This file was created by the TYPO3 extension bib --- Timezone: UTC Creation date: 2025-03-16 Creation time: 09-04-57 --- Number of references 25 inproceedings 2024_lohmoeller_tee_datasharing 2024 12 19 49-56 Federated data ecosystems continue to emerge to connect previously isolated data silos across organizational boundaries over the Internet. These platforms aim to facilitate data sharing while maintaining data sovereignty, which is supposed to empower data owners to retain control over their data. However, the employed organizational security measures, such as policy-enforcing middleware besides software certification, processes, and employees are insufficient to provide reliable guarantees against malicious insiders. This paper thus proposes a corresponding technical solution for federated platforms that builds on communication between Trusted Execution Environments (TEEs) and demonstrates the feasibility of technically enforceable data protection. Specifically, we provide dependable guarantees for data owners formulated via rich policies while maintaining usability as a general-purpose data exchange platform. Further, by evaluating a real-world use case that concerns sharing sensitive genomic data, we demonstrate its real-world suitability. Our findings emphasize the potential of TEEs in establishing trust and increasing data security for federated data scenarios far beyond a single use case. internet-of-production;health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-tee-data-sharing.pdf IEEE Proceedings of the 1st Conference on Building a Secure and Empowered Cyberspace (BuildSEC '24), December 19-21, 2024, New Delhi, India New Delhi, India Building a Secure & Empowered Cyberspace December 19-21, 2024 en 979-8-3315-1672-7 10.1109/BuildSEC64048.2024.00016 1 JohannesLohmöller RomanMatzutt JoschaLoos EduardVlad JanPennekamp KlausWehrle inproceedings 2024_lohmoeller_scematch 2024 12 17 2123-2132 Advances in single-cell RNA sequencing (scRNA-seq) have dramatically enhanced our understanding of cellular functions and disease mechanisms. Despite its potential, scRNA-seq faces significant challenges related to data privacy, cost, and Intellectual Property (IP) protection, which hinder the sharing and collaborative use of these sensitive datasets. In this paper, we introduce a novel method, scE(match), a privacy-preserving tool that facilitates the matching of single-cell clusters between different datasets by relying on scmap as an established projection tool, but without compromising data privacy or IP. scE(match) utilizes homomorphic encryption to ensure that data and unique cell clusters remain confidential while enabling the identification of overlapping cell types for further collaboration and downstream analysis. Our evaluation shows that scE(match) performantly matches cell types across datasets with high precision, addressing both practical and ethical concerns in sharing scRNA-seq data. This approach not only supports secure data collaboration but also fosters advances in biomedical research by reliably protecting sensitive information and IP rights. confidentiality; scmap; privacy-preserving computations; offloading; healthcare rfc;health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-scEmatch.pdf IEEE Proceedings of the 23rd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '24), December 17-21, 2024, Sanya, China Sanya, China TrustCom 2024 December 17-21, 2024 accepted en 979-8-3315-0620-9 2324-9013 10.1109/TrustCom63139.2024.00294 1 JohannesLohmöller JannisScheiber RafaelKramann KlausWehrle SikanderHayat JanPennekamp inproceedings 2024_dahlmanns_lua-iot 2024 11 20 Following the advent of the Internet of Things (IoT), users and their devices transmit sensitive data over the Internet. For the Web, Let’s Encrypt offers a usable foundation to safeguard such data by straightforwardly issuing certificates. However, its approach is not directly applicable to the IoT as deployments lack a (dedicated) domain or miss essentials to prove domain ownership required for Let’s Encrypt. Thus, a usable approach to secure IoT deployments by properly authenticating IoT devices is missing. To close this research gap, we propose LUA-IoT, our framework to Let’s Usably Authenticate the IoT. LUA-IoT enables autonomous certificate enrollment by orienting at the success story of Let’s Encrypt, seamlessly integrating in the setup process of modern IoT devices, and relying on process steps that users already know from other domains. In the end, LUA-IoT binds