This file was created by the TYPO3 extension
bib
--- Timezone: UTC
Creation date: 2025-01-15
Creation time: 19-18-44
--- Number of references
87
inproceedings
2024-wagner-madtls
Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication
2024
7
1
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf
ACM
19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur
Singapur
ACM ASIA Conference on Computer and Communications Security (AsiaCCS)
July 1-5, 2024
10.1145/3634737.3637640
1
EricWagner
DavidHeye
MartinSerror
IkeKunze
KlausWehrle
MartinHenze
inproceedings
2024_dahlmanns_ipv6-deployments
Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet
2024
5
10
Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.
Internet of Things, security, Internet measurements, IPv6, address generators
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-ipv6.pdf
IEEE
Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea
Seoul, Korea
2024 IEEE Network Operations and Management Symposium
May 6-10, 2024
10.1109/NOMS59830.2024.10574963
1
MarkusDahlmanns
FelixHeidenreich
JohannesLohmöller
JanPennekamp
KlausWehrle
MartinHenze
incollection
2024_matzutt_blockchain-content
Illicit Blockchain Content – Its Different Shapes, Consequences, and Remedies
2024
3
7
105
301-336
Augmenting public blockchains with arbitrary, nonfinancial content fuels novel applications that facilitate the interactions between mutually distrusting parties. However, new risks emerge at the same time when illegal content is added. This chapter thus provides a holistic overview of the risks of content insertion as well as proposed countermeasures. We first establish a simple framework for how content is added to the blockchain and subsequently distributed across the blockchain’s underlying peer-to-peer network. We then discuss technical as well as legal implications of this form of content distribution and give a systematic overview of basic methods and high-level services for inserting arbitrary blockchain content. Afterward, we assess to which extent these methods and services have been used in the past on the blockchains of Bitcoin Core, Bitcoin Cash, and Bitcoin SV, respectively. Based on this assessment of the current state of (unwanted) blockchain content, we discuss (a) countermeasures to mitigate its insertion, (b) how pruning blockchains relates to this issue, and (c) how strategically weakening the otherwise desired immutability of a blockchain allows for redacting objectionable content. We conclude this chapter by identifying future research directions in the domain of blockchain content insertion.
Blockchain content insertion; Illicit content; Pruning; Redaction
Springer
Advances in Information Security
10
Blockchains – A Handbook on Fundamentals, Platforms and Applications
978-3-031-32145-0
10.1007/978-3-031-32146-7_10
1
RomanMatzutt
MartinHenze
DirkMüllmann
KlausWehrle
inproceedings
2024-wagner-acns-aggregate
When and How to Aggregate Message Authentication Codes on Lossy Channels?
2024
3
5
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-mac-aggregation.pdf
22nd International Conference on Applied Cryptography and Network Security (ACNS '24), Abu Dhabi, UAE
Abu Dhabi, UAE
International Conference on Applied Cryptography and Network Security (ACNS)
March 5-9, 2024
accepted
1
EricWagner
MartinSerror
KlausWehrle
MartinHenze
article
2023_lamberts_metrics-sok
SoK: Evaluations in Industrial Intrusion Detection Research
Journal of Systems Research
2023
10
31
3
1
Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward.
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf
eScholarship Publishing
2770-5501
10.5070/SR33162445
1
OlavLamberts
KonradWolsing
EricWagner
JanPennekamp
JanBauer
KlausWehrle
MartinHenze
inproceedings
2023-wagner-lcn-repel
Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols
2023
10
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wagner-repel.pdf
IEEE
48th IEEE Conference on Local Computer Networks (LCN), Daytona Beach, Florida, US
Daytona Beach, Florida, US
IEEE Conference on Local Computer Networks (LCN)
Oktober 1-5, 2023
accepted
en
1
EricWagner
NilsRothaug
KonradWolsing
LennartBader
KlausWehrle
MartinHenze
inproceedings
2023-bader-metrics
METRICS: A Methodology for Evaluating and Testing the Resilience of Industrial Control Systems to Cyberattacks
2023
9
28
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-bader-metrics.pdf
Proceedings of the 9th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems
(CyberICPS '23), co-located with the the 28th European Symposium on Research in Computer Security (ESORICS '23)
The Hague, The Netherlands
9th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS '23)
September 28, 2023
accepted
10.1007/978-3-031-54204-6_2
1
LennartBader
EricWagner
MartinHenze
MartinSerror
inproceedings
2023_wolsing_ensemble
One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection
2023
9
25
14345
102-122
Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity.
Lecture Notes in Computer Science (LNCS), Volume 14345
Intrusion Detection; Ensemble Learning; ICS
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wolsing-ensemble-iids.pdf
Springer
Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands
The Hague, The Netherlands
28th European Symposium on Research in Computer Security (ESORICS '23)
September 25-29, 2023
978-3-031-51475-3
0302-9743
10.1007/978-3-031-51476-0_6
1
KonradWolsing
DominikKus
EricWagner
JanPennekamp
KlausWehrle
MartinHenze
inproceedings
2023_pennekamp_benchmarking_comparison
Designing Secure and Privacy-Preserving Information Systems for Industry Benchmarking
2023
6
15
13901
489-505
Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees—an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today's building blocks from private computing.
Lecture Notes in Computer Science (LNCS), Volume 13901
real-world computing; trusted execution environments; homomorphic encryption; key performance indicators; benchmarking
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-industry-benchmarking.pdf
Springer
Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain
Zaragoza, Spain
35th International Conference on Advanced Information Systems Engineering (CAiSE '23)
June 12-16, 2023
978-3-031-34559-3
0302-9743
10.1007/978-3-031-34560-9_29
1
JanPennekamp
JohannesLohmöller
EduardVlad
JoschaLoos
NiklasRodemann
PatrickSapel
Ina BereniceFink
SethSchmitz
ChristianHopmann
MatthiasJarke
GüntherSchuh
KlausWehrle
MartinHenze
incollection
2023_pennekamp_crd-a.i
Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead
2023
2
8
35-60
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.
Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf
Springer
Interdisciplinary Excellence Accelerator Series
Internet of Production: Fundamentals, Applications and Proceedings
978-3-031-44496-8
10.1007/978-3-031-44497-5_2
1
JanPennekamp
AnastasiiaBelova
ThomasBergs
MatthiasBodenbenner
AndreasBührig-Polaczek
MarkusDahlmanns
IkeKunze
MoritzKröger
SandraGeisler
MartinHenze
DanielLütticke
BenjaminMontavon
PhilippNiemietz
LuciaOrtjohann
MaximilianRudack
Robert H.Schmitt
UweVroomen
KlausWehrle
MichaelZeng
inproceedings
2022_kus_ensemble
Poster: Ensemble Learning for Industrial Intrusion Detection
2022
12
8
RWTH-2022-10809
Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor different parts of the system, e.g., the network or the physical process. Combining multiple such systems promises to leverage their joint strengths, allowing the detection of a wider range of attacks due to their diverse specializations and reducing false positives. We study this concept's feasibility with initial results of various methods to combine detectors.
rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-ensemble-poster.pdf
RWTH Aachen University
38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA
RWTH Aachen University
Austin, TX, USA
38th Annual Computer Security Applications Conference (ACSAC '22)
December 5-9, 2022
10.18154/RWTH-2022-10809
1
DominikKus
KonradWolsing
JanPennekamp
EricWagner
MartinHenze
KlausWehrle
inproceedings
2022_pennekamp_cumul
CUMUL & Co: High-Impact Artifacts for Website Fingerprinting Research
2022
12
8
RWTH-2022-10811
Anonymous communication on the Internet is about hiding the relationship between communicating parties. At NDSS '16, we presented a new website fingerprinting approach, CUMUL, that utilizes novel features and a simple yet powerful algorithm to attack anonymization networks such as Tor. Based on pattern observation of data flows, this attack aims at identifying the content of encrypted and anonymized connections. Apart from the feature generation and the used classifier, we also provided a large dataset to the research community to study the attack at Internet scale. In this paper, we emphasize the impact of our artifacts by analyzing publications referring to our work with respect to the dataset, feature extraction method, and source code of the implementation. Based on this data, we draw conclusions about the impact of our artifacts on the research field and discuss their influence on related cybersecurity topics. Overall, from 393 unique citations, we discover more than 130 academic references that utilize our artifacts, 61 among them are highly influential (according to SemanticScholar), and at least 35 are from top-ranked security venues. This data underlines the significant relevance and impact of our work as well as of our artifacts in the community and beyond.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-pennekamp-cumul-artifacts.pdf
https://www.acsac.org/2022/program/artifacts_competition/
ACSA
Cybersecurity Artifacts Competition and Impact Award at 38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA
Austin, TX, USA
38th Annual Computer Security Applications Conference (ACSAC '22)
December 5-9, 2022
10.18154/RWTH-2022-10811
1
JanPennekamp
MartinHenze
AndreasZinnen
FabianLanze
KlausWehrle
AndriyPanchenko
inproceedings
2022-serror-ccs-inside
Poster: INSIDE - Enhancing Network Intrusion Detection in Power Grids with Automated Facility Monitoring
2022
11
7
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-serror-ccs-inside.pdf
ACM
online
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Los Angeles, CA, USA
November 8, 2022
10.1145/3548606.3563500
1
MartinSerror
LennartBader
MartinHenze
ArneSchwarze
KaiNürnberger
inproceedings
2022-wolsing-ipal
IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems
2022
10
26
The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable communication or process behavior. However, current efforts mostly focus on specific domains and protocols, leading to a research landscape broken up into isolated silos. Thus, existing approaches cannot be applied to other industries that would equally benefit from powerful detection. To better understand this issue, we survey 53 detection systems and find no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenarios in theory. To unlock this potential, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial protocols. After proving IPAL’s correctness in a reproducibility study of related work, we showcase its unique benefits by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols and can perform outside their restricted silos.
/fileadmin/papers/2022/2022-wolsing-ipal.pdf
Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)
10.1145/3545948.3545968
1
KonradWolsing
EricWagner
AntoineSaillard
MartinHenze
article
2022-henze-tii-prada
Complying with Data Handling Requirements in Cloud Storage Systems
IEEE Transactions on Cloud Computing
2022
9
10
3
1661-1674
In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today’s cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present Prada , a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, Prada introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement Prada on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-henze-tii-prada.pdf
Online
en
2168-7161
10.1109/TCC.2020.3000336
1
MartinHenze
RomanMatzutt
JensHiller
ErikMühmer
Jan HenrikZiegeldorf
Johannesvan der Giet
KlausWehrle
proceedings
2022-wolsing-radarsec
Network Attacks Against Marine Radar Systems: A Taxonomy, Simulation Environment, and Dataset
2022
9
rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-radar.pdf
IEEE
Edmonton, Canada
47th IEEE Conference on Local Computer Networks (LCN)
September 26-29, 2022
10.1109/LCN53696.2022.9843801
1
KonradWolsing
AntoineSaillard
JanBauer
EricWagner
Christianvan Sloun
Ina BereniceFink
MariSchmidt
KlausWehrle
MartinHenze
inproceedings
2022-wolsing-simple
Can Industrial Intrusion Detection Be SIMPLE?
2022
9
978-3-031-17143-7
574--594
Cyberattacks against industrial control systems pose a serious risk to the safety of humans and the environment. Industrial intrusion detection systems oppose this threat by continuously monitoring industrial processes and alerting any deviations from learned normal behavior. To this end, various streams of research rely on advanced and complex approaches, i.e., artificial neural networks, thus achieving allegedly high detection rates. However, as we show in an analysis of 70 approaches from related work, their inherent complexity comes with undesired properties. For example, they exhibit incomprehensible alarms and models only specialized personnel can understand, thus limiting their broad applicability in a heterogeneous industrial domain. Consequentially, we ask whether industrial intrusion detection indeed has to be complex or can be SIMPLE instead, i.e., Sufficient to detect most attacks, Independent of hyperparameters to dial-in, Meaningful in model and alerts, Portable to other industrial domains, Local to a part of the physical process, and computationally Efficient. To answer this question, we propose our design of four SIMPLE industrial intrusion detection systems, such as simple tests for the minima and maxima of process values or the rate at which process values change. Our evaluation of these SIMPLE approaches on four state-of-the-art industrial security datasets reveals that SIMPLE approaches can perform on par with existing complex approaches from related work while simultaneously being comprehensible and easily portable to other scenarios. Thus, it is indeed justified to raise the question of whether industrial intrusion detection needs to be inherently complex.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-simple.pdf
Atluri, Vijayalakshmi and Di Pietro, Roberto and Jensen, Christian D. and Meng, Weizhi
Springer Nature Switzerland
Proceedings of the 27th European Symposium on Research in Computer Security (ESORICS '22), September 26-30, 2022, Copenhagen, Denmark
Copenhagen, Denmark
27th European Symposium on Research in Computer Security (ESORICS)
September 26-30, 2022
10.1007/978-3-031-17143-7_28
1
KonradWolsing
LeaThiemt
Christianvan Sloun
EricWagner
KlausWehrle
MartinHenze
proceedings
2022-serror-cset
PowerDuck: A GOOSE Data Set of Cyberattacks in Substations
2022
8
8
5
data sets, network traffic, smart grid security, IDS
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-serror-cset-powerduck.pdf
ACM
New York, NY, USA
online
Virtual
Cyber Security Experimentation and Test Workshop (CSET 2022)
August 8, 2022
978-1-4503-9684-4/22/08
10.1145/3546096.3546102
1
SvenZemanek
ImmanuelHacker
KonradWolsing
EricWagner
MartinHenze
MartinSerror
inproceedings
2022_dahlmanns_tlsiiot
Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things
2022
5
31
252-266
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space.
Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.
industrial communication; network security; security configuration
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf
ACM
Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan
Nagasaki, Japan
ASIACCS '22
May 30-June 3, 2022
978-1-4503-9140-5/22/05
10.1145/3488932.3497762
1
MarkusDahlmanns
JohannesLohmöller
JanPennekamp
JörnBodenhausen
KlausWehrle
MartinHenze
inproceedings
2022_kus_iids_generalizability
A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection
2022
5
30
73-84
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.
anomaly detection; machine learning; industrial control system
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf
ACM
Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan
978-1-4503-9176-4/22/05
10.1145/3494107.3522773
1
DominikKus
EricWagner
JanPennekamp
KonradWolsing
Ina BereniceFink
MarkusDahlmanns
KlausWehrle
MartinHenze
inproceedings
WagnerSWH2022
BP-MAC: Fast Authentication for Short Messages
2022
5
18
201-206
/fileadmin/papers/2022/2022-wagner-bpmac.pdf
ACM
Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)
San Antonio, Texas, USA
15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)
978-1-4503-9216-7/22/05
10.1145/3507657.3528554
1
EricWagner
MartinSerror
KlausWehrle
MartinHenze
inproceedings
WagnerBH2022
Take a Bite of the Reality Sandwich: Revisiting the
Security of Progressive Message Authentication Codes
2022
5
18
207-221
/fileadmin/papers/2022/2022-wagner-r2d2.pdf
ACM
Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)
San Antonio, Texas, USA
15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22)
978-1-4503-9216-7/22/05
10.1145/3507657.3528539
1
EricWagner
JanBauer
MartinHenze
inproceedings
2022_wagner_ccchain
Scalable and Privacy-Focused Company-Centric Supply Chain Management
2022
5
4
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.
supply chain management; blockchain; permissionless; deployment; tracing and tracking; privacy
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wagner-ccchain.pdf
IEEE
Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China
Shanghai, China
May 2-5, 2022
978-1-6654-9538-7/22
10.1109/ICBC54727.2022.9805503
1
EricWagner
RomanMatzutt
JanPennekamp
LennartBader
IrakliBajelidze
KlausWehrle
MartinHenze
inproceedings
2021_pennekamp_laser
Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use
2021
12
21
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base.
Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations.
Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike.
Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area.
Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications.
Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf
ACSA
Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA
Austin, TX, USA
Learning from Authoritative Security Experiment Results (LASER '20)
December 8, 2020
978-1-891562-81-5
10.14722/laser-acsac.2020.23088
1
JanPennekamp
ErikBuchholz
MarkusDahlmanns
IkeKunze
StefanBraun
EricWagner
MatthiasBrockmann
KlausWehrle
MartinHenze
article
2021_matzutt_coinprune_v2
CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively
IEEE Transactions on Network and Service Management
2021
9
10
18
3
3064-3078
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.
blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin
mynedata; impact_digital; digital_campus
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf
English
1932-4537
10.1109/TNSM.2021.3073270
1
RomanMatzutt
BenediktKalde
JanPennekamp
ArthurDrichel
MartinHenze
KlausWehrle
article
2021_pennekamp_ercim
Unlocking Secure Industrial Collaborations through Privacy-Preserving Computation
ERCIM News
2021
7
9
126
24-25
In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-ercim-news.pdf
https://ercim-news.ercim.eu/en126/special/unlocking-secure-industrial-collaborations-through-privacy-preserving-computation
ERCIM EEIG
0926-4981
JanPennekamp
MartinHenze
KlausWehrle
inproceedings
2021_dahlmanns_entrust
Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems
2021
4
28
78–87
The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems.
cyber-physical system security; publish-subscribe security; end-to-end security
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf
ACM
Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA
Virtual Event, USA
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
April 28, 2021
978-1-4503-8319-6/21/04
10.1145/3445969.3450423
1
MarkusDahlmanns
JanPennekamp
Ina BereniceFink
BerndSchoolmann
KlausWehrle
MartinHenze
inproceedings
2020_pennekamp_benchmarking
Revisiting the Privacy Needs of Real-World Applicable Company Benchmarking
2020
12
15
31-44
Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of companies using secure multi-party computation or homomorphic encryption. However, related work so far does not consider that also the benchmarking algorithm, used in today's applied real-world scenarios to compute all relevant statistics, itself contains significant intellectual property, and thus needs to be protected. Addressing this issue, we present PCB — a practical design for Privacy-preserving Company Benchmarking that utilizes homomorphic encryption and a privacy proxy — which is specifically tailored for realistic real-world applications in which we protect companies' sensitive input data and the valuable algorithms used to compute underlying key performance indicators. We evaluate PCB's performance using synthetic measurements and showcase its applicability alongside an actual company benchmarking performed in the domain of injection molding, covering 48 distinct key performance indicators calculated out of hundreds of different input values. By protecting the privacy of all participants, we enable them to fully profit from the benefits of company benchmarking.
practical encrypted computing; homomorphic encryption; algorithm confidentiality; benchmarking; key performance indicators; industrial application; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-company-benchmarking.pdf
https://eprint.iacr.org/2020/1512
HomomorphicEncryption.org
Proceedings of the 8th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC '20), December 15, 2020, Virtual Event
Virtual Event
December 15, 2020
978-3-00-067798-4
10.25835/0072999
1
JanPennekamp
PatrickSapel
Ina BereniceFink
SimonWagner
SebastianReuter
ChristianHopmann
KlausWehrle
MartinHenze
inproceedings
2020-wolsing-facilitating
Poster: Facilitating Protocol-independent Industrial Intrusion Detection Systems
2020
11
9
Cyber-physical systems are increasingly threatened by sophisticated attackers, also attacking the physical aspect of systems. Supplementing protective measures, industrial intrusion detection systems promise to detect such attacks. However, due to industrial protocol diversity and lack of standard interfaces, great efforts are required to adapt these technologies to a large number of different protocols. To address this issue, we identify existing universally applicable intrusion detection approaches and propose a transcription for industrial protocols to realize protocol-independent semantic intrusion detection on top of different industrial protocols.
Intrusion Detection; IDS; Industrial Protocols; CPS; IEC-60870-5-104; Modbus; NMEA 0183
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-wolsing-facilitating.pdf
ACM
New York, NY, USA
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.
Virtual Event, USA
November 9-13, 2020
10.1145/3372297.3420019
1
KonradWolsing
EricWagner
MartinHenze
inproceedings
2020-henze-ccs-cybersecurity
Poster: Cybersecurity Research and Training for Power Distribution Grids -- A Blueprint
2020
11
9
Mitigating cybersecurity threats in power distribution grids requires a testbed for cybersecurity, e.g., to evaluate the (physical) impact of cyberattacks, generate datasets, test and validate security approaches, as well as train technical personnel. In this paper, we present a blueprint for such a testbed that relies on network emulation and power flow computation to couple real network applications with a simulated power grid. We discuss the benefits of our approach alongside preliminary results and various use cases for cybersecurity research and training for power distribution grids.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-henze-ccs-cybersecurity.pdf
ACM
New York, NY, USA
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.
