% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-05-07 % Creation time: 16-25-03 % --- Number of references % 44 % @Incollection { 2017-cps-henze-network, title = {Network Security and Privacy for Cyber-Physical Systems}, year = {2017}, month = {11}, day = {13}, pages = {25-56}, tags = {sensorcloud,ipacs}, editor = {Song, Houbing and Fink, Glenn A. and Jeschke, Sabina}, publisher = {Wiley-IEEE Press}, edition = {First}, chapter = {2}, booktitle = {Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications}, language = {en}, ISBN = {978-1-119-22604-8}, DOI = {10.1002/9781119226079.ch2}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus and Ziegeldorf, Jan Henrik} } @Techreport { 2016-henze-aib-sensorcloud, title = {The SensorCloud Protocol: Securely Outsourcing Sensor Data to the Cloud}, year = {2016}, month = {7}, day = {11}, number = {AIB-2016-06}, number2 = {arXiv:1607.03239 [cs.NI]}, pages = {1--24}, tags = {sensorcloud}, url = {fileadmin/papers/2016/2016-henze-aib-sensorcloud.pdf}, misc2 = {Online}, publisher = {Department of Computer Science, RWTH Aachen University}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {Department of Computer Science, RWTH Aachen University}, type = {Technical Report}, language = {en}, ISSN = {0935-3232}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2015-ziegeldorf-dpm-comparison, title = {Comparison-based Privacy: Nudging Privacy in Social Media (Position Paper)}, year = {2015}, month = {9}, day = {22}, volume = {9481}, pages = {226-234}, url = {fileadmin/papers/2015/2015-ziegeldorf-dpm-cbp.pdf}, misc2 = {Online}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, booktitle = {The 10th DPM International Workshop on Data Privacy Management, Vienna, Austria}, language = {en}, ISBN = {978-3-319-29882-5}, DOI = {10.1007/978-3-319-29883-2_15}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Henze, Martin and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2015-gerdes-authorization, title = {Autorisierungsmanagement f{\"u}r das Internet of Things}, year = {2015}, month = {9}, tags = {iotsec}, misc2 = {Online}, booktitle = {D•A•CH Security 2015}, event_place = {Sankt Augustin, Germany}, event_name = {D•A•CH Security 2015}, event_date = {08.09. - 09.09.2015}, state = {accepted}, language = {de}, reviewed = {1}, author = {Gerdes, Stefanie and Hummen, Ren{\'e} and Bergmann, Olaf} } @Techreport { 2015-draft-moskowitz-hip-dex-04, title = {HIP Diet EXchange (DEX)}, year = {2015}, month = {7}, day = {20}, number = {draft-moskowitz-hip-dex-04}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Phdthesis { 2015-hummen-resource-conscious, title = {Resource-Conscious Network Security for the IP-Based Internet of Things}, year = {2015}, month = {6}, day = {30}, tags = {iot}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-hummen-phd-thesis.pdf}, publisher = {Shaker Verlag}, address = {Aachen, Germany}, series = {Reports on Communications and Distributed Systems}, edition = {11}, school = {RWTH Aachen University}, institute = {Chair of Communication and Distributed Systems}, type = {Ph.D. Thesis}, ISBN = {978-3-8440-3755-5}, author = {Hummen, Ren{\'e}} } @Techreport { 2015-draft-moskowitz-hip-dex-03, title = {HIP Diet EXchange (DEX)}, year = {2015}, month = {6}, day = {19}, number = {draft-moskowitz-hip-dex-03}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-03}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Phdthesis { 2015-hummen-phdthesis, title = {Resource-Conscious Network Security for the IP-Based Internet of Things}, year = {2015}, school = {RWTH Aachen University}, author = {Hummen, Ren{\'e}} } @Techreport { 2014-draft-moskowitz-hip-dex-02, title = {HIP Diet EXchange (DEX)}, year = {2014}, month = {12}, day = {19}, number = {draft-moskowitz-hip-dex-02}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-02}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Incollection { 2014-tcc-henze-trustpoint, title = {A Trust Point-based Security Architecture for Sensor Data in the Cloud}, year = {2014}, month = {12}, day = {14}, pages = {77-106}, tags = {sensorcloud}, misc2 = {Online}, editor = {Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard}, publisher = {Springer}, booktitle = {Trusted Cloud Computing}, ISBN = {978-3-319-12717-0}, DOI = {10.1007/978-3-319-12718-7_6}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus} } @Incollection { 2013-wtc-eggert-sensorcloud, title = {SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators}, year = {2014}, month = {12}, day = {14}, pages = {203-218}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-wtc-eggert-sensorcloud.pdf}, misc2 = {Online}, editor = {Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard}, publisher = {Springer}, booktitle = {Trusted Cloud Computing}, language = {en}, ISBN = {978-3-319-12717-0}, DOI = {10.1007/978-3-319-12718-7_13}, reviewed = {1}, author = {Eggert, Michael and H{\"a}u{\ss}ling, Roger and Henze, Martin and Hermerschmidt, Lars and Hummen, Ren{\'e} and Kerpen, Daniel and Navarro P{\'e}rez, Antonio and Rumpe, Bernhard and Thi{\ss}en, Dirk and Wehrle, Klaus} } @Inproceedings { 2014-aasnet-henze-scslib, title = {SCSlib: Transparently Accessing Protected Sensor Data in the Cloud}, year = {2014}, month = {9}, day = {24}, volume = {37}, pages = {370-375}, tags = {sensorcloud}, url = {/fileadmin/papers/2014/2014-henze-aasnet-scslib.pdf}, misc2 = {Online}, publisher = {Elsevier}, series = {Procedia Computer Science}, booktitle = {The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14), Halifax, NS, Canada}, event_place = {Halifax, NS, Canada}, event_name = {The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14)}, language = {en}, DOI = {10.1016/j.procs.2014.08.055}, reviewed = {1}, author = {Henze, Martin and Bereda, Sebastian and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2014-hummen-delegation, title = {Delegation-based Authentication and Authorization for the IP-based Internet of Things}, year = {2014}, month = {6}, day = {30}, pages = {284-292}, tags = {iotsec; sensorcloud}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-hummen-secon-delegation.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {11th IEEE International Conference on Sensing, Communication, and Networking (SECON 2014)}, event_place = {Singapore}, event_name = {11th IEEE International Conference on Sensor, Communication, and Networking (SECON 2014)}, event_date = {30.06. - 03.07.2014}, language = {en}, DOI = {10.1109/SAHCN.2014.6990364}, reviewed = {1}, author = {Hummen, Ren{\'e} and Shafagh, Hossein and Raza, Shahid and Voigt, Thiemo and Wehrle, Klaus} } @Techreport { 2014-draft-moskowitz-hip-dex-01, title = {HIP Diet EXchange (DEX)}, year = {2014}, month = {3}, day = {4}, number = {draft-moskowitz-hip-dex-01}, abstract = {This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the HIP Base EXchange (HIP BEX) [rfc5201-bis]. The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIP BEX. The HIP DEX protocol is primarily targeted at computation or memory-constrained sensor devices. Like HIP BEX, it is expected to be used together with another suitable security protocol such as the Encapsulated Security Payload (ESP) [rfc5202-bis] for the protection of upper layer protocols. HIP DEX can also be used as a keying mechanism for a MAC layer security protocol as is supported by IEEE 802.15.4 [IEEE.802-15-4.2011].}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-moskowitz-hip-dex-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Moskowitz, Robert and Hummen, Ren{\'e}} } @Article { 2013-ijghpc-henze-sensorcloud, title = {Maintaining User Control While Storing and Processing Sensor Data in the Cloud}, journal = {International Journal of Grid and High Performance Computing (IJGHPC)}, year = {2013}, month = {12}, volume = {5}, number = {4}, pages = {97-112}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-ijghpc-henze-sensorcloud.pdf}, misc2 = {Online}, publisher = {IGI Global}, language = {en}, ISSN = {1938-0259}, DOI = {10.4018/ijghpc.2013100107}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Catrein, Daniel and Wehrle, Klaus} } @Techreport { 2013-draft-hummen-dtls-extended-session-resumption-01, title = {Extended DTLS Session Resumption for Constrained Network Environments}, year = {2013}, month = {10}, day = {18}, number = {draft-hummen-dtls-extended-session-resumption-01}, abstract = {This draft defines two extensions for the existing session resumption mechanisms of TLS that specifically apply to Datagram TLS (DTLS) in constrained network environments. Session resumption type negotiation enables the client and the server to explicitly agree on the session resumption mechanism for subsequent handshakes, thus avoiding unnecessary overheads occurring with the existing specifications. Session resumption without client-side state additionally enables a constrained DTLS client to resume a session without the need to maintain state while the session is inactive. The extensions defined in this draft update [RFC5077] and [RFC5246].