {2010}, volume = {2}, number = {1/2}, pages = {21-40}, abstract = {Gaming has undergone a transition from a niche hobby to a part of everyday culture. This transition, along with the advance in the use of the internet, has created a new kind of social environment, commonly known as virtual life. This paper presents the survey results of over 1000 gamers worldwide, in which they tell us how gaming affected their lives – both virtual and real – with regard to their career, relationships and social life. The analysis of the answers disproves common stereotypes about gamers, shows areas where gaming can very well be beneficial and where there are still problems.}, keywords = {video games, online games, learning by playing, soft skills, transferable skills, motivation, conflicts, social skills, careers, relationships, communities, technical competence, gaming, virtual life, social life, gamers}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-vaegs-JTEL-Gaming.pdf}, editor = {Martin Wolpers}, publisher = {Inderscience Publishers}, address = {Geneva, SWITZERLAND}, language = {en}, ISSN = {1753-5255}, DOI = {10.1504/IJTEL.2010.031258}, reviewed = {1}, author = {Vaegs, Tobias and Dugosija, Darko and Hackenbracht, Stephan and Hannemann, Anna} } @Inbook { 2010-kai-wifi, title = {Creating a Wireless LAN Standard: IEEE 802.11}, year = {2010}, pages = {53-109}, url = {https://www.comsys.rwth-aachen.de/typo3/file_list.php?id=\%2Fvar\%2Fwww\%2Ffileadmin\%2Fpapers\%2F2010\%2F\#}, misc2 = {print}, editor = {W. Lemstra; J. Groenewegen; V. Hayes}, publisher = {Cambridge University Press}, address = {Cambridge, UK}, chapter = {3}, booktitle = {The Innovation Journey of WiFi}, ISBN = {9780521199711}, author = {Jakobs, Kai and Lemstra, Wolter and Hayes, Vic and Tuch, Bruce and Links, Cess} } @Techreport { draft-ietf-hip-cert-02, title = {{Host Identity Protocol Certificates}}, year = {2009}, month = {10}, volume = {1}, number = {draft-ietf-hip-cert-02.txt}, note = {{expires: April 29, 2010 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-02}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-02}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Inproceedings { securityforpervasivemedicalsensornetworks, title = {Security for Pervasive Medical Sensor Networks}, year = {2009}, month = {7}, day = {13}, volume = {1}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-garcia-mobiq.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {6th Annual International Conference on Mobile and Ubiquitous Systems (MobiQuitous 2009), Toronto}, organization = {ICST/IEEE}, event_place = {Toronto, CAN}, event_name = {6th Annual International Conference on Mobile and Ubiquitous Systems (MobiQuitous 2009)}, language = {en}, ISBN = {978-963-9799-59-2}, DOI = {10.4108/ICST.MOBIQUITOUS2009.6832}, reviewed = {1}, author = {Garcia-Morchon, Oscar and Falck, Thomas and Heer, Tobias and Wehrle, Klaus} } @Techreport { draft-ietf-hip-cert-01, title = {{Host Identity Protocol Certificates}}, year = {2009}, month = {6}, volume = {1}, number = {draft-ietf-hip-cert-01.txt}, note = {{expires: January 2, 2010 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-01}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-01}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Article { 2009-pik-heer-leicht, title = {Leichtgewichtge Sicherheitsmechanismen f{\"u}r das Host Identity Protocol}, journal = {PIK Journal}, year = {2009}, month = {1}, volume = {32}, number = {1/09}, pages = {48-52}, note = {Diploma Thesis Award Article}, misc2 = {Print}, publisher = {K.G. Saur Verlag}, address = {Munich, Germany}, language = {de}, ISSN = {0930-5157}, author = {Heer, Tobias} } @Article { inproceedingsreference200903099502213244, title = {Time accurate integration of software prototypes with event-based network simulations}, journal = {Proceedings of the 11th Joint International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS/Performance 2009)}, year = {2009}, volume = {37}, number = {2}, pages = {49-50}, note = {Accepted as poster presentation.