Virtual Event, USA
November 9-13, 2020
10.1145/3372297.3420016
1
MartinHenze
LennartBader
JulianFilter
OlavLamberts
SimonOfner
Dennisvan der Velde
inproceedings
2020-dahlmanns-imc-opcua
Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments
2020
10
27
101-110
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.
industrial communication; network security; security configuration
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf
ACM
Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA
Pittsburgh, PA, USA
ACM Internet Measurement Conference 2020
October 27-29, 2020
978-1-4503-8138-3/20/10
10.1145/3419394.3423666
1
MarkusDahlmanns
JohannesLohmöller
Ina BereniceFink
JanPennekamp
KlausWehrle
MartinHenze
article
serror-iiotsec-tii-2020
Challenges and Opportunities in Securing the Industrial Internet of Things
IEEE Transactions on Industrial Informatics
2020
9
11
17
5
2985-2996
nerd-nrw
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-serror-tii-iiotsec.pdf
https://ieeexplore.ieee.org/document/9195014
online
1941-0050
10.1109/TII.2020.3023507
1
MartinSerror
SachaHack
MartinHenze
MarkoSchuba
KlausWehrle
inproceedings
2020_matzutt_coinprune
How to Securely Prune Bitcoin’s Blockchain
2020
6
24
298-306
Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices.
blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin
mynedata; impact_digital; digital_campus
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coinprune.pdf
https://coinprune.comsys.rwth-aachen.de
IEEE
Proceedings of the 19th IFIP Networking 2020 Conference (NETWORKING '20), June 22-26, 2020, Paris, France
Paris, France
NETWORKING 2020
June 22-26, 2020
978-3-903176-28-7
1
RomanMatzutt
BenediktKalde
JanPennekamp
ArthurDrichel
MartinHenze
KlausWehrle
inproceedings
2020_pennekamp_supply_chain_accountability
Private Multi-Hop Accountability for Supply Chains
2020
6
7
Today's supply chains are becoming increasingly flexible in nature. While adaptability is vastly increased, these more dynamic associations necessitate more extensive data sharing among different stakeholders while simultaneously overturning previously established levels of trust. Hence, manufacturers' demand to track goods and to investigate root causes of issues across their supply chains becomes more challenging to satisfy within these now untrusted environments. Complementarily, suppliers need to keep any data irrelevant to such routine checks secret to remain competitive. To bridge the needs of contractors and suppliers in increasingly flexible supply chains, we thus propose to establish a privacy-preserving and distributed multi-hop accountability log among the involved stakeholders based on Attribute-based Encryption and backed by a blockchain. Our large-scale feasibility study is motivated by a real-world manufacturing process, i.e., a fine blanking line, and reveals only modest costs for multi-hop tracing and tracking of goods.
supply chain; multi-hop tracking and tracing; blockchain; attribute-based encryption; Internet of Production
internet-of-production
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-supply-chain-privacy.pdf
IEEE
Proceedings of the 2020 IEEE International Conference on Communications Workshops (ICC Workshops '20), 1st Workshop on Blockchain for IoT and Cyber-Physical Systems (BIoTCPS '20), June 7-11, 2020, Dublin, Ireland
Dublin, Ireland
June 7-11, 2020
978-1-7281-7440-2
2474-9133
10.1109/ICCWorkshops49005.2020.9145100
1
JanPennekamp
LennartBader
RomanMatzutt
PhilippNiemietz
DanielTrauth
MartinHenze
ThomasBergs
KlausWehrle
inproceedings
2020_roepert_opcua
Assessing the Security of OPC UA Deployments
2020
4
2
To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf
en
University of Tübingen
Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany
Tübingen, Germany
April 2-3, 2020
10.15496/publikation-41813
1
LinusRoepert
MarkusDahlmanns
Ina BereniceFink
JanPennekamp
MartinHenze
inproceedings
2019_pennekamp_dataflows
Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective
2019
11
11
27-38
The Internet of Production (IoP) envisions the interconnection of previously isolated CPS in the area of manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality as well as reduced product development costs and time to market. This interconnection of CPS will lead to a plethora of new dataflows, especially between (partially) distrusting entities. In this paper, we identify and illustrate these envisioned inter-organizational dataflows and the participating entities alongside two real-world use cases from the production domain: a fine blanking line and a connected job shop. Our analysis allows us to identify distinct security and privacy demands and challenges for these new dataflows. As a foundation to address the resulting requirements, we provide a survey of promising technical building blocks to secure inter-organizational dataflows in an IoP and propose next steps for future research. Consequently, we move an important step forward to overcome security and privacy concerns as an obstacle for realizing the promised potentials in an Internet of Production.
Internet of Production; dataflows; Information Security
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-dataflows.pdf
ACM
Proceedings of the 5th ACM Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '19), co-located with the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom
London, United Kingdom
November 11-15, 2019
978-1-4503-6831-5/19/11
10.1145/3338499.3357357
1
JanPennekamp
MartinHenze
SimoSchmidt
PhilippNiemietz
MarcelFey
DanielTrauth
ThomasBergs
ChristianBrecher
KlausWehrle
inproceedings
2019-hiller-lcn-sessionsharing
The Case for Session Sharing: Relieving Clients from TLS Handshake Overheads
2019
10
14
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-lcn-case_for_tls_session_sharing.pdf
IEEE
IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), Osnabrück, Germany
Osnabrück, Germany
44th IEEE Conference on Local Computer Networks (LCN)
October 14-17, 2019
en
978-1-7281-2561-9
10.1109/LCNSymposium47956.2019.9000667
1
JensHiller
MartinHenze
TorstenZimmermann
OliverHohlfeld
KlausWehrle
inproceedings
2019-hiller-icnp-tailoringOR
Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments
2019
10
10
An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888033
1
JensHiller
JanPennekamp
MarkusDahlmanns
MartinHenze
AndriyPanchenko
KlausWehrle
inproceedings
2019_pennekamp_multipath
Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing
2019
10
7
Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.
Poster Session
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888029
1
JanPennekamp
JensHiller
SebastianReuter
WladimirDe la Cadena
AsyaMitseva
MartinHenze
ThomasEngel
KlausWehrle
AndriyPanchenko
inproceedings
2019_pennekamp_doppelganger
Hi Doppelgänger: Towards Detecting Manipulation in News Comments
2019
5
13
197-205
Public opinion manipulation is a serious threat to society, potentially influencing elections and the political situation even in established democracies. The prevalence of online media and the opportunity for users to express opinions in comments magnifies the problem. Governments, organizations, and companies can exploit this situation for biasing opinions. Typically, they deploy a large number of pseudonyms to create an impression of a crowd that supports specific opinions. Side channel information (such as IP addresses or identities of browsers) often allows a reliable detection of pseudonyms managed by a single person. However, while spoofing and anonymizing data that links these accounts is simple, a linking without is very challenging. In this paper, we evaluate whether stylometric features allow a detection of such doppelgängers within comment sections on news articles. To this end, we adapt a state-of-the-art doppelgängers detector to work on small texts (such as comments) and apply it on three popular news sites in two languages. Our results reveal that detecting potential doppelgängers based on linguistics is a promising approach even when no reliable side channel information is available. Preliminary results following an application in the wild shows indications for doppelgängers in real world data sets.