}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-dtls-extended-session-resumption-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Gilger, Johannes and Shafagh, Hossein} } @Inproceedings { 2013-hummen-standards, title = {Standards-based End-to-End IP Security for the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-3}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-standards.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {PhD Forum of 21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum)}, event_date = {7 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733648}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2013-hummen-slimfit, title = {Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {259-266}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on}, event_place = {Lyon, France}, event_name = {IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013)}, language = {en}, ISBN = {978-1-4577-2014-7}, ISSN = {2160-4886}, DOI = {10.1109/WiMOB.2013.6673370}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2013-icnp-hummen-tailoring, title = {Tailoring End-to-End IP Security Protocols to the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-10}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {21st IEEE International Conference on Network Protocols (ICNP 2013)}, event_date = {7-10 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733571}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Article { 2013-raza-lithe, title = {Lithe: Lightweight Secure CoAP for the Internet of Things}, journal = {IEEE Sensors Journal}, year = {2013}, month = {10}, volume = {13}, number = {10}, pages = {3711-3720}, keywords = {Internet of Things;operating systems (computers);personal area networks;protocols;security of data;6LoWPAN standard;Contiki operating system;DTLS;Internet of Things;IoT;Lithe;authenticated confidential communication;constrained application protocol;datagram transport layer security;e-health domain;end-to-end security;lightweight secure CoAP;resource-constrained devices;Encoding;Internet;Payloads;Protocols;Security;Sensors;Standards;6LoWPAN;CoAP;CoAPs;DTLS;IoT;security}, tags = {iotsec}, language = {en}, ISSN = {1530-437X}, DOI = {10.1109/JSEN.2013.2277656}, reviewed = {1}, author = {Raza, Shahid and Shafagh, Hossein and Hewage, Kasun and Hummen, Ren{\'e} and Voigt, Thiemo} } @Techreport { 2013-draft-garcia-core-security-06, title = {Security Considerations in the IP-based Internet of Things}, year = {2013}, month = {9}, day = {11}, number = {draft-garcia-core-security-06}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-06}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { draft-hummen-dtls-extended-session-resumption-00, title = {Extended DTLS Session Resumption for Constrained Network Environments}, year = {2013}, month = {7}, day = {15}, number = {draft-hummen-dtls-extended-session-resumption-00}, abstract = {This draft defines two extensions for the existing session resumption mechanisms of TLS that specifically apply to Datagram TLS (DTLS) in constrained network environments. Session resumption type negotiation enables the client and the server to explicitly agree on the session resumption mechanism for subsequent handshakes, thus avoiding unnecessary overheads occurring with the existing specifications. Session resumption without client-side state additionally enables a constrained DTLS client to resume a session without the need to maintain state while the session is inactive. The extensions defined in this draft update [RFC5077] and [RFC5246].}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-dtls-extended-session-resumption-00}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Gilger, Johannes} } @Inproceedings { 2013-duma-henze-cloud-annotations, title = {The Cloud Needs Cross-Layer Data Handling Annotations (Position Paper)}, year = {2013}, month = {5}, day = {23}, pages = {18-22}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-duma-henze-cloudannotations.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 4th International Workshop on Data Usage Management (DUMA 2013), part of 2013 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA}, language = {en}, ISBN = {978-1-4799-0458-7}, DOI = {10.1109/SPW.2013.31}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2013-hummen-towards, title = {Towards Viable Certificate-based Authentication for the Web of Things}, year = {2013}, month = {4}, day = {19}, tags = {iotsec}, url = {fileadmin/papers/2013/2013-hummen-towards.