This file was created by the TYPO3 extension bib --- Timezone: CET Creation date: 2023-12-05 Creation time: 23-34-13 --- Number of references 44 incollection 2017-cps-henze-network 2017 11 13 25-56 sensorcloud,ipacs Song, Houbing and Fink, Glenn A. and Jeschke, Sabina Wiley-IEEE Press First 2 Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications en 978-1-119-22604-8 10.1002/9781119226079.ch2 1 MartinHenze JensHiller RenéHummen RomanMatzutt KlausWehrle Jan HenrikZiegeldorf techreport 2016-henze-aib-sensorcloud 2016 7 11 AIB-2016-06 arXiv:1607.03239 [cs.NI] 1--24 sensorcloud fileadmin/papers/2016/2016-henze-aib-sensorcloud.pdf Online Department of Computer Science, RWTH Aachen University

Ahornstr. 55, 52074 Aachen, Germany

Department of Computer Science, RWTH Aachen University Technical Report en 0935-3232 MartinHenze RenéHummen RomanMatzutt KlausWehrle inproceedings 2015-ziegeldorf-dpm-comparison 2015 9 22 9481 226-234 fileadmin/papers/2015/2015-ziegeldorf-dpm-cbp.pdf Online Springer Lecture Notes in Computer Science The 10th DPM International Workshop on Data Privacy Management, Vienna, Austria en 978-3-319-29882-5 10.1007/978-3-319-29883-2_15 1 Jan HenrikZiegeldorf MartinHenze RenéHummen KlausWehrle inproceedings 2015-gerdes-authorization 2015 9 iotsec Online D•A•CH Security 2015 Sankt Augustin, Germany D•A•CH Security 2015 08.09. - 09.09.2015 accepted de 1 StefanieGerdes RenéHummen OlafBergmann techreport 2015-draft-moskowitz-hip-dex-04 2015 7 20 draft-moskowitz-hip-dex-04 This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-moskowitz-hip-dex-04 Online Internet Engineering Task Force Internet-Draft en RobertMoskowitz RenéHummen phdthesis 2015-hummen-resource-conscious 2015 6 30 iot https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-hummen-phd-thesis.pdf Shaker Verlag