the authenticity of IoT deployments to a globally valid user identifier, e.g., an email address, that is included in certificates directly issued to the IoT deployments. We exemplarily implement LUA-IoT to show that it is realizable on commodity IoT hardware and conduct a small user study indicating that LUA-IoT indeed nudges users to safeguard their devices and data (transmissions). Lecture Notes in Computer Science (LNCS) internet-of-production Springer Proceedings of the 27th Annual International Conference on Information Security and Cryptology (ICISC '24), November 20-22, 2024, Seoul, Korea Seoul, Korea International Conference on Information Security and Cryptology November 20-22, 2024 accepted 0302-9743 1 MarkusDahlmanns JanPennekamp RobinDecker KlausWehrle article 2024_querfurth_mcbert bioRxiv 2024 11 7 health; rfc 10.1101/2024.11.04.621897 Benediktvon Querfurth JohannesLohmöller JanPennekamp ToreBleckwehl RafaelKramann KlausWehrle SikanderHayat inproceedings 2024-fink-cired 2024 11 7 Resilient communication is essential for reliably exchanging parameters and measurements in distribution systems. Thus, deploying redundant hardware for both local and wide area communication, along with protocols that leverage these redundancies for automatic and timely failovers, is fundamental. This paper presents a comprehensive overview of key protocols (PRP/HSR, MPLS-TP, and MPTCP) which offer robust recovery mechanisms. Additionally, it provides a specific concept and topology that effectively combine the presented protocols to ensure resilient communication from the control center to substation devices. ven2us https://digital-library.theiet.org/doi/pdf/10.1049/icp.2024.2609 Proceedings of the CIRED Chicago Workshop 2024 on Resilience of Electric Distribution Systems, November 7-8, 2024, Chicago, USA Chicago CIRED Chicago Workshop 2024 on Resilience of Electric Distribution Systems November 7-8, 2024 10.1049/icp.2024.2609 1 Ina BereniceFink MarkusDahlmanns GerritErichsen KlausWehrle inproceedings 2024-buildsys-breyer-waterreview 2024 11 6 318-322 www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-breyer-waterreview.pdf Online ACM Proceedings of the 11th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation (BuildSys 2024), Hangzhou, China en 979-8-4007-0706-3/24/11 10.1145/3671127.3698793 1 JustusBreyer MaximilianPetri Muhammad HamadAlizai KlausWehrle inproceedings 2024-buildsys-breyer-transferstudy 2024 11 6 333-336 www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-breyer-transferstudy.pdf Online ACM Proceedings of the 11th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation (BuildSys 2024), Hangzhou, China en 979-8-4007-0706-3/24/11 10.1145/3671127.3699532 1 JustusBreyer SparshJauhari RenéGlebke Muhammad HamadAlizai MarkusStroot KlausWehrle inproceedings 2024_lohmoeller_consent 2024 10 17 4 7-12 health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-consent-aware-discovery.pdf Online Fraunhofer ISI Research Papers of the Platform Privacy, 2024, October 17-18, Berlin, Germany Berlin Plattform Privatheit October 17-18, 2024 en 2942-8874 10.24406/publica-3685 1 JohannesLohmöller JanPennekamp KlausWehrle inproceedings 2024-wolsing-deployment 2024 9 With the escalating threats posed by cyberattacks on Industrial Control Systems (ICSs), the development of customized Industrial Intrusion Detection Systems (IIDSs) received significant attention in research. While existing literature proposes effective IIDS solutions evaluated in controlled environments, their deployment in real-world industrial settings poses several challenges. This paper highlights two critical yet often overlooked aspects that significantly impact their practical deployment, i.e., the need for sufficient amounts of data to train the IIDS models and the challenges associated with finding suitable hyperparameters, especially for IIDSs training only on genuine ICS data. Through empirical experiments conducted on multiple state-of-the-art IIDSs and diverse datasets, we establish the criticality of these issues in deploying IIDSs. Our findings show the necessity of extensive malicious training data for supervised IIDSs, which can be impractical considering the complexity of recording and labeling attacks in actual industrial environments. Furthermore, while other IIDSs circumvent the previous issue by requiring only benign training data, these can suffer from the difficulty of setting appropriate hyperparameters, which likewise can diminish their performance. By shedding