This file was created by the TYPO3 extension bib --- Timezone: UTC Creation date: 2024-12-03 Creation time: 18-39-38 --- Number of references 8 inproceedings 2024_lohmoeller_tee_datasharing Complementing Organizational Security in Data Ecosystems with Technical Guarantees 2024 12 19 Federated data ecosystems continue to emerge to connect previously isolated data silos across organizational boundaries over the Internet. These platforms aim to facilitate data sharing while maintaining data sovereignty, which is supposed to empower data owners to retain control over their data. However, the employed organizational security measures, such as policy-enforcing middleware besides software certification, processes, and employees are insufficient to provide reliable guarantees against malicious insiders. This paper thus proposes a corresponding technical solution for federated platforms that builds on communication between Trusted Execution Environments (TEEs) and demonstrates the feasibility of technically enforceable data protection. Specifically, we provide dependable guarantees for data owners formulated via rich policies while maintaining usability as a general-purpose data exchange platform. Further, by evaluating a real-world use case that concerns sharing sensitive genomic data, we demonstrate its real-world suitability. Our findings emphasize the potential of TEEs in establishing trust and increasing data security for federated data scenarios far beyond a single use case. internet-of-production;health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-tee-data-sharing.pdf IEEE Proceedings of the 1st Conference on Building a Secure and Empowered Cyberspace (BuildSEC '24), December 19-21, 2024, New Delhi, India New Delhi, India Building a Secure & Empowered Cyberspace December 19-21, 2024 accepted en 1 JohannesLohmöller RomanMatzutt JoschaLoos EduardVlad JanPennekamp KlausWehrle inproceedings 2024_lohmoeller_scematch scE(match): Privacy-Preserving Cluster Matching of Single-Cell Data 2024 12 16 Advances in single-cell RNA sequencing (scRNA-seq) have dramatically enhanced our understanding of cellular functions and disease mechanisms. Despite its potential, scRNA-seq faces significant challenges related to data privacy, cost, and Intellectual Property (IP) protection, which hinder the sharing and collaborative use of these sensitive datasets. In this paper, we introduce a novel method, scE(match), a privacy-preserving tool that facilitates the matching of single-cell clusters between different datasets by relying on scmap as an established projection tool, but without compromising data privacy or IP. scE(match) utilizes homomorphic encryption to ensure that data and unique cell clusters remain confidential while enabling the identification of overlapping cell types for further collaboration and downstream analysis. Our evaluation shows that scE(match) performantly matches cell types across datasets with high precision, addressing both practical and ethical concerns in sharing scRNA-seq data. This approach not only supports secure data collaboration but also fosters advances in biomedical research by reliably protecting sensitive information and IP rights. confidentiality; scmap; privacy-preserving computations; offloading; healthcare rfc;health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-scEmatch.pdf IEEE Proceedings of the International Workshop on AI-Driven Trust, Security and Privacy in Computer Networks (AI-Driven TSP '24), co-located with the 23rd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '24), December 17-21, 2024, Sanya, China Sanya, China TrustCom 2024 December 17-21, 2024 accepted en 1 JohannesLohmöller JannisScheiber RafaelKramann KlausWehrle SikanderHayat JanPennekamp article 2024_querfurth_mcbert mcBERT: Patient-Level Single-cell Transcriptomics Data Representation bioRxiv 2024 11 7 health 10.1101/2024.11.04.621897 Benediktvon Querfurth JohannesLohmöller JanPennekamp ToreBleckwehl RafaelKramann KlausWehrle SikanderHayat inproceedings 2024_lohmoeller_consent Toward Technically Enforceable Consent in Healthcare Research 2024 10 17 4 7-12 health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-consent-aware-discovery.pdf Online Fraunhofer ISI Research Papers of the Platform Privacy, 2024, October 17-18, Berlin, Germany Berlin Plattform Privatheit October 17-18, 2024 en 2942-8874 10.24406/publica-3685 1 JohannesLohmöller JanPennekamp KlausWehrle inproceedings 2024-dahlmanns-cired Reliable and Secure Control Center to Station Device Communication 2024 6 19 The increasing demands on the power grid require intelligent and flexible solutions that ensure the grid's stability. Many of these measures involve sophisticated communication between the control center and the stations that is not efficiently realizable using traditional protocols, e.g., IEC 60870-5-104. To this end, IEC 61850 introduces data models which allow flexible communication. Still, the specification leaves open how DSOs should interconnect their stations to realize resilient communication between the control center and station devices. However, DSOs require such communication to adapt modern solutions increasing the grid's capacity, e.g., adaptive protection systems. In this paper, we present our envisioned network and communication concept for future DSO's ICT infrastructures that enables the control center to resiliently and flexibly communicate with station devices. For resilience, we suggest interconnecting each station with two distinct communication paths to the control center, use MPLS-TP and MPTCP for fast failovers when a single link fails, and mTLS to protect the communication possibilities against misuse. Additionally, in accordance with IEC 61850, we envision the control center to communicate with the station devices using MMS by using the station RTU as a proxy. ven2us Proceedings of the CIRED workshop on Increasing Distribution Network Hosting Capacity 2024, June 19-20, 2024, Vienna, Austria Vienna CIRED workshop on Increasing Distribution Network Hosting Capacity 2024 June 19-20, 2024 10.1049/icp.2024.2096 1 MarkusDahlmanns Ina BereniceFink GerritErichsen GuosongLin ThomasHammer BurkhardBorkenhagen SebastianSchneider ChristofMaahsen KlausWehrle inproceedings 2024_dahlmanns_ipv6-deployments Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet 2024 5 10 Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data. Internet of Things, security, Internet measurements, IPv6, address generators internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-ipv6.pdf IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 10.1109/NOMS59830.2024.10574963 1 MarkusDahlmanns FelixHeidenreich JohannesLohmöller JanPennekamp KlausWehrle MartinHenze article 2024_lohmoeller_sovereignty-survey The Unresolved Need for Dependable Guarantees on Security, Sovereignty, and Trust in Data Ecosystems Data & Knowledge Engineering 2024 5 1 151 Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts. Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases internet-of-production; coat-ers; vesitrust; health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf Elsevier 0169-023X 10.1016/j.datak.2024.102301 1 JohannesLohmöller JanPennekamp RomanMatzutt Carolin VictoriaSchneider EduardVlad ChristianTrautwein KlausWehrle article 2024_pennekamp_supply-chain-survey An Interdisciplinary Survey on Information Flows in Supply Chains ACM Computing Surveys 2024 2 1 56 2 Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points. information flows; data communication; supply chain management; data security; data sharing; systematic literature review internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf ACM 0360-0300 10.1145/3606693 1 JanPennekamp RomanMatzutt ChristopherKlinkmüller LennartBader MartinSerror EricWagner SidraMalik MariaSpiß JessicaRahn TanGürpinar EduardVlad Sander J. J.Leemans Salil S.Kanhere VolkerStich KlausWehrle