online manipulation; doppelgänger detection; stylometry
comtex
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-doppelganger.pdf
ACM
Companion Proceedings of the 2019 World Wide Web Conference (WWW '19 Companion), 4th Workshop on Computational Methods in Online Misbehavior (CyberSafety '19), May 13–17, 2019, San Francisco, CA, USA
San Francisco, California, USA
May 13-17, 2019
978-1-4503-6675-5/19/05
10.1145/3308560.3316496
1
JanPennekamp
MartinHenze
OliverHohlfeld
AndriyPanchenko
inproceedings
2019_pennekamp_infrastructure
Towards an Infrastructure Enabling the Internet of Production
2019
5
8
31-37
New levels of cross-domain collaboration between manufacturing companies throughout the supply chain are anticipated to bring benefits to both suppliers and consumers of products. Enabling a fine-grained sharing and analysis of data among different stakeholders in an automated manner, such a vision of an Internet of Production (IoP) introduces demanding challenges to the communication, storage, and computation infrastructure in production environments. In this work, we present three example cases that would benefit from an IoP (a fine blanking line, a high pressure die casting process, and a connected job shop) and derive requirements that cannot be met by today’s infrastructure. In particular, we identify three orthogonal research objectives: (i) real-time control of tightly integrated production processes to offer seamless low-latency analysis and execution, (ii) storing and processing heterogeneous production data to support scalable data stream processing and storage, and (iii) secure privacy-aware collaboration in production to provide a basis for secure industrial collaboration. Based on a discussion of state-of-the-art approaches for these three objectives, we create a blueprint for an infrastructure acting as an enabler for an IoP.
Internet of Production; Cyber-Physical Systems; Data Processing; Low Latency; Secure Industrial Collaboration
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-iop-infrastructure.pdf
IEEE
Proceedings of the 2nd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '19), May 6-9, 2019, Taipei, TW
Taipei, TW
May 6-9, 2019
978-1-5386-8500-6/19
10.1109/ICPHYS.2019.8780276
1
JanPennekamp
RenéGlebke
MartinHenze
TobiasMeisen
ChristophQuix
RihanHai
LarsGleim
PhilippNiemietz
MaximilianRudack
SimonKnape
AlexanderEpple
DanielTrauth
UweVroomen
ThomasBergs
ChristianBrecher
AndreasBührig-Polaczek
MatthiasJarke
KlausWehrle
article
2019_henze_flexible_netzwerkstrukturen_iop
Flexible Netzwerkarchitekturen für das Internet of Production
ITG-news
2019
4
02/2019
7-8
internet-of-production,reflexes
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-henze-itg-iop-networkarchitectures.pdf
Informationstechnische Gesellschaft im VDE
Frankfurt am Main
MartinHenze
RenéGlebke
KlausWehrle
inproceedings
2019-glebke-hicss-integrated
A Case for Integrated Data Processing in Large-Scale Cyber-Physical Systems
2019
1
8
7252-7261
internet-of-production,reflexes
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-integrated.pdf
Online
University of Hawai'i at Manoa / AIS
Proceedings of the 52nd Hawaii International Conference on System Sciences (HICSS), Wailea, HI, USA
en
978-0-9981331-2-6
10.24251/HICSS.2019.871
1
RenéGlebke
MartinHenze
KlausWehrle
PhilippNiemietz
DanielTrauth
PatrickMattfeld
ThomasBergs
phdthesis
2018-henze-phd-thesis
Accounting for Privacy in the Cloud Computing Landscape
2018
12
31
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-henze-phd-thesis.pdf
Shaker Verlag
Aachen, Germany
Reports on Communications and Distributed Systems
17
RWTH Aachen University
Ph.D. Thesis
en
978-3-8440-6389-9
MartinHenze
inproceedings
2018-hiller-lcn-lowlatencyiiot
Secure Low Latency Communication for Constrained Industrial IoT Scenarios
2018
10
connect,iop,nerd-nrw
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-lcn-secure_low_latency_communication_iiot.pdf
IEEE
43rd IEEE Conference on Local Computer Networks (LCN), Chicago, USA
Chicago, USA
43nd IEEE Conference on Local Computer Networks (LCN)
October 1-4, 2018
en
978-1-5386-4413-3
10.1109/LCN.2018.8638027
1
JensHiller
MartinHenze
MartinSerror
EricWagner
Jan NiklasRichter
KlausWehrle
inproceedings
2018-serror-ares-iotsec
Towards In-Network Security for Smart Homes
2018
8
27
consent, iotrust
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-serror-iotsecfor-in-network-security.pdf
ACM
online
Proceedings of the 2nd International Workshop on Security and Forensics of IoT (IoT-SECFOR), co-located with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany
Hamburg, Germany
International Conference on Availability, Reliability and Security
August 27--30, 2018
978-1-4503-6448-5
10.1145/3230833.3232802
1
MartinSerror
MartinHenze
SachaHack
MarkoSchuba
KlausWehrle
inproceedings
2018-matzutt-bitcoin-content-countermeasures
Thwarting Unwanted Blockchain Content Insertion
2018
4
17
364-370
Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain.
Bitcoin,blockchain,security,objectionable content,countermeasure
mynedata,iop
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-matzutt-blockchain-contents-countermeasures.pdf
https://ieeexplore.ieee.org/document/8360355
IEEE
Proceedings of the First IEEE Workshop on Blockchain Technologies and Applications (BTA), co-located with the IEEE International Conference on Cloud Engineering 2018 (IC2E 2018)
Orlando, Florida, USA
First IEEE Workshop on Blockchain Technologies and Applications (BTA)
2018-04-17
English
978-1-5386-5008-0
10.1109/IC2E.2018.00070
1
RomanMatzutt
MartinHenze
Jan HenrikZiegeldorf
JensHiller
KlausWehrle
article
2016-fgcs-ziegeldorf-bitcoin
Secure and anonymous decentralized Bitcoin mixing
Future Generation Computer Systems
2018
3
80
448-466
Pseudonymity, anonymity, and untraceability
rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-ziegeldorf-fgcs-bitcoin.pdf
Online
Elsevier
en
0167-739X
10.1016/j.future.2016.05.018
1
Jan HenrikZiegeldorf
RomanMatzutt
MartinHenze
FredGrossmann
KlausWehrle
inproceedings
2018-matzutt-bitcoin-content
A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin
2018
2
26
Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin's blockchain. Although most data originates from benign extensions to Bitcoin's protocol, our analysis reveals more than 1600 files on the blockchain, over 99% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly.
mynedata
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018_matzutt_bitcoin-contents_preproceedings-version.pdf
2018-01-07
Online
Springer
Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curaçao
Nieuwpoort, Curaçao
Financial Cryptography and Data Security 2018
en
10.1007/978-3-662-58387-6_23
1
RomanMatzutt
JensHiller
MartinHenze
Jan HenrikZiegeldorf
DirkMüllmann
OliverHohlfeld
KlausWehrle
article
2017-pennekamp-pmc-survey
A Survey on the Evolution of Privacy Enforcement on Smartphones and the Road Ahead
Pervasive and Mobile Computing
2017
12
42
58-76
With the increasing proliferation of smartphones, enforcing privacy of smartphone users becomes evermore important. Nowadays, one of the major privacy challenges is the tremendous amount of permissions requested by applications, which can significantly invade users' privacy, often without their knowledge. In this paper, we provide a comprehensive review of approaches that can be used to report on applications' permission usage, tune permission access, contain sensitive information, and nudge users towards more privacy-conscious behavior. We discuss key shortcomings of privacy enforcement on smartphones so far and identify suitable actions for the future.