light on these challenges, we aim to enhance the understanding of the limitations and considerations necessary for deploying effective cybersecurity solutions in ICSs, which might be one reason why IIDSs see few deployments. Industrial Intrusion Detection Systems, Cyber-Physical Systems, Industrial Control Systems, Deployment https://arxiv.org/pdf/2403.01809 Springer Proceedings of the 10th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS '24), co-located with the the 29th European Symposium on Research in Computer Security (ESORICS '24) Bydgoszcz, Poland 10th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS 2024) September 16-20, 2024 accepted English 1 KonradWolsing EricWagner FrederikBasels PatrickWagner KlausWehrle inproceedings 2024-saillard-exploring 2024 9 Marine radar systems are a core technical instrument for collision avoidance in shipping and an indispensable decision-making aid for navigators on the ship’s bridge in limited visibility conditions at sea, in straits, and harbors. While electromagnetic attacks against radars can be carried out externally, primarily by military actors, research has recently shown that marine radar is also vulnerable to attacks from cyberspace. These can be carried out internally, less “loudly”, and with significantly less effort and know-how, thus posing a general threat to the shipping industry, the global maritime transport system, and world trade. Based on cyberattacks discussed in the scientific community and a simulation environment for marine radar systems, we investigate in this work to which extent existing Intrusion Detection System (IDS) solutions can secure vessels’ radar systems, how effective their detection capability is, and where their limits lie. From this, we derive a research gap for radar-specific methods and present the first two approaches in that direction. Thus, we pave the way for necessary future developments of anomaly detection specific for marine navigation radars. Marine Radar Systems, Maritime Cyber Security, Intrusion Detection Systems, Anomaly Detection, Navico BR24 Springer Proceedings of the 10th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS '24), co-located with the the 29th European Symposium on Research in Computer Security (ESORICS '24) Bydgoszcz, Poland 10th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS 2024) September 16-20, 2024 accepted English 1 AntoineSaillard KonradWolsing KlausWehrle JanBauer inproceedings 2024-wagner-madtls 2024 7 1 https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf ACM 19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur Singapur ACM ASIA Conference on Computer and Communications Security (AsiaCCS) July 1-5, 2024 10.1145/3634737.3637640 1 EricWagner DavidHeye MartinSerror IkeKunze KlausWehrle MartinHenze inproceedings 2024-dahlmanns-cired 2024 6 19 The increasing demands on the power grid require intelligent and flexible solutions that ensure the grid's stability. Many of these measures involve sophisticated communication between the control center and the stations that is not efficiently realizable using traditional protocols, e.g., IEC 60870-5-104. To this end, IEC 61850 introduces data models which allow flexible communication. Still, the specification leaves open how DSOs should interconnect their stations to realize resilient communication between the control center and station devices. However, DSOs require such communication to adapt modern solutions increasing the grid's capacity, e.g., adaptive protection systems. In this paper, we present our envisioned network and communication concept for future DSO's ICT infrastructures that enables the control center to resiliently and flexibly communicate with station devices. For resilience, we suggest interconnecting each station with two distinct communication paths to the control center, use MPLS-TP and MPTCP for fast failovers when a single link fails, and mTLS to protect the communication possibilities against misuse. Additionally, in accordance with IEC 61850, we envision the control center to communicate with the station devices using MMS by using the station RTU as a proxy. ven2us Proceedings of the CIRED workshop on Increasing Distribution Network Hosting Capacity 2024, June 19-20, 2024, Vienna, Austria Vienna CIRED workshop on Increasing Distribution Network Hosting Capacity 2024 June 19-20, 2024 10.1049/icp.2024.2096 1 MarkusDahlmanns Ina BereniceFink GerritErichsen GuosongLin ThomasHammer BurkhardBorkenhagen SebastianSchneider ChristofMaahsen