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-weingaertner-time-accurate-sigmetrics09.pdf}, misc2 = {Print}, publisher = {ACM SIGMETRICS}, address = {New York, NY, USA}, organization = {ACM}, language = {en}, ISSN = {0163-5999}, DOI = {10.1145/1639562.1639580}, reviewed = {1}, author = {Weingaertner, Elias and Schmidt, Florian and Heer, Tobias and Wehrle, Klaus} } @Inproceedings { 2009-thissen-GI-IMS, title = {Evaluating the Performance of an IMS/NGN Deployment}, year = {2009}, pages = {2561-2573}, misc2 = {Print}, editor = {S. Fischer, E. Maehle, R. Reischuk}, publisher = {Gesellschaft f{\"u}r Informatik}, series = {Lecture Notes in Informatics 154}, booktitle = {Informatik 2009 - Im Focus das Leben, Beitr{\"a}ge der 39. Jahrestagung der Gesellschaft f{\"u}r Informatik e.V. (GI)}, language = {en}, ISBN = {978-3-88579-248-2}, author = {Thi{\ss}en, Dirk and Espinosa Carl{\'i}n, Juan Miguel and Herpertz, Ren{\'e}} } @Inproceedings { 200906MobiArchgoetzprotocolorchestration, title = {Protocol Orchestration: A Semantic Approach to Communication Stacks}, year = {2009}, pages = {43-50}, abstract = {The diversity of today's networking environments, such as wired, wireless, cell-based, or multi-hop, is matched by an equally large amount and heterogeneity of specialized protocols, e.g., overlays, Wi-Fi positioning, MANET routing, cross-layer signaling. However, communication is typically performed with a static set of protocols selected at design time based on simplified assumptions ignoring the environment's heterogeneity. In this paper, we argue that protocols can be orchestrated as software components driven purely by their functionality and the demands of the execution environment. Our end-system protocol framework Adapt bases on extensible ontological models that semantically describe protocol and environment properties. At runtime, each connection receives a custom-tailored protocol stack that Adapt orchestrates from the requirements derived from the application, user, and environment. With this approach, end-systems can reason about the functionality and quality of automatically composed and adapted protocol compounds while remaining open to existing and future protocols.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-goetz-mobiarch-protocol-orchestration.pdf}, misc2 = {print}, editor = {Krzysztof Zielinski and Adam Wolisz and Jason Flinn and Anthony LaMarca}, publisher = {ACM}, address = {New York, NY, USA}, howpublished = {print}, booktitle = {Proceedings of the Fourth ACM International Workshop on Mobility in the Evolving Internet Architecture (ACM MobiArch '09)}, organization = {ACM Sigcomm/Sigmobile}, event_place = {Krakow, Poland}, event_name = {Fourth ACM International Workshop on Mobility in the Evolving Internet Architecture (ACM MobiArch '09), Krakow, Poland}, event_date = {2009-06-22}, language = {en}, reviewed = {1}, author = {G{\"o}tz, Stefan and Heer, Tobias and Wehrle, Klaus} } @Inproceedings { 2009morchonpodckeyagreementwsn, title = {Lightweight Key Agreement and Digital Certificates for Wireles Sensor Networks}, year = {2009}, volume = {1}, pages = {326-327}, note = {Brief Announcement}, misc2 = {Print}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 28th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC 2009), Calgary}, event_place = {Calgary, CN}, event_name = {28th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC 2009)}, language = {en}, ISBN = {978-963-9799-59-2}, DOI = {10.1145/1582716.1582791}, reviewed = {1}, author = {Garcia-Morchon, Oscar and Heer, Tobias and Tolhuizen, Ludo and Wehrle, Klaus} } @Inproceedings { 2009-icc-heer-middleboxes, title = {End-host Authentication and Authorization for Middleboxes based on a Cryptographic Namespace}, year = {2009}, volume = {1}, pages = {791-796}, abstract = {Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf}, misc2 = {Print}, publisher = {Piscataway, NJ, USA}, address = {Dresden, Germany}, booktitle = {Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany}, organization = {IEEE}, event_place = {Dresden, Germany}, event_name = {IEEE International Conference on Communications 2009 (ICC 2009)}, language = {en}, ISBN = {978-1-4244-3435-0}, ISSN = {1938-1883}, DOI = {10.1109/ICC.2009.5198984}, reviewed = {1}, author = {Heer, Tobias and Hummen, Ren{\'e} and Komu, Miika and G{\"o}tz, Stefan and Wehrle, Klaus} } @Techreport { 2009-heer-draft-midauth, title = {End-Host Authentication for HIP Middleboxes (Version 2)}, year = {2009}, number = {draft-heer-hip-midauth-02}, abstract = {The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.