% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-28 % Creation time: 07-45-45 % --- Number of references % 6 % @Inproceedings { 2023_lohmoeller_transparency, title = {Poster: Bridging Trust Gaps: Data Usage Transparency in Federated Data Ecosystems}, year = {2023}, month = {11}, day = {27}, keywords = {data usage control; data ecosystems; transparency logs}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lohmoeller-transparency.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23), November 26-30, 2023, Copenhagen, Denmark}, event_place = {Copenhagen, Denmark}, event_date = {November 26-30, 2023}, ISBN = {979-8-4007-0050-7/23/11}, DOI = {10.1145/3576915.3624371}, reviewed = {1}, author = {Lohm{\"o}ller, Johannes and Vlad, Eduard and Dahlmanns, Markus and Wehrle, Klaus} } @Article { 2023_pennekamp_purchase_inquiries, title = {Offering Two-Way Privacy for Evolved Purchase Inquiries}, journal = {ACM Transactions on Internet Technology}, year = {2023}, month = {11}, day = {17}, volume = {23}, number = {4}, abstract = {Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness. Related work overlooks this issue so far: Existing approaches only protect the information of a single party only, hindering dynamic and on-demand business relationships. To account for the corresponding research gap of inadequately privacy-protected information and to deal with companies without an established trust relation, we pursue the direction of innovative privacy-preserving purchase inquiries that seamlessly integrate into today's established supplier management and procurement processes. Utilizing well-established building blocks from private computing, such as private set intersection and homomorphic encryption, we propose two designs with slightly different privacy and performance implications to securely realize purchase inquiries over the Internet. In particular, we allow buyers to consider more potential sellers without sharing sensitive information and relieve sellers of the burden of repeatedly preparing elaborate yet discarded offers. We demonstrate our approaches' scalability using two real-world use cases from the domain of production technology. Overall, we present deployable designs that offer two-way privacy for purchase inquiries and, in turn, fill a gap that currently hinders establishing dynamic and flexible business relationships. In the future, we expect significantly increasing research activity in this overlooked area to address the needs of an evolving production landscape.}, keywords = {bootstrapping procurement; secure industrial collaboration; private set intersection; homomorphic encryption; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-purchase-inquiries.pdf}, publisher = {ACM}, ISSN = {1533-5399}, DOI = {10.1145/3599968}, reviewed = {1}, author = {Pennekamp, Jan and Dahlmanns, Markus and Fuhrmann, Frederik and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2023-dahlmanns-docker, title = {Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact}, year = {2023}, month = {7}, day = {10}, pages = {797-811}, abstract = {Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5\% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.}, keywords = {network security; security configuration; secret leakage; container}, tags = {ven2us, internet-of-production,}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia}, event_place = {Melbourne, VIC, Australia}, event_name = {ASIA CCS '23}, event_date = {July 10-14, 2023}, ISBN = {979-8-4007-0098-9/23/07}, DOI = {10.1145/3579856.3590329}, reviewed = {1}, author = {Dahlmanns, Markus and Sander, Constantin and Decker, Robin and Wehrle, Klaus} } @Article { Jakobs_2023_3, title = {Preserving the Royalty-Free Standards Ecosystem}, journal = {European Intellectual Property Review}, year = {2023}, month = {7}, volume = {45}, number = {7}, pages = {371-375}, abstract = {It has long been recognized in Europe and elsewhere that standards-development organizations (SDOs) may adopt policies that require their participants to license patents essential to the SDO’s standards (standards-essential patents or SEPs) to manufacturers of standardized products (“implementers”) on a royalty-free (RF) basis. This requirement contrasts with SDO policies that permit SEP holders to charge implementers monetary patent royalties, sometimes on terms that are specified as “fair, reasonable and nondiscriminatory” (FRAND). As demonstrated by two decades of intensive litigation around the world, FRAND royalties have given rise to intractable disputes regarding the manner in which such royalties should be calculated and adjudicated. In contrast, standards distributed on an RF basis are comparatively free from litigation and the attendant transaction costs. Accordingly, numerous SDOs around the world have adopted RF licensing policies and many widely adopted standards, including Bluetooth, USB, IPv6, HTTP, HTML and XML, are distributed on an RF basis. This note briefly discusses the commercial considerations surrounding RF standards, the relationship between RF standards and open source software (OSS) and the SDO policy mechanisms – including “universal reciprocity” -- that enable RF licensing to succeed in the marketplace.}, ISSN = {0142-0461}, DOI = {10.2139/ssrn.4235647}, reviewed = {1}, author = {Contreras, Jorge and Bekkers, Rudi and Biddle, Brad and Bonadio, Enrico and Carrier, Michael A. and Chao, Bernard and Duan, Charles and Gilbert, Richard and Henkel, Joachim and Hovenkamp, Erik and Husovec, Martin and Jakobs, Kai and Kim, Dong-hyu and Lemley, Mark A. and Love, Brian J. and McDonagh, Luke and Scott Morton, Fiona M. and Schultz, Jason and Simcoe, Timothy and Urban, Jennifer M. and Xiang, Joy Y} } @Incollection { 2023_pennekamp_crd-a.i, title = {Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead}, year = {2023}, month = {2}, day = {8}, pages = {35-60}, abstract = {The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.}, keywords = {Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_2}, reviewed = {1}, author = {Pennekamp, Jan and Belova, Anastasiia and Bergs, Thomas and Bodenbenner, Matthias and B{\"u}hrig-Polaczek, Andreas and Dahlmanns, Markus and Kunze, Ike and Kr{\"o}ger, Moritz and Geisler, Sandra and Henze, Martin and L{\"u}tticke, Daniel and Montavon, Benjamin and Niemietz, Philipp and Ortjohann, Lucia and Rudack, Maximilian and Schmitt, Robert H. and Vroomen, Uwe and Wehrle, Klaus and Zeng, Michael} } @Inproceedings { 2023-lorz-cired, title = {Interconnected grid protection systems - reference grid for testing an adaptive protection scheme}, year = {2023}, pages = {3286-3290}, tags = {ven2us}, booktitle = {27th International Conference on Electricity Distribution (CIRED 2023), Rome, Italy, June 12-15, 2023}, event_place = {Rome, Italy}, event_name = {International Conference \& Exhibition on Electricity Distribution (CIRED)}, event_date = {June 12-15, 2023}, DOI = {10.1049/icp.2023.0864}, reviewed = {1}, author = {Lorz, Tobias and Jaeger, Johann and Selimaj, Antigona and Hacker, Immanuel and Ulbig, Andreas and Heckel, Jan-Peter and Becker, Christian and Dahlmanns, Markus and Fink, Ina Berenice and Wehrle, Klaus and Erichsen, Gerrit and Schindler, Michael and Luxenburger, Rainer and Lin, Guosong} }