Aachen, Germany

Reports on Communications and Distributed Systems 11 RWTH Aachen University Chair of Communication and Distributed Systems Ph.D. Thesis 978-3-8440-3755-5 RenéHummen techreport 2015-draft-moskowitz-hip-dex-03 2015 6 19 draft-moskowitz-hip-dex-03 This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-moskowitz-hip-dex-03 Online Internet Engineering Task Force Internet-Draft en RobertMoskowitz RenéHummen phdthesis 2015-hummen-phdthesis 2015 RWTH Aachen University RenéHummen techreport 2014-draft-moskowitz-hip-dex-02 2014 12 19 draft-moskowitz-hip-dex-02 This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIPv2. The HIP DEX protocol is primarily designed for computation or memory-constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-moskowitz-hip-dex-02 Online Internet Engineering Task Force Internet-Draft en RobertMoskowitz RenéHummen incollection 2014-tcc-henze-trustpoint 2014 12 14 77-106 sensorcloud Online Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard Springer Trusted Cloud Computing 978-3-319-12717-0 10.1007/978-3-319-12718-7_6 1 MartinHenze RenéHummen RomanMatzutt KlausWehrle incollection 2013-wtc-eggert-sensorcloud 2014 12 14 203-218 sensorcloud fileadmin/papers/2013/2013-wtc-eggert-sensorcloud.pdf Online Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard Springer Trusted Cloud Computing en 978-3-319-12717-0 10.1007/978-3-319-12718-7_13 1 MichaelEggert RogerHäußling MartinHenze LarsHermerschmidt RenéHummen DanielKerpen AntonioNavarro Pérez BernhardRumpe DirkThißen KlausWehrle inproceedings 2014-aasnet-henze-scslib 2014 9 24 37 370-375 sensorcloud /fileadmin/papers/2014/2014-henze-aasnet-scslib.pdf Online Elsevier Procedia Computer Science The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14), Halifax, NS, Canada Halifax, NS, Canada The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14) en 10.1016/j.procs.2014.08.055 1 MartinHenze SebastianBereda RenéHummen KlausWehrle inproceedings 2014-hummen-delegation 2014 6 30 284-292 iotsec; sensorcloud http://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-hummen-secon-delegation.pdf Online IEEE 11th IEEE International Conference on Sensing, Communication, and Networking (SECON 2014) Singapore 11th IEEE International Conference on Sensor, Communication, and Networking (SECON 2014) 30.06. - 03.07.2014 en 10.1109/SAHCN.2014.6990364 1 RenéHummen HosseinShafagh ShahidRaza ThiemoVoigt KlausWehrle techreport 2014-draft-moskowitz-hip-dex-01 2014 3 4 draft-moskowitz-hip-dex-01 This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the HIP Base EXchange (HIP BEX) [rfc5201-bis]. The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. In doing so, the main goal is to still deliver similar security properties to HIP BEX. The HIP DEX protocol is primarily targeted at computation or memory-constrained sensor devices. Like HIP BEX, it is expected to be used together with another suitable security protocol such as the Encapsulated Security Payload (ESP) [rfc5202-bis] for the protection of upper layer protocols. HIP DEX can also be used as a keying mechanism for a MAC layer security protocol as is supported by IEEE 802.15.4 [IEEE.802-15-4.2011]. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-moskowitz-hip-dex-01 Online Internet Engineering Task Force Internet-Draft en RobertMoskowitz RenéHummen article 2013-ijghpc-henze-sensorcloud International Journal of Grid and High Performance Computing (IJGHPC) 2013 12 5 4 97-112 sensorcloud fileadmin/papers/2013/2013-ijghpc-henze-sensorcloud.pdf Online IGI Global en 1938-0259 10.4018/ijghpc.2013100107 1 MartinHenze RenéHummen RomanMatzutt DanielCatrein KlausWehrle techreport 2013-draft-hummen-dtls-extended-session-resumption-01 2013 10 18 draft-hummen-dtls-extended-session-resumption-01 This draft defines two extensions for the existing session resumption mechanisms of TLS that specifically apply to Datagram TLS (DTLS) in constrained network environments. Session resumption type negotiation enables the client and the server to explicitly agree on the session resumption mechanism for subsequent handshakes, thus avoiding unnecessary overheads occurring with the existing specifications. Session resumption without client-side state additionally enables a constrained DTLS client to resume a session without the need to maintain state while the session is inactive. The extensions defined in this draft update [RFC5077] and [RFC5246]. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-hummen-dtls-extended-session-resumption-01 Online Internet Engineering Task Force Internet-Draft en RenéHummen JohannesGilger HosseinShafagh inproceedings 2013-hummen-standards 2013 10 7 1-3 iotsec https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-standards.pdf Online IEEE 21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum), Göttingen, Germany Göttingen, Germany PhD Forum of 21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum) 7 Oct. 2013 en 978-1-4799-1270-4 10.1109/ICNP.2013.6733648 1 RenéHummen KlausWehrle inproceedings 2013-hummen-slimfit 2013 10 7 259-266 iotsec https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf Online IEEE Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on Lyon, France IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013) en 978-1-4577-2014-7 2160-4886 10.1109/WiMOB.2013.6673370 1 RenéHummen JensHiller MartinHenze KlausWehrle inproceedings 2013-icnp-hummen-tailoring 2013 10 7 1-10 iotsec https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf Online IEEE In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), Göttingen, Germany Göttingen, Germany 21st IEEE International Conference on Network Protocols (ICNP 2013) 7-10 Oct. 2013 en 978-1-4799-1270-4 10.1109/ICNP.2013.6733571 1 RenéHummen HannoWirtz Jan HenrikZiegeldorf JensHiller KlausWehrle article 2013-raza-lithe IEEE Sensors Journal 2013 10 13 10 3711-3720 Internet of Things;operating systems (computers);personal area networks;protocols;security of data;6LoWPAN standard;Contiki operating system;DTLS;Internet of Things;IoT;Lithe;authenticated confidential communication;constrained application protocol;datagram transport layer security;e-health domain;end-to-end security;lightweight secure CoAP;resource-constrained devices;Encoding;Internet;Payloads;Protocols;Security;Sensors;Standards;6LoWPAN;CoAP;CoAPs;DTLS;IoT;security iotsec en 1530-437X 10.1109/JSEN.2013.2277656 1 ShahidRaza HosseinShafagh KasunHewage RenéHummen ThiemoVoigt techreport 2013-draft-garcia-core-security-06 2013 9 11 draft-garcia-core-security-06 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-06 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik techreport draft-hummen-dtls-extended-session-resumption-00 2013 7 15 draft-hummen-dtls-extended-session-resumption-00 This draft defines two extensions for the existing session resumption mechanisms of TLS that specifically apply to Datagram TLS (DTLS) in constrained network environments. Session resumption type negotiation enables the client and the server to explicitly agree on the session resumption mechanism for subsequent handshakes, thus avoiding unnecessary overheads occurring with the existing specifications. Session resumption without client-side state additionally enables a constrained DTLS client to resume a session without the need to maintain state while the session is inactive. The extensions defined in this draft update [RFC5077] and [RFC5246]. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-hummen-dtls-extended-session-resumption-00 Online Internet Engineering Task Force Internet-Draft en RenéHummen JohannesGilger inproceedings 2013-duma-henze-cloud-annotations 2013 5 23 18-22 sensorcloud fileadmin/papers/2013/2013-duma-henze-cloudannotations.pdf Online IEEE Proceedings of the 4th International Workshop on Data Usage Management (DUMA 2013), part of 2013 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA en 978-1-4799-0458-7 10.1109/SPW.2013.31 1 MartinHenze RenéHummen KlausWehrle inproceedings 2013-hummen-towards 2013 4 19 iotsec fileadmin/papers/2013/2013-hummen-towards.pdf ACM Proceedings of the 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec '13) Budapest, Hungary 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy en 978-1-4503-2003-0 10.1145/2463183.2463193 1 RenéHummen Jan HenrikZiegeldorf HosseinShafagh ShahidRaza KlausWehrle inproceedings 2013-hummen-6lowpan 2013 4 17 iotsec; sensorcloud fileadmin/papers/2013/2013-hummen-6lowpan.pdf ACM Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13) Budapest, Hungary 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13) en 978-1-4503-1998-0 10.1145/2462096.2462107 1 RenéHummen JensHiller HannoWirtz MartinHenze HosseinShafagh KlausWehrle techreport 2013-draft-garcia-core-security-05 2013 3 11 draft-garcia-core-security-05 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-05 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik techreport 2013-draft-hummen-hip-middle-puzzle-01 2013 1 9 draft-hummen-hip-middle-puzzle-01 The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01 Online Internet Engineering Task Force Internet-Draft en RenéHummen MartinHenze JensHiller inproceedings 2012-hummen-cloud 2012 12 3 232-240 sensorcloud fileadmin/papers/2012/2012-hummen-cloud.pdf IEEE Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), Taipei, Taiwan Taipei, Taiwan Fourth IEEE International Conference on Cloud Computing Technology and Science en 978-1-4673-4511-8 10.1109/CloudCom.2012.6427523 1 RenéHummen MartinHenze DanielCatrein KlausWehrle techreport 2012-draft-hummen-hip-middle-puzzle 2012 7 9 draft-hummen-hip-middle-puzzle-00 The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks targeting its computation and memory overhead. This document specifies an extension that enables middleboxes to assist in the choice of the puzzle difficulty as well as in solving the puzzle on behalf of the host. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-00 Internet Engineering Task Force Internet-Draft RenéHummen MartinHenze inproceedings 2012-hummen-seams 2012 6 25 525--532 fileadmin/papers/2012/2012-hummen-seams.pdf Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-12) IEEE Liverpool, United Kingdom en 978-1-4673-2172-3 10.1109/TrustCom.2012.250 1 RenéHummen Jan HenrikZiegeldorf TobiasHeer HannoWirtz KlausWehrle inproceedings WirtzHHW2012 2012 6 14 653-658 fileadmin/papers/2012/2012_wirtz_icc_mesh_dht.pdf Print Online IEEE Proceedings of the IEEE International Conference on Communications (ICC 2012), Ottawa, Canada Ottawa, Canada ICC 2012 10.-15.06.2012 en 978-1-4577-2051-2 10.1109/ICC.2012.6364336 1 HannoWirtz TobiasHeer RenéHummen KlausWehrle techreport 2012-draft-garcia-core-security 2012 3 26 draft-garcia-core-security-04 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-04 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik inproceedings 2011-wirtz-kaleidoscope 2011 12 14 mobile_access fileadmin/papers/2011/2011-wirtz-kaleidoscope.pdf Online