}, note = {Work in progress}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Heer, Tobias and Komu, Miika and Wehrle, Klaus} } @Techreport { 2009-heer-draft-service-id, title = {Service Identifiers for HIP}, year = {2009}, number = {draft-heer-hip-service-00}, abstract = {The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables HIP end-hosts and HIP-aware middleboxes to announce services to HIP hosts during a HIP Base EXchange (BEX) or HIP update. Service providers are able to specify the type and requirements of a service; clients can then decide to agree on the terms of service. This allows the service provider to verify the accordance of the client with the service conditions while the client is able to verify the authenticity of the used service.}, note = {Work in progress}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Heer, Tobias and Varjonen, Samu and Wirtz, Hanno} } @Inproceedings { goetz2008adapt, title = {ADAPT: A Semantics-Oriented Protocol Architecture}, year = {2008}, month = {12}, day = {10}, volume = {5343/2008}, pages = {287-292}, abstract = {Although modularized protocol frameworks are flexible and adaptive to the increasing heterogeneity of networking environments, it remains a challenge to automatically compose communication stacks from protocol modules. The typical static classification into network layers or class hierarchies cannot appropriately accommodate cross-cutting changes such as overlay routing or cross-layer signaling. In this paper, we discuss how protocol composition can be driven by functionality and demand at runtime based on extensible semantic models of protocols and their execution environment. Such an approach allows to reason about the functionality and quality of automatically composed and adapted protocol compounds and it is open to existing and future protocols.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2008/2008-goetz-mobiarch-adapt.pdf}, misc2 = {Print}, editor = {Karin Anna Hummel and James P. G. Sterbenz}, publisher = {Springer-Verlag}, address = {Tiergartenstra{\ss}e 17, 69121 Heidelberg, Germany}, series = {Lecture Notes in Computer Science}, booktitle = {Proceedings of the 3rd International Workshop on Self-Organizing Systems, Vienna, Austria}, event_place = {Vienna, Austria}, event_name = {3rd International Workshop on Self-Organizing Systems (IWSOS)}, event_date = {2008-12-10}, language = {en}, ISBN = {978-3-540-92156-1}, DOI = {10.1007/978-3-540-92157-8\textbackslash_27}, reviewed = {1}, author = {G{\"o}tz, Stefan and Beckel, Christian and Heer, Tobias and Wehrle, Klaus} } @Inproceedings { heer-2008-conext-alpha, title = {ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication}, year = {2008}, month = {12}, volume = {1}, pages = {23:1--23:12}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2008/2008-heer-conext-alpha.pdf}, misc2 = {Print}, publisher = {ACM}, address = {New York, NY, USA}, series = {CoNEXT '08}, booktitle = {Proceedings of the 2008 ACM CoNEXT Conference, Madrid, Spain}, event_place = {Madrid, Spain}, event_name = {ACM Conext 2008}, event_date = {December 2008}, language = {en}, ISBN = {978-1-60558-210-8}, DOI = {10.1145/1544012.1544035}, reviewed = {1}, author = {Heer, Tobias and G{\"o}tz, Stefan and Garcia-Morchon, Oscar and Wehrle, Klaus} } @Techreport { draft-ietf-hip-cert-00, title = {{Host Identity Protocol Certificates}}, year = {2008}, month = {10}, volume = {1}, number = {draft-ietf-hip-cert-00.txt}, note = {{expires: January 2, 2010 (work in progress)}}, url = {http://tools.ietf.org/html/draft-ietf-hip-cert-00}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-cert-00}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Inproceedings { DugosijaEHVHM2008, title = {Online Gaming as Tool for Career Development}, year = {2008}, month = {9}, day = {16}, volume = {386}, abstract = {Gaming has undergone a transition from a niche hobby to a part of everyday culture, with the most prominent examples of professional gaming in Korea and the success of World of Warcraft. This transition alongside with the advance of use of the Internet has created a new kind of social environment, commonly known as virtual life. This paper presents an excerpt of the results of a survey investigating this environment with particular regard to the interaction between gaming and career, relationships as well as social groups. “Man only plays when in the full meaning of the word he is a man, and he is only completely a man when he plays. ” Schiller 1}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2008/2008-steg-vaegs-gaming.pdf}, web_url = {http://www.slideshare.net/vaegs/online-gaming-as-tool-for-career-development-presentation}, editor = {Ralf Klamma, Nalin Sharda, Baltasar Fern{\'a}ndez-Manj{\'o}n, Harald Kosch and Marc Spaniol}, series = {CEUR Workshop Proceedings}, booktitle = {Proceedings of the First International Workshop on Story-Telling and Educational Games (STEG'08)}, event_place = {Maastricht School of Management, Maastricht, The Netherlands}, event_name = {First International Workshop on Story-Telling and Educational Games (STEG'08)}, event_date = {September 16, 2008}, language = {en}, author = {Dugosija, Darko and Efe, Vadi and Hackenbracht, Stephan and Vaegs, Tobias and Hannemann, Anna} } @Techreport { draft-varjonen-hip-cert-01, title = {{Host Identity Protocol Certificates}}, year = {2008}, month = {7}, volume = {1}, number = {draft-varjonen-hip-cert-01.txt}, note = {{expires: January 15, 2009 (work in progress)}}, url = {http://tools.ietf.org/html/draft-varjonen-hip-cert-01}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-varjonen-hip-cert-01}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Conference { 2008-heer-pisa-full, title = {Secure Wi-Fi Sharing at Global Scales}, year = {2008}, month = {6}, day = {16}, volume = {1}, pages = {1-7}, abstract = {The proliferation of broadband Internet connections has lead to an almost pervasive coverage of densely populated areas with private wireless access points. To leverage this coverage, sharing of access points as Internet uplinks among users has first become popular in communities of individuals and has recently been adopted as a business model by several companies. However, existing implementations and proposals suffer from the security risks of directly providing Internet access to strangers. In this paper, we present the P2P Wi-Fi Internet Sharing Architecture PISA, which eliminates these risks by introducing secure tunneling, cryptographic identities, and certificates as primary security concepts. Thus, PISA offers nomadic users the same security that they expect from a wired Internet connection at home. Based on its three fundamental mechanisms, PISA achieves a flexibility which opens significant advantages over existing systems. They include user mobility, anonymity, service levels with different performance and availability characteristics, and different revenue models for operators. With this combination of key features, PISA forms an essential basis for global, seamless, and secure Wi-Fi sharing for large communities.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2008/2008-heer-ict-secure-wifi.pdf}, misc2 = {Print}, publisher = {IEEE}, address = {Washington, DC, USA}, booktitle = {Proc. of 15th International Conference on Telecommunication (ICT), St. Petersburg, Russian Federation}, event_place = {St. Petersburg, Russian Federation}, event_name = {15th International Conference on Telecommunication (ICT)}, event_date = {16-19 June 2008}, language = {en}, ISBN = {978-1-4244-2035-3}, reviewed = {1}, author = {Heer, Tobias and G{\"o}tz, Stefan and Weingaertner, Elias and Wehrle, Klaus} } @Techreport { draft-varjonen-hip-cert-00, title = {{Host