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec '13)}, event_place = {Budapest, Hungary}, event_name = {2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy}, language = {en}, ISBN = {978-1-4503-2003-0}, DOI = {10.1145/2463183.2463193}, reviewed = {1}, author = {Hummen, Ren{\'e} and Ziegeldorf, Jan Henrik and Shafagh, Hossein and Raza, Shahid and Wehrle, Klaus} } @Inproceedings { 2013-hummen-6lowpan, title = {6LoWPAN Fragmentation Attacks and Mitigation Mechanisms}, year = {2013}, month = {4}, day = {17}, tags = {iotsec; sensorcloud}, url = {fileadmin/papers/2013/2013-hummen-6lowpan.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, event_place = {Budapest, Hungary}, event_name = {6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, language = {en}, ISBN = {978-1-4503-1998-0}, DOI = {10.1145/2462096.2462107}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Wirtz, Hanno and Henze, Martin and Shafagh, Hossein and Wehrle, Klaus} } @Techreport { 2013-draft-garcia-core-security-05, title = {Security Considerations in the IP-based Internet of Things}, year = {2013}, month = {3}, day = {11}, number = {draft-garcia-core-security-05}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-05}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { 2013-draft-hummen-hip-middle-puzzle-01, title = {HIP Middlebox Puzzle Offloading and End-host Notification}, year = {2013}, month = {1}, day = {9}, number = {draft-hummen-hip-middle-puzzle-01}, abstract = {The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Henze, Martin and Hiller, Jens} } @Inproceedings { 2012-hummen-cloud, title = {A Cloud Design for User-controlled Storage and Processing of Sensor Data}, year = {2012}, month = {12}, day = {3}, pages = {232-240}, tags = {sensorcloud}, url = {fileadmin/papers/2012/2012-hummen-cloud.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), Taipei, Taiwan}, event_place = {Taipei, Taiwan}, event_name = {Fourth IEEE International Conference on Cloud Computing Technology and Science}, language = {en}, ISBN = {978-1-4673-4511-8}, DOI = {10.1109/CloudCom.2012.6427523}, reviewed = {1}, author = {Hummen, Ren{\'e} and Henze, Martin and Catrein, Daniel and Wehrle, Klaus} } @Techreport { 2012-draft-hummen-hip-middle-puzzle, title = {HIP Middlebox Puzzle Offloading and End-host Notification}, year = {2012}, month = {7}, day = {9}, number = {draft-hummen-hip-middle-puzzle-00}, abstract = {The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks targeting its computation and memory overhead. This document specifies an extension that enables middleboxes to assist in the choice of the puzzle difficulty as well as in solving the puzzle on behalf of the host.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-00}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, author = {Hummen, Ren{\'e} and Henze, Martin} } @Inproceedings { 2012-hummen-seams, title = {SEAMS: A Signaling Layer for End-host-Assisted Middlebox Services}, year = {2012}, month = {6}, day = {25}, pages = {525--532}, url = {fileadmin/papers/2012/2012-hummen-seams.pdf}, booktitle = {Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-12)}, organization = {IEEE}, event_place = {Liverpool, United Kingdom}, language = {en}, ISBN = {978-1-4673-2172-3}, DOI = {10.1109/TrustCom.2012.250}, reviewed = {1}, author = {Hummen, Ren{\'e} and Ziegeldorf, Jan Henrik and Heer, Tobias and Wirtz, Hanno and Wehrle, Klaus} } @Inproceedings { WirtzHHW2012, title = {Mesh-DHT: A Locality-Based Distributed Look-Up Structure for Wireless Mesh Networks}, year = {2012}, month = {6}, day = {14}, pages = {653-658}, url = {fileadmin/papers/2012/2012_wirtz_icc_mesh_dht.pdf}, misc2 = {Print Online}, publisher = {IEEE}, booktitle = {Proceedings of the IEEE International Conference on Communications (ICC 2012), Ottawa, Canada}, event_place = {Ottawa, Canada}, event_name = {ICC 2012}, event_date = {10.-15.06.2012}, language = {en}, ISBN = {978-1-4577-2051-2}, DOI = {10.1109/ICC.2012.6364336}, reviewed = {1}, author = {Wirtz, Hanno and Heer, Tobias and Hummen, Ren{\'e} and Wehrle, Klaus} } @Techreport { 2012-draft-garcia-core-security, title = {Security Considerations in the IP-based Internet of Things}, year = {2012}, month = {3}, day = {26}, number = {draft-garcia-core-security-04}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Inproceedings { 2011-wirtz-kaleidoscope, title = {Cooperative Wi-Fi-Sharing: Encouraging Fair Play}, year = {2011}, month = {12}, day = {14}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-wirtz-kaleidoscope.pdf}, misc = {Online}, address = {ITU}, booktitle = {Proceedings of the ITU-T Kaleidoscope Event 2011, Cape Town, South Africa}, event_place = {Cape Town, South Africa}, event_name = {ITU-T Kaleidoscope: The fully networked human?