This file was created by the TYPO3 extension
bib
--- Timezone: UTC
Creation date: 2025-02-17
Creation time: 21-58-37
--- Number of references
7
inproceedings
2020_pennekamp_parameter_exchange
Privacy-Preserving Production Process Parameter Exchange
2020
12
10
510-525
Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging valuable production data entails the risk of improper use of potentially sensitive information. Therefore, companies hesitate to offer their production data, e.g., process parameters that would allow other companies to establish new production lines faster, against a quid pro quo. Nevertheless, the expected benefits of industrial collaboration, data exchanges, and the utilization of external knowledge are significant.
In this paper, we introduce our Bloom filter-based Parameter Exchange (BPE), which enables companies to exchange process parameters privacy-preservingly. We demonstrate the applicability of our platform based on two distinct real-world use cases: injection molding and machine tools. We show that BPE is both scalable and deployable for different needs to foster industrial collaborations. Thereby, we reward data-providing companies with payments while preserving their valuable data and reducing the risks of data leakage.
secure industrial collaboration; Bloom filter; oblivious transfer; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-parameter-exchange.pdf
ACM
Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA
Austin, TX, USA
December 7-11, 2020
978-1-4503-8858-0/20/12
10.1145/3427228.3427248
1
JanPennekamp
ErikBuchholz
YannikLockner
MarkusDahlmanns
TiandongXi
MarcelFey
ChristianBrecher
ChristianHopmann
KlausWehrle
inproceedings
2020_delacadena_trafficsliver
TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting
2020
11
12
1971-1985
Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only.
To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network.
Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf
https://github.com/TrafficSliver
ACM
Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA
Virtual Event, USA
November 9-13, 2020
978-1-4503-7089-9/20/11
10.1145/3372297.3423351
1
WladimirDe la Cadena
AsyaMitseva
JensHiller
JanPennekamp
SebastianReuter
JulianFilter
KlausWehrle
ThomasEngel
AndriyPanchenko
inproceedings
2020_gleim_factdag_provenance
Expressing FactDAG Provenance with PROV-O
2020
11
1
2821
53-58
To foster data sharing and reuse across organizational boundaries, provenance tracking is of vital importance for the establishment of trust and accountability, especially in industrial applications, but often neglected due to associated overhead. The abstract FactDAG data interoperability model strives to address this challenge by simplifying the creation of provenance-linked knowledge graphs of revisioned (and thus immutable) resources. However, to date, it lacks a practical provenance implementation.
In this work, we present a concrete alignment of all roles and relations in the FactDAG model to the W3C PROV provenance standard, allowing future software implementations to directly produce standard-compliant provenance information. Maintaining compatibility with existing PROV tooling, an implementation of this mapping will pave the way for practical FactDAG implementations and deployments, improving trust and accountability for Open Data through simplified provenance management.
Provenance; Data Lineage; Open Data; Semantic Web Technologies; Ontology Alignment; PROV; RDF; Industry 4.0; Internet of Production; IIoT
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-factdag-provenance.pdf
CEUR Workshop Proceedings
Proceedings of the 6th Workshop on Managing the Evolution and Preservation of the Data Web (MEPDaW '20), co-located with the 19th International Semantic Web Conference (ISWC '20), November 1-6, 2020, Athens, Greece,
Athens, Greece
November 1-6, 2020
1613-0073
1
LarsGleim
LiamTirpitz
JanPennekamp
StefanDecker
inproceedings
2020-dahlmanns-imc-opcua
Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments
2020
10
27
101-110
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.
industrial communication; network security; security configuration
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf
ACM
Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA
Pittsburgh, PA, USA
ACM Internet Measurement Conference 2020
October 27-29, 2020
978-1-4503-8138-3/20/10
10.1145/3419394.3423666
1
MarkusDahlmanns
JohannesLohmöller
Ina BereniceFink
JanPennekamp
KlausWehrle
MartinHenze
inproceedings
2020_matzutt_coinprune
How to Securely Prune Bitcoin’s Blockchain
2020
6
24
298-306
Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices.
blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin
mynedata; impact_digital; digital_campus
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coinprune.pdf
https://coinprune.comsys.rwth-aachen.de
IEEE
Proceedings of the 19th IFIP Networking 2020 Conference (NETWORKING '20), June 22-26, 2020, Paris, France
Paris, France
NETWORKING 2020
June 22-26, 2020
978-3-903176-28-7
1
RomanMatzutt
BenediktKalde
JanPennekamp
ArthurDrichel
MartinHenze
KlausWehrle
article
2020_gleim_factDAG
FactDAG: Formalizing Data Interoperability in an Internet of Production
IEEE Internet of Things Journal
2020
4
14
7
4
3243-3253
In the production industry, the volume, variety and velocity of data as well as the number of deployed protocols increase exponentially due to the influences of IoT advances. While hundreds of isolated solutions exist to utilize this data, e.g., optimizing processes or monitoring machine conditions, the lack of a unified data handling and exchange mechanism hinders the implementation of approaches to improve the quality of decisions and processes in such an interconnected environment.
The vision of an Internet of Production promises the establishment of a Worldwide Lab, where data from every process in the network can be utilized, even interorganizational and across domains. While numerous existing approaches consider interoperability from an interface and communication system perspective, fundamental questions of data and information interoperability remain insufficiently addressed.
In this paper, we identify ten key issues, derived from three distinctive real-world use cases, that hinder large-scale data interoperability for industrial processes. Based on these issues we derive a set of five key requirements for future (IoT) data layers, building upon the FAIR data principles. We propose to address them by creating FactDAG, a conceptual data layer model for maintaining a provenance-based, directed acyclic graph of facts, inspired by successful distributed version-control and collaboration systems. Eventually, such a standardization should greatly shape the future of interoperability in an interconnected production industry.
Data Management; Data Versioning; Interoperability; Industrial Internet of Things; Worldwide Lab
internet-of-production
https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-iotj-iop-interoperability.pdf
IEEE
2327-4662
10.1109/JIOT.2020.2966402
1
LarsGleim
JanPennekamp
MartinLiebenberg
MelanieBuchsbaum
PhilippNiemietz
SimonKnape
AlexanderEpple
SimonStorms
DanielTrauth
ThomasBergs
ChristianBrecher
StefanDecker
GerhardLakemeyer
KlausWehrle
inproceedings
2020_roepert_opcua
Assessing the Security of OPC UA Deployments
2020
4
2
To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.
internet-of-production, rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf
en
University of Tübingen
Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany
Tübingen, Germany
April 2-3, 2020
10.15496/publikation-41813
1
LinusRoepert
MarkusDahlmanns
Ina BereniceFink
JanPennekamp
MartinHenze