This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2024-05-10
Creation time: 05-42-26
--- Number of references
4
inproceedings
2023-kunze-spin-bit-in-the-wild
Does It Spin? On the Adoption and Use of QUIC’s Spin Bit
2023
10
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-kunze-spin-bit-in-the-wild.pdf
ACM
Proceedings of the Internet Measurement Conference (IMC '23)
Internet Measurement Conference 2023
10.1145/3618257.3624844
1
IkeKunze
ConstantinSander
KlausWehrle
inproceedings
2023-sander-quic-ecn
ECN with QUIC: Challenges in the Wild
2023
10
legato
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-sander-quic-ecn.pdf
https://arxiv.org/abs/2309.14273
ACM
Proceedings of the Internet Measurement Conference (IMC '23)
Internet Measurement Conference 2023
979-8-4007-0382-9/23/10
10.1145/3618257.3624821
1
ConstantinSander
IkeKunze
LeoBlöcher
MikeKosek
KlausWehrle
inproceedings
2023-dahlmanns-docker
Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact
2023
7
10
797-811
Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear.
In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.
network security; security configuration; secret leakage; container
ven2us, internet-of-production,
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf
ACM
Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia
Melbourne, VIC, Australia
ASIA CCS '23
July 10-14, 2023
979-8-4007-0098-9/23/07
10.1145/3579856.3590329
1
MarkusDahlmanns
ConstantinSander
RobinDecker
KlausWehrle
inproceedings
2023-grote-mvca-fairness
Instant Messaging Meets Video Conferencing: Studying the Performance of IM Video Calls
2023
6
https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-grote-mvca-fairness.pdf
IFIP/IEEE
Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '23)
978-3-903176-58-4
10.23919/TMA58422.2023.10199019
1
LaurenzGrote
IkeKunze
ConstantinSander
KlausWehrle