Smartphones; Permission Granting; Privacy; Nudging
trinics
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-pennekamp-pmc-survey.pdf
Online
Elsevier
en
1574-1192
10.1016/j.pmcj.2017.09.005
1
JanPennekamp
MartinHenze
KlausWehrle
incollection
2017-cps-henze-network
Network Security and Privacy for Cyber-Physical Systems
2017
11
13
25-56
sensorcloud,ipacs
Song, Houbing and Fink, Glenn A. and Jeschke, Sabina
Wiley-IEEE Press
First
2
Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications
en
978-1-119-22604-8
10.1002/9781119226079.ch2
1
MartinHenze
JensHiller
RenéHummen
RomanMatzutt
KlausWehrle
Jan HenrikZiegeldorf
inproceedings
2017-henze-mobiquitous-comparison
Privacy-preserving Comparison of Cloud Exposure Induced by Mobile Apps
2017
11
7
543-544
trinics
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-comparison.pdf
Online
ACM
Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous) - Poster Session, Melbourne, VIC, Australia
en
978-1-4503-5368-7
10.1145/3144457.3144511
1
MartinHenze
RitsumaInaba
Ina BereniceFink
Jan HenrikZiegeldorf
inproceedings
2017-henze-mobiquitous-cloudanalyzer
CloudAnalyzer: Uncovering the Cloud Usage of Mobile Apps
2017
11
7
262-271
Developers of smartphone apps increasingly rely on cloud services for ready-made functionalities, e.g., to track app usage, to store data, or to integrate social networks. At the same time, mobile apps have access to various private information, ranging from users' contact lists to their precise locations. As a result, app deployment models and data flows have become too complex and entangled for users to understand. We present CloudAnalyzer, a transparency technology that reveals the cloud usage of smartphone apps and hence provides users with the means to reclaim informational self-determination. We apply CloudAnalyzer to study the cloud exposure of 29 volunteers over the course of 19 days. In addition, we analyze the cloud usage of the 5000 most accessed mobile websites as well as 500 popular apps from five different countries. Our results reveal an excessive exposure to cloud services: 90 % of apps use cloud services and 36 % of apps used by volunteers solely communicate with cloud services. Given the information provided by CloudAnalyzer, users can critically review the cloud usage of their apps.
Privacy; Smartphones; Cloud Computing; Traffic Analysis
trinics
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-cloudanalyzer.pdf
Online
ACM
Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '17), November 7-10, 2017, Melbourne, VIC, Australia
Melbourne, VIC, Australia
November 7-10, 2017
en
978-1-4503-5368-7
10.1145/3144457.3144471
1
MartinHenze
JanPennekamp
DavidHellmanns
ErikMühmer
Jan HenrikZiegeldorf
ArthurDrichel
KlausWehrle
inproceedings
2017-panchenko-wpes-fingerprinting
Analysis of Fingerprinting Techniques for Tor Hidden Services
2017
10
30
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-panchenko-wpes-fingerprinting.pdf
Online
ACM
Proceedings of the 16th Workshop on Privacy in the Electronic Society (WPES), co-located with the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, TX, USA
en
978-1-4503-5175-1
10.1145/3139550.3139564
1
AndriyPanchenko
AsyaMitseva
MartinHenze
FabianLanze
KlausWehrle
ThomasEngel
inproceedings
2017-henze-trustcom-dcam
Distributed Configuration, Authorization and Management in the Cloud-based Internet of Things
2017
8
1
185-192
sscilops, ipacs
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-trustcom-dcam.pdf
Online
IEEE
Proceedings of the 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom), Sydney, NSW, Australia
en
978-1-5090-4905-9
2324-9013
10.1109/Trustcom/BigDataSE/ICESS.2017.236
1
MartinHenze
BenediktWolters
RomanMatzutt
TorstenZimmermann
KlausWehrle
article
2017-ziegeldorf-bmcmedgenomics-bloom
BLOOM: BLoom filter based Oblivious Outsourced Matchings
BMC Medical Genomics
2017
7
26
10
Suppl 2
29-42
Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.
Proceedings of the 5th iDASH Privacy and Security Workshop 2016
Secure outsourcing; Homomorphic encryption; Bloom filters
sscilops;mynedata;rfc;health
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf
Online
BioMed Central
Chicago, IL, USA
November 11, 2016
en
1755-8794
10.1186/s12920-017-0277-y
1
Jan HenrikZiegeldorf
JanPennekamp
DavidHellmanns
FelixSchwinger
IkeKunze
MartinHenze
JensHiller
RomanMatzutt
KlausWehrle
inproceedings
2017-henze-tma-cloudemail
Veiled in Clouds? Assessing the Prevalence of Cloud Computing in the Email Landscape
2017
6
21
trinics, ssiclops
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-tma-cloudemail.pdf
Online
IEEE / IFIP
Proceedings of the 2017 Network Traffic Measurement and Analysis Conference (TMA 2017), Dublin, Ireland
en
978-3-901882-95-1
10.23919/TMA.2017.8002910
1
MartinHenze
Mary PeytonSanford
OliverHohlfeld
inproceedings
2017-henze-ic2e-prada
Practical Data Compliance for Cloud Storage
2017
4
4
252-258
ssiclops, ipacs
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-ic2e-prada.pdf
Online
IEEE
Proceedings of the 2017 IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, BC, Canada
en
978-1-5090-5817-4
10.1109/IC2E.2017.32
1
MartinHenze
RomanMatzutt
JensHiller
ErikMühmer
Jan HenrikZiegeldorf
Johannesvan der Giet
KlausWehrle
inproceedings
2017-ziegeldorf-codaspy-priward
Privacy-Preserving HMM Forward Computation
2017
3
22
83-94
mynedata
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-codaspy-priward.pdf
Online
ACM
Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY 2017), Scottsdale, AZ, USA
en
978-1-4503-4523-1
10.1145/3029806.3029816
1
Jan HenrikZiegeldorf
JanMetzke
JanRüth
MartinHenze
KlausWehrle
inproceedings
2017-ziegeldorf-wons-tracemixer
TraceMixer: Privacy-Preserving Crowd-Sensing sans Trusted Third Party
2017
2
21
17-24
mynedata
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-wons-tracemixer.pdf
Online
IEEE
Proceedings of the 2017 13th Annual Conference on Wireless On-demand Network Systems and Services (WONS), Jackson Hole, WY, USA
en
978-3-901882-88-3
10.1109/WONS.2017.7888771
1
Jan HenrikZiegeldorf
MartinHenze
JensBavendiek
KlausWehrle
inproceedings
2016-henze-cloudcom-trinics
Towards Transparent Information on Individual Cloud Service Usage
2016
12
12
366-370
trinics
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-cloudcom-trinics.pdf
Online
IEEE
Proceedings of the 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Luxembourg, Luxembourg
en
978-1-5090-1445-3
10.1109/CloudCom.2016.0064
1
MartinHenze
DanielKerpen
JensHiller
MichaelEggert
DavidHellmanns
ErikMühmer
OussamaRenuli