Identity Protocol Certificates}}, year = {2008}, month = {2}, volume = {1}, number = {draft-varjonen-hip-cert-01.txt}, note = {{expires: August 21, 2008 (work in progress)}}, url = {http://tools.ietf.org/html/draft-varjonen-hip-cert-00}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-varjonen-hip-cert-01}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, author = {Heer, Tobias and Varjonen, Samu} } @Article { 200808WeingaertnerSIGMETRICSPERSyncNetWorkEmulation, title = {Synchronized network emulation: matching prototypes with complex simulations}, journal = {SIGMETRICS Performance Evaluation Review}, year = {2008}, volume = {36}, number = {2}, pages = {58-63}, abstract = {Network emulation, in which real systems interact with a network simulation, is a common evaluation method in computer networking research. Until now, the simulation in charge of representing the network has been required to be real-time capable, as otherwise a time drift between the simulation and the real network devices may occur and corrupt the results. In this paper, we present our work on synchronized network emulation. By adding a central synchronization entity and by virtualizing real systems for means of control, we can build-up network emulations which contain both unmodified x86 systems and network simulations of any complexity.}, note = {This is a revised version of a paper originally presented at the ACM HotMetrics 2008 workshop.}, misc2 = {print}, language = {en}, ISSN = {0163-5999}, DOI = {10.1145/1453175.1453185}, reviewed = {1}, author = {Weingaertner, Elias and Schmidt, Florian and Heer, Tobias and Wehrle, Klaus} } @Inbook { 2008-thissen-LNCS-multimedia, title = {Multimedia and VR Support for Direct Communication of Designers}, year = {2008}, pages = {268-299}, misc2 = {Print}, editor = {M. Nagl, W. Marquardt}, publisher = {Springer}, series = {Lecture Notes in Computer Science 4970}, booktitle = {Collaborative and Distributed Chemical Engineering, From Understanding to Substantial Design Process Support}, language = {en}, ISBN = {978-3-540-70551-2}, author = {Sch{\"u}ppen, Andr{\'e} and Spaniol, Otto and Thi{\ss}en, Dirk and Assenmacher, Ingo and Haberstroh, Edmund and Kuhlen, Thorsten} } @Inbook { 2008-thissen-LNCS-synergy, title = {Synergy by Integrating New Functionality}, year = {2008}, pages = {519-526}, misc2 = {Print}, editor = {M. Nagl, W. Marquardt}, publisher = {Springer}, series = {Lecture Notes in Computer Science 4970}, booktitle = {Collaborative and Distributed Chemical Engineering, From Understanding to Substantial Design Process Support}, language = {en}, ISBN = {978-3-540-70551-2}, author = {Becker, Simon and Heller, Markus and Jarke, Matthias and Marquardt, Wolfgang and Nagl, Manfred and Spaniol, Otto and Thi{\ss}en, Dirk} } @Inbook { 2008-heer-hipbook-lhip, title = {Lightweight HIP}, year = {2008}, volume = {1}, pages = {121-163}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0470997907.html}, misc2 = {Print}, editor = {Andrei Gurtov}, publisher = {Wiley and Sons}, address = {West Sussex, England, UK}, chapter = {8}, booktitle = {Host Identity Protocol (HIP): Towards the Secure Mobile Internet}, language = {en}, ISBN = {978-0-470-99790-1}, author = {Heer, Tobias} } @Inbook { 2008-heer-hipbook-security, title = {Introduction to Network Security}, year = {2008}, volume = {1}, pages = {13-42}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0470997907.html}, misc2 = {Print}, editor = {Andrei Gurtov}, publisher = {Wiley and Sons}, address = {West Sussex, England, UK}, chapter = {2}, booktitle = {Host Identity Protocol (HIP): Towards the Secure Mobile Internet}, language = {en}, ISBN = {978-0-470-99790-1}, author = {Heer, Tobias} } @Techreport { 2008-heer-draft-cert-2, title = {HIP Certificates (Version 0)}, year = {2008}, abstract = {This document specifies a certificate parameter called CERT for the Host Identity Protocol (HIP). The CERT parameter is a container for Simple Public Key Infrastructure (SPKI) and X.509 certificates. It is used for carrying these certificates in HIP control messages. Additionally, this document specifies the representations of Host Identity Tags in SPKI certificates.