ITU

Proceedings of the ITU-T Kaleidoscope Event 2011, Cape Town, South Africa Cape Town, South Africa ITU-T Kaleidoscope: The fully networked human? 2011-12-12 en 978-92-61-13651-2 1 HannoWirtz RenéHummen NicolaiViol TobiasHeer Mónica AlejandraLora Girón KlausWehrle techreport 2011-draft-garcia-core-security-03 2011 10 31 draft-garcia-core-security-03 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-03 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik article 2011-heer-iot-journal Springer Wireless Personal Communications Journal 2011 10 61 3 527-542 A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols. iotsec fileadmin/papers/2011/2011-heer-iot-challenges.pdf Online Springer

Netherlands

en 0929-6212 10.1007/s11277-011-0385-5 1 TobiasHeer OscarGarcia-Morchon RenéHummen Sye LoongKeoh Sandeep S.Kumar KlausWehrle inproceedings 2011-wintech-wirtz 2011 9 19 89-90 Mobile Ad-Hoc Networks (MANETs) rely on the 802.11 ad- hoc mode to establish communication with nearby peers. In practice, this makes MANETs hard to realize. While 802.11-compliant mobile devices implement the ad-hoc mode on the hardware layer, the software layer typically does not implement support for ad-hoc networking in terms of ad-hoc routing and name resolution protocols. Modern mobile operating systems, such as Android and iOS, even hide the inherent ad-hoc functionality of the wireless card through restrictions in the OS. In contrast to this, support for the 802.11 infrastructure mode is a commodity. We propose establishing ad-hoc networks using the 802.11 infrastructure mode. In MA-Fi (Mobile Ad-Hoc Wi-Fi), a small core of mobile router nodes (RONs) provides infrastruc-ture mode network access to mobile station nodes (STANs). As RONs also act as a station in infrastructure networks of other RONs, MA-Fi achieves multi-hop communication between RON and STAN devices in the overall network. We show the creation and operation of mobile ad-hoc networks using MA-Fi. We focus on mobility of RONs and STANs as well as topology control in the overall network. fileadmin/papers/2011/2011-wirtz-wintech.pdf Online ACM

New York, NY, USA

Proceedings of the Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization (WiNTECH 2011), Las Vegas, NV, USA Las Vegas, Nevada, USA The Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization 2011-09-19 en 978-1-4503-0867-0 10.1145/2030718.2030737 1 HannoWirtz RobertBackhaus RenéHummen KlausWehrle techreport 2011-draft-garcia-core-security-02 2011 7 11 draft-garcia-core-security-02 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-02 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik inproceedings 2011-hummen-pisa-demo 2011 6 15 15 35--36 mobile_access fileadmin/papers/2011/2011-hummen-wisec-pisa-sa-demo.pdf Online ACM