HenningMaier
ChristianStüble
RogerHäußling
KlausWehrle
inproceedings
2016-henze-wpes-cppl
CPPL: Compact Privacy Policy Language
2016
10
24
99-110
ssiclops
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-wpes-cppl.pdf
Online
ACM
Proceedings of the 15th Workshop on Privacy in the Electronic Society (WPES), co-located with the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria
en
978-1-4503-4569-9
10.1145/2994620.2994627
1
MartinHenze
JensHiller
SaschaSchmerling
Jan HenrikZiegeldorf
KlausWehrle
inproceedings
2016-mitseva-ccs-fingerprinting
POSTER: Fingerprinting Tor Hidden Services
2016
10
24
1766-1768
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-mitseva-ccs-fingerprinting.pdf
Online
ACM
Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria
en
978-1-4503-4139-4
10.1145/2976749.2989054
1
AsyaMitseva
AndriyPanchenko
FabianLanze
MartinHenze
KlausWehrle
ThomasEngel
inproceedings
2016-matzutt-ccs-bitcoin
POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store
2016
10
24
1769-1771
mynedata
/fileadmin/papers/2016/2016-matzutt-ccs-blockchaincontent.pdf
Online
ACM
Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria
en
978-1-4503-4139-4
10.1145/2976749.2989059
1
RomanMatzutt
OliverHohlfeld
MartinHenze
RobinRawiel
Jan HenrikZiegeldorf
KlausWehrle
techreport
2016-henze-aib-sensorcloud
The SensorCloud Protocol: Securely Outsourcing Sensor Data to the Cloud
2016
7
11
AIB-2016-06
arXiv:1607.03239 [cs.NI]
1--24
sensorcloud
fileadmin/papers/2016/2016-henze-aib-sensorcloud.pdf
Online
Department of Computer Science, RWTH Aachen University
Ahornstr. 55, 52074 Aachen, Germany
Department of Computer Science, RWTH Aachen University
Technical Report
en
0935-3232
MartinHenze
RenéHummen
RomanMatzutt
KlausWehrle
inproceedings
2016-henze-claw-dpc
Moving Privacy-Sensitive Services from Public Clouds to Decentralized Private Clouds
2016
4
8
130-135
ssiclops
/fileadmin/papers/2016/2016-henze-claw-dpc.pdf
Online
IEEE
Proceedings of the Second International Workshop on
Legal and Technical Issues in Cloud Computing and Cloud-Supported Internet of Things (CLaw 2016), co-located with the 2016 IEEE International Conference on Cloud Engineering (IC2E 2016), Berlin, Germany
en
978-1-5090-3684-4
10.1109/IC2EW.2016.24
1
MartinHenze
JensHiller
OliverHohlfeld
KlausWehrle
article
2016-fgcs-henze-iotprivacy
A Comprehensive Approach to Privacy in the Cloud-based Internet of Things
Future Generation Computer Systems
2016
3
56
701-718
ipacs
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-fgcs-iotprivacy.pdf
Online
Elsevier
en
0167-739X
10.1016/j.future.2015.09.016
1
MartinHenze
LarsHermerschmidt
DanielKerpen
RogerHäußling
BernhardRumpe
KlausWehrle
inproceedings
2016-panchenko-ndss-fingerprinting
Website Fingerprinting at Internet Scale
2016
2
21
The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a client) of encrypted and anonymized connections by observing patterns of data flows such as packet size and direction. This attack can be performed by a local passive eavesdropper – one of the weakest adversaries in the attacker model of anonymization networks such as Tor. In this paper, we present a novel website fingerprinting attack. Based on a simple and comprehensible idea, our approach outperforms all state-of-the-art methods in terms of classification accuracy while being computationally dramatically more efficient. In order to evaluate the severity of the website fingerprinting attack in reality, we collected the most representative dataset that has ever been built, where we avoid simplified assumptions made in the related work regarding selection and type of webpages and the size of the universe. Using this data, we explore the practical limits of website fingerprinting at Internet scale. Although our novel approach is by orders of magnitude computationally more efficient and superior in terms of detection accuracy, for the first time we show that no existing method – including our own – scales when applied in realistic settings. With our analysis, we explore neglected aspects of the attack and investigate the realistic probability of success for different strategies a real-world adversary may follow.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-panchenko-ndss-fingerprinting.pdf
https://www.informatik.tu-cottbus.de/~andriy/zwiebelfreunde/
Internet Society
Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS '16), February 21-24, 2016, San Diego, CA, USA
San Diego, CA, USA
February 21-24, 2016
978-1-891562-41-9
10.14722/ndss.2016.23477
1
AndriyPanchenko
FabianLanze
AndreasZinnen
MartinHenze
JanPennekamp
KlausWehrle
ThomasEngel
inproceedings
2015-ziegeldorf-cans-boma
Bandwidth-optimized Secure Two-Party Computation of Minima
2015
12
8
9476
197-213
/fileadmin/papers/2015/2015-ziegeldorf-cans-boma.pdf
Online
Springer
Lecture Notes in Computer Science
14th International Conference on Cryptology and Network Security (CANS 2015), Marrakesh, Morocco
en
978-3-319-26822-4
10.1007/978-3-319-26823-1_14
1
Jan HenrikZiegeldorf
JensHiller
MartinHenze
HannoWirtz
KlausWehrle
inproceedings
2015-ziegeldorf-dpm-comparison
Comparison-based Privacy: Nudging Privacy in Social Media (Position Paper)
2015
9
22
9481
226-234
fileadmin/papers/2015/2015-ziegeldorf-dpm-cbp.pdf
Online
Springer
Lecture Notes in Computer Science
The 10th DPM International Workshop on Data Privacy Management, Vienna, Austria
en
978-3-319-29882-5
10.1007/978-3-319-29883-2_15
1
Jan HenrikZiegeldorf
MartinHenze
RenéHummen
KlausWehrle
inproceedings
2015-ziegeldorf-iwpe-comparison
Choose Wisely: A Comparison of Secure Two-Party Computation Frameworks
2015
5
21
198-205
https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-ziegeldorf-iwpe-choose.pdf
Online
IEEE
2015 International Workshop on Privacy Engineering (IWPE'15), part of 2015 IEEE Security and Privacy Workshops (SPW 2015), San Jose, CA, USA
en
10.1109/SPW.2015.9
1
Jan HenrikZiegeldorf
JanMetzke
MartinHenze
KlausWehrle
inproceedings
2014-ziegeldorf-codaspy-coinparty
CoinParty: Secure Multi-Party Mixing of Bitcoins
2015
3
2
rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-ziegeldorf-codaspy-coinparty.pdf
Online
ACM
The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY 2015), San Antonio, TX, USA
San Antonio, TX, USA
The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY 2015)
en
978-1-4503-3191-3
10.1145/2699026.2699100
1
Jan HenrikZiegeldorf
FredGrossmann
MartinHenze
NicolasInden
KlausWehrle
incollection
2014-tcc-henze-trustpoint
A Trust Point-based Security Architecture for Sensor Data in the Cloud
2014
12
14
77-106
sensorcloud
