This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2024-09-09
Creation time: 06-34-01
--- Number of references
6
inproceedings
2019_pennekamp_securityConsiderations
Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs
2019
12
4
The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.
secure industrial collaboration; interconnected cyber-physical systems; stakeholders; Internet of Production
internet-of-production; iotrust
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-security-considerations.pdf
IEEE
Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT '19), December 4–7, 2019, Dubai, United Arab Emirates
Dubai, United Arab Emirates
December 4–7, 2019
978-1-7281-4873-1
10.1109/GCIoT47977.2019.9058413
1
JanPennekamp
MarkusDahlmanns
LarsGleim
StefanDecker
KlausWehrle
inproceedings
2019_delacadena_countermeasure
POSTER: Traffic Splitting to Counter Website Fingerprinting
2019
11
12
2533-2535
Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95% to less than 35% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf
ACM
Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom
London, United Kingdom
November 11-15, 2019
978-1-4503-6747-9/19/11
10.1145/3319535.3363249
1
WladimirDe la Cadena
AsyaMitseva
JanPennekamp
JensHiller
FabianLanze
ThomasEngel
KlausWehrle
AndriyPanchenko
inproceedings
2019-hiller-icnp-tailoringOR
Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments
2019
10
10
An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888033
1
JensHiller
JanPennekamp
MarkusDahlmanns
MartinHenze
AndriyPanchenko
KlausWehrle
inproceedings
2019-dahlmanns-icnp-knowledgeSystem
Privacy-Preserving Remote Knowledge System
2019
10
7
More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.
Poster Session
private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer
kimusin; internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888121
1
MarkusDahlmanns
ChrisDax
RomanMatzutt
JanPennekamp
JensHiller
KlausWehrle
inproceedings
2019_pennekamp_multipath
Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing
2019
10
7
Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.
Poster Session
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888029
1
JanPennekamp
JensHiller
SebastianReuter
WladimirDe la Cadena
AsyaMitseva
MartinHenze
ThomasEngel
KlausWehrle
AndriyPanchenko
inproceedings
2019-hiller-aeit-regaining
Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids
2019
9
Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.
ECSEL; European Union (EU); Horizon 2020; CONNECT Innovative smart components, modules and appliances for a truly connected, efficient and secure smart grid; Grant Agreement No 737434
connect
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-aeit-regaining.pdf
IEEE
Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy
Firenze, Italy
AEIT International Annual Conference
September 18-20, 2019
978-8-8872-3745-0
10.23919/AEIT.2019.8893406
1
JensHiller
KarstenKomanns
MarkusDahlmanns
KlausWehrle