% % This file was created by the TYPO3 extension % bib % --- Timezone: CET % Creation date: 2024-03-29 % Creation time: 07-00-05 % --- Number of references % 6 % @Inproceedings { 2021_mitseva_sequences, title = {POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages}, year = {2021}, month = {11}, day = {17}, pages = {2411-2413}, abstract = {Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20\% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface.}, keywords = {Traffic Analysis; Website Fingerprinting; Web Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, event_place = {Seoul, Korea}, event_date = {November 15-19, 2021}, ISBN = {978-1-4503-8454-4/21/11}, DOI = {10.1145/3460120.3485347}, reviewed = {1}, author = {Mitseva, Asya and Pennekamp, Jan and Lohm{\"o}ller, Johannes and Ziemann, Torsten and Hoerchner, Carl and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2021_pennekamp_bootstrapping, title = {Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships}, year = {2021}, month = {11}, day = {15}, number = {RWTH-2021-09499}, abstract = {In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment.}, keywords = {bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf}, publisher = {RWTH Aachen University}, booktitle = {Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, institution = {RWTH Aachen University}, event_place = {Seoul, Korea}, event_date = {November 14, 2021}, DOI = {10.18154/RWTH-2021-09499}, author = {Pennekamp, Jan and Fuhrmann, Frederik and Dahlmanns, Markus and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2021-glebke-service-based-forwarding, title = {Service-based Forwarding via Programmable Dataplanes}, year = {2021}, month = {6}, day = {10}, tags = {reflexes}, url = {/fileadmin/papers/2021/2021-glebke-service-based-forwarding.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2021 IEEE International Conference on High Performance Switching and Routing: Workshop on Semantic Addressing and Routing for Future Networks (SARNET-21)}, ISBN = {978-1-6654-4005-9}, ISSN = {2325-5609}, DOI = {10.1109/HPSR52026.2021.9481814}, reviewed = {1}, author = {Glebke, Ren{\'e} and Trossen, Dirk and Kunze, Ike and Lou, David and R{\"u}th, Jan and Stoffers, Mirko and Wehrle, Klaus} } @Article { 2021_bader_privaccichain, title = {Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability}, journal = {Information Processing \& Management}, year = {2021}, month = {5}, day = {1}, volume = {58}, number = {3}, abstract = {The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships.}, keywords = {multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf}, publisher = {Elsevier}, ISSN = {0306-4573}, DOI = {10.1016/j.ipm.2021.102529}, reviewed = {1}, author = {Bader, Lennart and Pennekamp, Jan and Matzutt, Roman and Hedderich, David and Kowalski, Markus and Lücken, Volker and Wehrle, Klaus} } @Article { 2021_schomakers_insights, title = {Insights on Data Sensitivity from the Technical, Legal and the Users' Perspectives}, journal = {Computer Law Review International}, year = {2021}, month = {2}, day = {15}, volume = {22}, number = {1}, pages = {8-15}, abstract = {Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to ''special categories'' of data. This article assesses the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as ''potentially sensitive.'' The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. The key findings here suggest the GDPR adequately protecting users' privacy but for small adjustments.}, tags = {Information Sensitivity, Privacy, European Data Protection Law}, ISSN = {1610-7608}, DOI = {10.9785/cri-2021-220103}, reviewed = {1}, author = {Schomakers, Eva-Maria and Lidynia, Chantal and M{\"u}llmann, Dirk and Matzutt, Roman and Wehrle, Klaus and Spiecker gen. D{\"o}hmann, Indra and Ziefle, Martina} } @Inproceedings { 2019_rut_schomakers_privacy, title = {Putting Privacy into Perspective -- Comparing Technical, Legal, and Users' View of Information Sensitivity}, year = {2021}, month = {1}, day = {27}, pages = {857-870}, abstract = {Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to ''special categories'' of data. In this paper, we assess the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as ''potentially sensitive.'' The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. Our key findings still suggest the GDPR adequately protecting users' privacy but for small adjustments.}, keywords = {Information Sensitivity,Privacy,European Data Protection Law}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-schomakers-3perspectives.pdf}, web_url = {https://dl.gi.de/handle/20.500.12116/34788}, web_url2 = {https://arxiv.org/abs/1911.06569}, publisher = {Gesellschaft f{\"u}r Informatik}, address = {Bonn}, booktitle = {INFORMATIK 2020}, event_place = {Karlsruhe, Germany}, event_name = {INFORMATIK 2020}, event_date = {2020-09-28 to 2020-10-01}, language = {English}, DOI = {10.18420/inf2020_76}, reviewed = {1}, author = {Schomakers, Eva-Maria and Lidynia, Chantal and M{\"u}llmann, Dirk and Matzutt, Roman and Wehrle, Klaus and Spiecker gen. D{\"o}hmann, Indra and Ziefle, Martina} }