Online
Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard
Springer
Trusted Cloud Computing
978-3-319-12717-0
10.1007/978-3-319-12718-7_6
1
MartinHenze
RenéHummen
RomanMatzutt
KlausWehrle
incollection
2013-wtc-eggert-sensorcloud
SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators
2014
12
14
203-218
sensorcloud
fileadmin/papers/2013/2013-wtc-eggert-sensorcloud.pdf
Online
Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard
Springer
Trusted Cloud Computing
en
978-3-319-12717-0
10.1007/978-3-319-12718-7_13
1
MichaelEggert
RogerHäußling
MartinHenze
LarsHermerschmidt
RenéHummen
DanielKerpen
AntonioNavarro Pérez
BernhardRumpe
DirkThißen
KlausWehrle
inproceedings
2014-aasnet-henze-scslib
SCSlib: Transparently Accessing Protected Sensor Data in the Cloud
2014
9
24
37
370-375
sensorcloud
/fileadmin/papers/2014/2014-henze-aasnet-scslib.pdf
Online
Elsevier
Procedia Computer Science
The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14), Halifax, NS, Canada
Halifax, NS, Canada
The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14)
en
10.1016/j.procs.2014.08.055
1
MartinHenze
SebastianBereda
RenéHummen
KlausWehrle
inproceedings
2014-ficloud-henze-upecsi
User-driven Privacy Enforcement for Cloud-based Services in the Internet of Things
2014
8
27
191-196
ipacs
/fileadmin/papers/2014/2014-ficloud-henze-upecsi.pdf
Online
IEEE
2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014), Barcelona, Spain
Barcelona, Spain
2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014)
en
978-1-4799-4357-9
10.1109/FiCloud.2014.38
1
MartinHenze
LarsHermerschmidt
DanielKerpen
RogerHäußling
BernhardRumpe
KlausWehrle
poster
2014-wisec-ziegeldorf-ipin
POSTER: Privacy-preserving Indoor Localization
2014
7
23
rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-ziegeldorf-poster-wisec.pdf
7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '14) (Poster)
en
10.13140/2.1.2847.4886
1
Jan HenrikZiegeldorf
NicolaiViol
MartinHenze
KlausWehrle
inproceedings
2014-schmidt-piccett
Piccett: Protocol-Independent Classification of Corrupted Error-Tolerant Traffic
2014
6
24
refector
https://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-schmidt-iscc-piccett.pdf
IEEE
Proceedings of the 18th IEEE Symposium on Computers and Communications (ISCC), Madeira, Portugal
en
10.1109/ISCC.2014.6912582
1
FlorianSchmidt
MartinHenze
KlausWehrle
inproceedings
2014-comsnets-aktas-graph-based-redundancy-removal
Graph-based Redundancy Removal Approach for Multiple Cross-Layer Interactions
2014
1
7
1-8
crawler
http://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-aktas-comsnets-redundancy.pdf
Online
IEEE
Proceedings of the 2014 Sixth International Conference on Communication Systems and Networks (COMSNETS), Bangalore, India
Bangalore, India
2014 Sixth International Conference on Communication Systems and Networks (COMSNETS)
7-10 January, 2014
en
978-1-4799-3635-9
10.1109/COMSNETS.2014.6734899
1
IsmetAktas
MartinHenze
Muhammad HamadAlizai
KevinMöllering
KlausWehrle
inproceedings
2013-cloudcom-henze-cloud-data-handling
Towards Data Handling Requirements-aware Cloud Computing (Poster Abstract)
2013
12
2
266-269
ipacs
fileadmin/papers/2013/2013-cloudcom-henze-cloud-data-handling.pdf
Online
IEEE
Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Bristol, UK
Bristol, UK
2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)
en
978-0-7695-5095-4
10.1109/CloudCom.2013.145
1
MartinHenze
MarcelGroßfengels
MaikKoprowski
KlausWehrle
article
2013-ijghpc-henze-sensorcloud
Maintaining User Control While Storing and Processing Sensor Data in the Cloud
International Journal of Grid and High Performance Computing (IJGHPC)
2013
12
5
4
97-112
sensorcloud
fileadmin/papers/2013/2013-ijghpc-henze-sensorcloud.pdf
Online
IGI Global
en
1938-0259
10.4018/ijghpc.2013100107
1
MartinHenze
RenéHummen
RomanMatzutt
DanielCatrein
KlausWehrle
inproceedings
2013-hummen-slimfit
Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things
2013
10
7
259-266
iotsec
https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf
Online
IEEE
Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on
Lyon, France
IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013)
en
978-1-4577-2014-7
2160-4886
10.1109/WiMOB.2013.6673370
1
RenéHummen
JensHiller
MartinHenze
KlausWehrle
inproceedings
2013-duma-henze-cloud-annotations
The Cloud Needs Cross-Layer Data Handling Annotations (Position Paper)
2013
5
23
18-22
sensorcloud
fileadmin/papers/2013/2013-duma-henze-cloudannotations.pdf
Online
IEEE
Proceedings of the 4th International Workshop on Data Usage Management (DUMA 2013), part of 2013 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA
en
978-1-4799-0458-7
10.1109/SPW.2013.31
1
MartinHenze
RenéHummen
KlausWehrle
inproceedings
2013-hummen-6lowpan
6LoWPAN Fragmentation Attacks and Mitigation Mechanisms
2013
4
17
iotsec; sensorcloud
fileadmin/papers/2013/2013-hummen-6lowpan.pdf
ACM
Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)
Budapest, Hungary
6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)
en
978-1-4503-1998-0
10.1145/2462096.2462107
1
RenéHummen
JensHiller
HannoWirtz
MartinHenze
HosseinShafagh
KlausWehrle
techreport
2013-draft-hummen-hip-middle-puzzle-01
HIP Middlebox Puzzle Offloading and End-host Notification
2013
1
9
draft-hummen-hip-middle-puzzle-01
The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity.
Work in progress
iotsec; ietf
http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01
Online
Internet Engineering Task Force
Internet-Draft
en
RenéHummen
MartinHenze
JensHiller
inproceedings
2012-hummen-cloud
A Cloud Design for User-controlled Storage and Processing of Sensor Data
2012
12
3
232-240
sensorcloud
fileadmin/papers/2012/2012-hummen-cloud.pdf
IEEE
Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), Taipei, Taiwan
Taipei, Taiwan
Fourth IEEE International Conference on Cloud Computing Technology and Science
en
978-1-4673-4511-8
10.1109/CloudCom.2012.6427523
1
RenéHummen
MartinHenze
DanielCatrein
KlausWehrle
techreport
2012-draft-hummen-hip-middle-puzzle
HIP Middlebox Puzzle Offloading and End-host Notification
2012
7
9
draft-hummen-hip-middle-puzzle-00
The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks targeting its computation and memory overhead. This document specifies an extension that enables middleboxes to assist in the choice of the puzzle difficulty as well as in solving the puzzle on behalf of the host.
Work in progress
iotsec; ietf
http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-00
Internet Engineering Task Force
Internet-Draft
RenéHummen
MartinHenze