New York, NY, USA

Proceedings of the fourth ACM Conference on Wireless Network Security, Hamburg, Germany Hamburg, Germany Wireless Network Security 2011 (WiSec 2011) en 1559-1662 10.1145/2073290.2073297 1 RenéHummen HannoWirtz NicolaiViol TobiasHeer KlausWehrle techreport 2011-draft-garcia-core-security-01 2011 3 14 draft-garcia-core-security-01 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-01 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik techreport 2011-draft-garcia-core-security-00 2011 3 7 draft-garcia-core-security-00 A direct interpretation of the Internet of Things concept refers to the usage of standard Internet protocols to allow for human-to-thing or thing-to-thing communication. Although the security needs are well-recognized, it is still not fully clear how existing IP-based security protocols can be applied to this new setting. This Internet-Draft first provides an overview of security architecture, its deployment model and general security needs in the context of the lifecycle of a thing. Then, it presents challenges and requirements for the successful roll-out of new applications and usage of standard IP-based security protocols when applied to get a functional Internet of Things. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-garcia-core-security-00 Online Internet Engineering Task Force Internet-Draft en OscarGarcia-Morchon Sye LoongKeoh Sandeep S.Kumar RenéHummen RenéStruik techreport 2011-heer-draft-middle-auth 2011 draft-heer-hip-middle-auth-04 The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes. Work in progress ietf, mobile_access http://tools.ietf.org/html/draft-heer-hip-middle-auth-04 Online Internet Engineering Task Force Internet-Draft en TobiasHeer MiikaKomu RenéHummen KlausWehrle inproceedings 2010-heer-pisa-sa 2010 8 2 1 588-593 With the goal of providing ubiquitous wireless services (e.g., tourist guides, environmental information, pedestrian navigation), municipal wireless networks are currently being established all around the world. For municipalities, it is often challenging to achieve the bandwidth and coverage that is necessary for many of the envisioned network services. At the same time, Wi-Fi-sharing communities achieve high bandwidth and good coverage at a very low cost by capitalizing on the dense deployment of private access points in urban areas. However, from a technical, conceptual, and security perspective, Wi-Fi sharing community networks resemble a patchwork of heterogeneous networks instead of one well-planned city-wide network. This patchwork character stands in stark contrast to a uniform, secure platform for public and commercial services desirable for the economic success of such a network. Hence, despite its cost-efficiency, the community-based approach cannot be adopted by municipalities easily. In this paper, we show how to realize municipal wireless services on top of a Wi-Fi-sharing infrastructure in a technically sound and economically attractive fashion. In particular, we focus on how to securely provide services to mobile clients with and without client-side software support. Our solution cleanly separates the roles of controlling and administering the network from providing bandwidth and wireless access. With this separation, commercial ISPs and citizens with their private Wi-Fi can contribute to the network infrastructure. This allows municipalities in turn to focus their resources on municipal wireless services. mobile_access http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-icc-pisa-sa.pdf Print IEEE Press

Washington, DC, USA

International Conference on Computer Communication Networks, ICCCN 2010, Zurich Zurich, Switzerland International Conference on Computer Communication Networks, ICCCN 2010 en 978-1-4244-7114-0 10.1109/ICCCN.2010.5560103 1 TobiasHeer ThomasJansen RenéHummen HannoWirtz StefanGötz EliasWeingaertner KlausWehrle inproceedings 2010-percomws-heer-munifi Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), IEEE. 2010 4 2 1 588 - 593 Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks. mobile_access http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-percomws-collaborative-municipal-wi-fi.pdf Print IEEE Press

Washington, DC, USA

Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), Mannheim, Germany. Mannheim, Germany Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010) April 02, 2010 en 978-1-4244-6605-4 10.1109/PERCOMW.2010.5470505 TobiasHeer RenéHummen NicolaiViol HannoWirtz StefanGötz KlausWehrle inproceedings 2009-icc-heer-middleboxes 2009 1 791-796 Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards. mobile_access http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf Print Piscataway, NJ, USA

Dresden, Germany

Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany IEEE Dresden, Germany IEEE International Conference on Communications 2009 (ICC 2009) en 978-1-4244-3435-0 1938-1883 10.1109/ICC.2009.5198984 1 TobiasHeer RenéHummen MiikaKomu StefanGötz KlausWehrle