}, note = {Work in progress}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Varjonen, Samu and Heer, Tobias} } @Techreport { 2008-heer-draft-midauth, title = {End-Host Authentication for HIP Middleboxes (Version 1)}, year = {2008}, number = {draft-heer-hip-midauth-01}, abstract = {The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.}, note = {Work in progress}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Heer, Tobias and Komu, Miika and Wehrle, Klaus} } @Techreport { 2008-heer-draft-cert, title = {HIP Certificates (Version 1)}, year = {2008}, abstract = {This document specifies a certificate parameter called CERT for the Host Identity Protocol (HIP). The CERT parameter is a container for Simple Public Key Infrastructure (SPKI) and X.509 certificates. It is used for carrying these certificates in HIP control messages. Additionally, this document specifies the representations of Host Identity Tags in SPKI certificates.}, note = {draft-varjonen-hip-cert-01.txt. Work in progress.}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Varjonen, Samu and Heer, Tobias} } @Inproceedings { 2007-heer-pisa, title = {PISA: P2P Wi-Fi Internet Sharing Architecture}, journal = {Seventh IEEE International Conference on Peer-to-Peer Computing, P2P 2007}, year = {2007}, month = {9}, day = {2}, volume = {1}, pages = {251-252}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2007/2007-p2p-heer-pisa.pdf}, misc2 = {Print}, publisher = {IEEE}, address = {Washington, DC, USA}, booktitle = {Proceedings of the Seventh IEEE International Conference on Peer-to-Peer Computing, 2007. P2P 2007, Galway, Ireland.}, event_place = {Galway, Ireland}, event_name = {Seventh IEEE International Conference on Peer-to-Peer Computing, 2007. P2P 2007.}, language = {en}, ISBN = {978-0-7695-2986-8}, DOI = {10.1109/P2P.2007.12}, reviewed = {1}, author = {Heer, Tobias and Li, Shaohui and Wehrle, Klaus} } @Article { LandsiedelEtAl2007, title = {MHT: A Mobility-Aware Distributed Hash Table}, journal = {Special Issue on Peer-to-Peer of the it - Information Technology Journal}, year = {2007}, volume = {49}, number = {5}, pages = {298-303}, abstract = {Mobile ad-hoc networks and distributed hash tables share key characteristics in terms of self organization, decentralization, redundancy requirements, and limited infrastructure. However, node mobility and the continually changing physical topology pose a special challenge to scalability and the design of a DHT for mobile ad-hoc networks. In this paper, we show that with some local knowledge we can build a scalable and mobile structured peer-to-peer network, called Mobile Hash Table (MHT). Furthermore, we discuss practical challenges such as Churn, load balacing and security of the Mobile Hash Table. A special focus is put on the differences and new challenges that the use of a DHT in a mobile environment poses.}, note = {http://it-Information-Technology.de}, misc2 = {Print}, publisher = {Oldenbourg Verlag}, address = {Munich, Germany}, language = {en}, ISSN = {1611-2776}, reviewed = {1}, author = {Landsiedel, Olaf and Heer, Tobias and Wehrle, Klaus} } @Inproceedings { GarciaMorchonEtAl2007, title = {Cooperative Security in Distributed Sensor Networks}, year = {2007}, volume = {1}, misc2 = {Print}, publisher = {IEEE}, address = {Washington, DC, USA}, series = {1}, booktitle = {Proceedings of the third International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2007}, organization = {IEEE}, event_name = {CollaborateCom}, language = {en}, ISBN = {978-1-4244-1318-8}, reviewed = {1}, author = {Garcia-Morchon, Oscar and Baldus, Heribert and Heer, Tobias and Wehrle, Klaus} } @Techreport { 2007-heer-draft-lhip, title = {LHIP Lightweight Authentication Extension for HIP}, year = {2007}, abstract = {This document specifies the Lightweight authentication extension forthe Host Identifier Protocol (LHIP). The goal of LHIP is to reduce the computational requirements of the Host Identifier Protocol (HIP), thus, making its benefits, such as end-host