This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-04-18 Creation time: 06-48-41 --- Number of references 4 inproceedings 2020_pennekamp_benchmarking 2020 12 15 31-44 Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of companies using secure multi-party computation or homomorphic encryption. However, related work so far does not consider that also the benchmarking algorithm, used in today's applied real-world scenarios to compute all relevant statistics, itself contains significant intellectual property, and thus needs to be protected. Addressing this issue, we present PCB — a practical design for Privacy-preserving Company Benchmarking that utilizes homomorphic encryption and a privacy proxy — which is specifically tailored for realistic real-world applications in which we protect companies' sensitive input data and the valuable algorithms used to compute underlying key performance indicators. We evaluate PCB's performance using synthetic measurements and showcase its applicability alongside an actual company benchmarking performed in the domain of injection molding, covering 48 distinct key performance indicators calculated out of hundreds of different input values. By protecting the privacy of all participants, we enable them to fully profit from the benefits of company benchmarking. practical encrypted computing; homomorphic encryption; algorithm confidentiality; benchmarking; key performance indicators; industrial application; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-company-benchmarking.pdf https://eprint.iacr.org/2020/1512 HomomorphicEncryption.org Proceedings of the 8th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC '20), December 15, 2020, Virtual Event Virtual Event December 15, 2020 978-3-00-067798-4 10.25835/0072999 1 JanPennekamp PatrickSapel Ina BereniceFink SimonWagner SebastianReuter ChristianHopmann KlausWehrle MartinHenze proceedings fink-lcn-demons-2020 2020 11 15 nerd-nrw https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-fink-lcn-mud-smartphone.pdf IEEE online Sydney, Australia 45th IEEE Conference on Local Computer Networks (LCN) November 16-19, 2020 10.1109/LCN48667.2020.9314782 1 Ina BereniceFink MartinSerror KlausWehrle inproceedings 2020-dahlmanns-imc-opcua 2020 10 27 101-110 Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols. industrial communication; network security; security configuration internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf ACM Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA Pittsburgh, PA, USA ACM Internet Measurement Conference 2020 October 27-29, 2020 978-1-4503-8138-3/20/10 10.1145/3419394.3423666 1 MarkusDahlmanns JohannesLohmöller Ina BereniceFink JanPennekamp KlausWehrle MartinHenze inproceedings 2020_roepert_opcua 2020 4 2 To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors. internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf en University of Tübingen Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany Tübingen, Germany April 2-3, 2020 10.15496/publikation-41813 1 LinusRoepert MarkusDahlmanns Ina BereniceFink JanPennekamp MartinHenze