KlausWehrle inproceedings 2024_dahlmanns_ipv6-deployments 2024 5 10 Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data. Internet of Things, security, Internet measurements, IPv6, address generators internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-ipv6.pdf IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 10.1109/NOMS59830.2024.10574963 1 MarkusDahlmanns FelixHeidenreich JohannesLohmöller JanPennekamp KlausWehrle MartinHenze inproceedings 2024-dahlmanns-doctoralsym 2024 5 10 Advances like Industry 4.0 lead to a rising number of Internet-connected industrial deployments and thus an Industrial Internet of Things with growing attack vectors. To uphold a secure and safe operation of these deployments, industrial protocols nowadays include security features, e.g., end-to-end secure communication. However, so far, it is unclear how well these features are used in practice and which obstacles might prevent operators from securely running their deployments. In this research description paper, we summarize our recent research activities to close this gap. Specifically, we show that even secure-by-design protocols are by far no guarantee for secure deployments. Instead, many deployments still open the doors for eavesdropping attacks or malicious takeovers. Additionally, we give an outlook on how to overcome identified obstacles allowing operators to configure their deployments more securely. https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-disssymposium.pdf IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 10.1109/NOMS59830.2024.10575096 1 MarkusDahlmanns KlausWehrle inproceedings 2024-kunze-spintrap 2024 5 7 legato https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-spintrap.pdf IEEE/IFIP Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24) 2024 IEEE/IFIP Network Operations and Management Symposium 10.1109/NOMS59830.2024.10575719 1 IkeKunze ConstantinSander LarsTissen BenediktBode KlausWehrle article 2024_lohmoeller_sovereignty-survey Data & Knowledge Engineering 2024 5 1 151 Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts. Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases internet-of-production; coat-ers; vesitrust; health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf Elsevier 0169-023X 10.1016/j.datak.2024.102301 1 JohannesLohmöller JanPennekamp RomanMatzutt Carolin VictoriaSchneider EduardVlad ChristianTrautwein KlausWehrle inproceedings 2024-kunze-civic 2024 5 internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-civic.pdf IEEE Proceedings of the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '24) 10.1109/ICPS59941.2024.10639999 1 IkeKunze DominikScheurenberg LiamTirpitz SandraGeisler KlausWehrle incollection 2024_pennekamp_blockchain-industry 2024 3 7 105 531-564 Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations. internet-of-production Springer Advances in Information Security 17 Blockchains – A Handbook on Fundamentals, Platforms and Applications 978-3-031-32145-0 10.1007/978-3-031-32146-7_17 1 JanPennekamp LennartBader EricWagner JensHiller RomanMatzutt KlausWehrle incollection 2024_matzutt_blockchain-content 2024 3 7 105 301-336 Augmenting public blockchains with arbitrary, nonfinancial content fuels novel applications that facilitate the interactions between mutually distrusting parties. However, new risks emerge at the same time when illegal content is added. This chapter thus provides a holistic overview of the risks of content insertion as well as proposed countermeasures. We first establish a simple framework for how content is added to the blockchain and subsequently distributed across the blockchain’s underlying peer-to-peer network. We then discuss technical as well as legal implications of this form of content distribution and give a systematic overview of basic methods and high-level services for inserting arbitrary blockchain content. Afterward, we assess to which extent these methods and services have been used in the past on the blockchains of Bitcoin Core, Bitcoin Cash, and Bitcoin SV, respectively. Based on this assessment of the current state of (unwanted) blockchain content, we discuss (a) countermeasures to mitigate its insertion, (b) how pruning blockchains relates to this issue, and (c) how strategically weakening the otherwise desired immutability of a blockchain allows for redacting objectionable content. We conclude this chapter by identifying future research directions in the domain of blockchain content insertion. Blockchain content insertion; Illicit