mobility and multihoming, accessible to CPU-restricted devices. LHIP reduces the computational cost of establishing, updating, and closing a HIP association by providing an alternative way of signing and verifying HIP control packets which is based on computationally inexpensive hash function computations and hash chains. However, LHIP does not provide nor does it aim at providing the same level of security as HIP does. Especially, host authentication and payload encryption are not possible. The LHIP extensions in this draft specify also mechanisms for dynamic transitioning between lightweight and full HIP associations on the fly.}, note = {Work in progress}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Heer, Tobias} } @Techreport { 2007-heer-draft-midauth, title = {End-Host Authentication for HIP Middleboxes}, year = {2007}, number = {draft-heer-hip-midauth-00}, abstract = {The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.}, note = {Work in progress}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Heer, Tobias} } @Inproceedings { 2006-heer-percomws-adapt-dht, title = {Adapting Distributed Hash Tables for Mobile Ad Hoc Networks}, year = {2006}, month = {3}, day = {16}, volume = {1}, pages = {1-6}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2005/2006-heer-percomws-dht-adhoc.pdf}, misc2 = {Print}, publisher = {IEEE}, address = {Washington, DC, USA}, booktitle = {In Proceedings of 3. IEEE International Workshop on Mobile Peer-to-Peer Computing (MP2P'06), Pisa, Italy.}, event_place = {Pisa, Italy}, event_name = {IEEE International Workshop on Mobile Peer-to-Peer Computing}, event_date = {March 2006}, language = {en}, ISBN = {0-7695-2520-2}, DOI = {10.1109/PERCOMW.2006.16}, reviewed = {1}, author = {Heer, Tobias and G{\"o}tz, Stefan and Rieche, Simon and Wehrle, Klaus} } @Inproceedings { 2005-heer-p2p-ad-hoc, title = {Einsatz Verteilter Hash-Tabellen in mobilen Netzen}, year = {2005}, volume = {1}, pages = {73-76}, note = {DS-Group student project}, misc2 = {Print}, publisher = {GI, Gesellschaft f{\"u}r Informatik}, address = {Bonn, Germany}, booktitle = {Proceedings of GI-Informatiktage 2005}, event_place = {Bonn}, event_name = {GI Informatiktage 2005}, language = {de}, ISBN = {3-88579-436-5}, reviewed = {1}, author = {Heer, Tobias} } @Inproceedings { 200504mongerinformatiktage, title = {Eine strategieorientierte, modulare Simulationsumgebung f{\"u}r mobile Ad-Hoc-Szenarien}, year = {2005}, address = {Schloss Birlinghoven}, booktitle = {Proceedings of GI-Informatiktage 2005}, author = {Monger, Andreas and Hofmann, Stefanie and Bronni, Jan and Kronfeld, Marcel} } @Inproceedings { 2006-heer-gi2004, title = {On the Use of Structured P2P Indexing Mechanisms in Mobile Ad-Hoc Scenarios}, year = {2004}, month = {9}, volume = {51}, pages = {239-244}, abstract = {Recently, Distributed Hash Tables evolved to a preferred approach for decentralized data management in widely distributed systems. Due to their crucial characteristics – namely scalability, flexibility, and resilience – they are quite interesting for being applied in ad-hoc networks. But, there are plenty of open questions concerning the applicability of Distributed Hash Tables in mobile ad-hoc scenarios: Do new problems arise when both technologies are used together? Are there any synergy effects when both technologies are combined? Are the results and assumptions, made for the infrastructural Internet, still true if a mobile ad-hoc network is used instead? In this paper, we discuss these and further questions and offer some solutions for using Distributed Hash Tables in ad-hoc networks.}, misc2 = {Print}, publisher = {GI. LNI}, address = {Bonn, Germany}, series = {LNI}, booktitle = {Proceedings of Workshop on Algorithms and Protocols for Efficient Peer-to-Peer Applications (PEPPA), GI-Jahrestagung Informatik 2004, Bonn, Germany}, event_place = {Ulm, Germany}, event_name = {GI-Jahrestagung Informatik 2004}, language = {en}, ISBN = {3-88579-380-6}, reviewed = {1}, author = {Heer, Tobias and Niedermayer, Heiko and Petrak, Leo and Rieche, Simon and Wehrle, Klaus} }