}, event_date = {2011-12-12}, language = {en}, ISBN = {978-92-61-13651-2}, reviewed = {1}, author = {Wirtz, Hanno and Hummen, Ren{\'e} and Viol, Nicolai and Heer, Tobias and Lora Gir{\'o}n, M{\'o}nica Alejandra and Wehrle, Klaus} } @Techreport { 2011-draft-garcia-core-security-03, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {10}, day = {31}, number = {draft-garcia-core-security-03}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-03}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Article { 2011-heer-iot-journal, title = {Security Challenges in the IP-based Internet of Things}, journal = {Springer Wireless Personal Communications Journal}, year = {2011}, month = {10}, volume = {61}, number = {3}, pages = {527-542}, abstract = {A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.}, tags = {iotsec}, url = {fileadmin/papers/2011/2011-heer-iot-challenges.pdf}, misc2 = {Online}, publisher = {Springer}, address = {Netherlands}, language = {en}, ISSN = {0929-6212}, DOI = {10.1007/s11277-011-0385-5}, reviewed = {1}, author = {Heer, Tobias and Garcia-Morchon, Oscar and Hummen, Ren{\'e} and Keoh, Sye Loong and Kumar, Sandeep S. and Wehrle, Klaus} } @Inproceedings { 2011-wintech-wirtz, title = {Demo: Establishing Mobile Ad-Hoc Networks in 802.11 Infrastructure Mode}, year = {2011}, month = {9}, day = {19}, pages = {89-90}, abstract = {Mobile Ad-Hoc Networks (MANETs) rely on the 802.11 ad- hoc mode to establish communication with nearby peers. In practice, this makes MANETs hard to realize. While 802.11-compliant mobile devices implement the ad-hoc mode on the hardware layer, the software layer typically does not implement support for ad-hoc networking in terms of ad-hoc routing and name resolution protocols. Modern mobile operating systems, such as Android and iOS, even hide the inherent ad-hoc functionality of the wireless card through restrictions in the OS. In contrast to this, support for the 802.11 infrastructure mode is a commodity. We propose establishing ad-hoc networks using the 802.11 infrastructure mode. In MA-Fi (Mobile Ad-Hoc Wi-Fi), a small core of mobile router nodes (RONs) provides infrastruc-ture mode network access to mobile station nodes (STANs). As RONs also act as a station in infrastructure networks of other RONs, MA-Fi achieves multi-hop communication between RON and STAN devices in the overall network. We show the creation and operation of mobile ad-hoc networks using MA-Fi. We focus on mobility of RONs and STANs as well as topology control in the overall network.}, url = {fileadmin/papers/2011/2011-wirtz-wintech.pdf}, misc = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization (WiNTECH 2011), Las Vegas, NV, USA}, event_place = {Las Vegas, Nevada, USA}, event_name = {The Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization}, event_date = {2011-09-19}, language = {en}, ISBN = {978-1-4503-0867-0}, DOI = {10.1145/2030718.2030737}, reviewed = {1}, author = {Wirtz, Hanno and Backhaus, Robert and Hummen, Ren{\'e} and Wehrle, Klaus} } @Techreport { 2011-draft-garcia-core-security-02, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {7}, day = {11}, number = {draft-garcia-core-security-02}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-02}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Inproceedings { 2011-hummen-pisa-demo, title = {PISA-SA - Security and Mobility in a Collaborative Muni-Fi (Demo Abstract)}, year = {2011}, month = {6}, day = {15}, volume = {15}, pages = {35--36}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-hummen-wisec-pisa-sa-demo.pdf}, misc2 = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the fourth ACM Conference on Wireless Network Security, Hamburg, Germany}, event_place = {Hamburg, Germany}, event_name = {Wireless Network Security 2011 (WiSec 2011)}, language = {en}, ISSN = {1559-1662}, DOI = {10.1145/2073290.2073297}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Viol, Nicolai and Heer, Tobias and Wehrle, Klaus} } @Techreport { 2011-draft-garcia-core-security-01, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {3}, day = {14}, number = {draft-garcia-core-security-01}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { 2011-draft-garcia-core-security-00, title = {Security Considerations in the IP-based Internet of Things}, year = {2011}, month = {3}, day = {7}, number = {draft-garcia-core-security-00}, abstract = {A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-garcia-core-security-00}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Garcia-Morchon, Oscar and Keoh, Sye Loong and Kumar, Sandeep S. and Hummen, Ren{\'e} and Struik, Ren{\'e}} } @Techreport { 2011-heer-draft-middle-auth, title = {End-Host Authentication for HIP Middleboxes (Version 4)}, year = {2011}, number = {draft-heer-hip-middle-auth-04}, abstract = {The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes.}, note = {Work in progress}, tags = {ietf, mobile_access}, url = {http://tools.ietf.org/html/draft-heer-hip-middle-auth-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Heer, Tobias and Komu, Miika and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2010-heer-pisa-sa, title = {PiSA-SA: Municipal Wi-Fi Based on Wi-Fi Sharing}, year = {2010}, month = {8}, day = {2}, volume = {1}, pages = {588-593}, abstract = {With the goal of providing ubiquitous wireless services (e.g., tourist guides, environmental information, pedestrian navigation), municipal wireless networks are currently being established all around the world. For municipalities, it is often challenging to achieve the bandwidth and coverage that is necessary for many of the envisioned network services. At the same time, Wi-Fi-sharing communities achieve high bandwidth and good coverage at a very low cost by capitalizing on the dense deployment of private access points in urban areas. However, from a technical, conceptual, and security perspective, Wi-Fi sharing community networks resemble a patchwork of heterogeneous networks instead of one well-planned city-wide network. This patchwork character stands in stark contrast to a uniform, secure platform for public and commercial services desirable for the economic success of such a network. Hence, despite its cost-efficiency, the community-based approach cannot be adopted by municipalities easily. In this paper, we show how to realize municipal wireless services on top of a Wi-Fi-sharing infrastructure in a technically sound and economically attractive fashion. In particular, we focus on how to securely provide services to mobile clients with and without client-side software support. Our solution cleanly separates the roles of controlling and administering the network from providing bandwidth and wireless access. With this separation, commercial ISPs and citizens with their private Wi-Fi can contribute to the network infrastructure. This allows municipalities in turn to focus their resources on municipal wireless services.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-icc-pisa-sa.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {International Conference on Computer Communication Networks, ICCCN 2010, Zurich}, event_place = {Zurich, Switzerland}, event_name = {International Conference on Computer Communication Networks, ICCCN 2010}, language = {en}, ISBN = {978-1-4244-7114-0}, DOI = {10.1109/ICCCN.2010.5560103}, reviewed = {1}, author = {Heer, Tobias and Jansen, Thomas and Hummen, Ren{\'e} and Wirtz, Hanno and G{\"o}tz, Stefan and Weingaertner, Elias and Wehrle, Klaus} } @Inproceedings { 2010-percomws-heer-munifi, title = {Collaborative Municipal Wi-Fi Networks - Challenges and Opportunities}, journal = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), IEEE.}, year = {2010}, month = {4}, day = {2}, volume = {1}, pages = {588 - 593}, abstract = {Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-percomws-collaborative-municipal-wi-fi.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), Mannheim, Germany.}, event_place = {Mannheim, Germany}, event_name = {Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010)}, event_date = {April 02, 2010}, language = {en}, ISBN = {978-1-4244-6605-4}, DOI = {10.1109/PERCOMW.2010.5470505}, author = {Heer, Tobias and Hummen, Ren{\'e} and Viol, Nicolai and Wirtz, Hanno and G{\"o}tz, Stefan and Wehrle, Klaus} } @Inproceedings { 2009-icc-heer-middleboxes, title = {End-host Authentication and Authorization for Middleboxes based on a Cryptographic Namespace}, year = {2009}, volume = {1}, pages = {791-796}, abstract = {Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf}, misc2 = {Print}, publisher = {Piscataway, NJ, USA}, address = {Dresden, Germany}, booktitle = {Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany}, organization = {IEEE}, event_place = {Dresden, Germany}, event_name = {IEEE International Conference on Communications 2009 (ICC 2009)}, language = {en}, ISBN = {978-1-4244-3435-0}, ISSN = {1938-1883}, DOI = {10.1109/ICC.2009.5198984}, reviewed = {1}, author = {Heer, Tobias and Hummen, Ren{\'e} and Komu, Miika and G{\"o}tz, Stefan and Wehrle, Klaus} }