content; Pruning; Redaction Springer Advances in Information Security 10 Blockchains – A Handbook on Fundamentals, Platforms and Applications 978-3-031-32145-0 10.1007/978-3-031-32146-7_10 1 RomanMatzutt MartinHenze DirkMüllmann KlausWehrle inproceedings 2024-wagner-acns-aggregate 2024 3 5 https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-mac-aggregation.pdf 22nd International Conference on Applied Cryptography and Network Security (ACNS '24), Abu Dhabi, UAE Abu Dhabi, UAE International Conference on Applied Cryptography and Network Security (ACNS) March 5-9, 2024 accepted 10.1007/978-3-031-54773-7_10 1 EricWagner MartinSerror KlausWehrle MartinHenze poster 2024-dahlmanns-sul 2024 3 5 19 ven2us https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-slt.pdf VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik, March 05-06, 2024, Leipzig, Germany Leipzig, Germany VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik March 05-06, 2024 1 MarkusDahlmanns AndreasWark Carl-HeinzGenzel KlausWehrle poster 2024-fink-sul 2024 3 5 19 ven2us VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik, March 05-06, 2024, Leipzig, Germany Leipzig, Germany VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik March 05-06, 2024 1 Ina BereniceFink MarkusDahlmanns KlausWehrle article 2024_pennekamp_supply-chain-survey ACM Computing Surveys 2024 2 1 56 2 Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points. information flows; data communication; supply chain management; data security; data sharing; systematic literature review internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf ACM 0360-0300 10.1145/3606693 1 JanPennekamp RomanMatzutt ChristopherKlinkmüller LennartBader MartinSerror EricWagner SidraMalik MariaSpiß JessicaRahn TanGürpinar EduardVlad Sander J. J.Leemans Salil S.Kanhere VolkerStich KlausWehrle article 2024_pennekamp_supply-chain-sensing IEEE Access 2024 1 8 12 9350-9368 Supply chains increasingly develop toward complex networks, both technically in terms of devices and connectivity, and also anthropogenic with a growing number of actors. The lack of mutual trust in such networks results in challenges that are exacerbated by stringent requirements for shipping conditions or quality, and where actors may attempt to reduce costs or cover up incidents. In this paper, we develop and comprehensively study four scenarios that eventually lead to end-to-end-secured sensing in complex IoT-based supply chains with many mutually distrusting actors, while highlighting relevant pitfalls and challenges—details that are still missing in related work. Our designs ensure that sensed data is securely transmitted and stored, and can be verified by all parties. To prove practical feasibility, we evaluate the most elaborate design with regard to performance, cost, deployment, and also trust implications on the basis of prevalent (mis)use cases. Our work enables a notion of secure end-to-end sensing with minimal trust across the system stack, even for complex and opaque supply chain networks. blockchain technology; reliability; security; trust management; trusted computing; trusted execution environments internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-secure-sensing.pdf 2169-3536 10.1109/ACCESS.2024.3350778 1 JanPennekamp FritzAlder LennartBader GianlucaScopelliti KlausWehrle Jan TobiasMühlberg inproceedings 2024-dahlmanns-fps 2024 14551 Security configurations remain challenging for trained administrators. Nowadays, due to the advent of the Internet of Things (IoT), untrained users operate numerous and heterogeneous Internet-facing services in manifold use case-specific scenarios. In this work, we close the growing gap between the complexity of IoT security configuration and the expertise of the affected users. To this end, we propose ColPSA, a platform for collective and privacy-aware security advice that allows users to optimize their configuration by exchanging information about what security can be realized given their IoT deployment and scenario. Mohamed Mosbah, Florence Sèdes, Nadia Tawbi, Toufik Ahmed, Nora Boulahia-Cuppens, Joaquin Garcia-Alfaro Springer Cham Lecture Notes in Computer Science Proceedings of the 16th International Symposium on Foundations and Practice of Security (FPS '23), December 11-13, 2023, Bordeaux, France Bordeaux, France International Symposium on Foundations and Practice of Security 2023 (FPS 23) December 11-13, 2023 10.1007/978-3-031-57540-2_2 1 MarkusDahlmanns RomanMatzutt ChrisDax KlausWehrle