This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-04-28 Creation time: 06-10-24 --- Number of references 6 inproceedings 2023_lohmoeller_transparency 2023 11 27 data usage control; data ecosystems; transparency logs https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lohmoeller-transparency.pdf ACM Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23), November 26-30, 2023, Copenhagen, Denmark Copenhagen, Denmark November 26-30, 2023 979-8-4007-0050-7/23/11 10.1145/3576915.3624371 1 JohannesLohmöller EduardVlad MarkusDahlmanns KlausWehrle article 2023_pennekamp_purchase_inquiries ACM Transactions on Internet Technology 2023 11 17 23 4 Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness. Related work overlooks this issue so far: Existing approaches only protect the information of a single party only, hindering dynamic and on-demand business relationships. To account for the corresponding research gap of inadequately privacy-protected information and to deal with companies without an established trust relation, we pursue the direction of innovative privacy-preserving purchase inquiries that seamlessly integrate into today's established supplier management and procurement processes. Utilizing well-established building blocks from private computing, such as private set intersection and homomorphic encryption, we propose two designs with slightly different privacy and performance implications to securely realize purchase inquiries over the Internet. In particular, we allow buyers to consider more potential sellers without sharing sensitive information and relieve sellers of the burden of repeatedly preparing elaborate yet discarded offers. We demonstrate our approaches' scalability using two real-world use cases from the domain of production technology. Overall, we present deployable designs that offer two-way privacy for purchase inquiries and, in turn, fill a gap that currently hinders establishing dynamic and flexible business relationships. In the future, we expect significantly increasing research activity in this overlooked area to address the needs of an evolving production landscape. bootstrapping procurement; secure industrial collaboration; private set intersection; homomorphic encryption; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-purchase-inquiries.pdf ACM 1533-5399 10.1145/3599968 1 JanPennekamp MarkusDahlmanns FrederikFuhrmann TimoHeutmann AlexanderKreppein DennisGrunert ChristophLange Robert H.Schmitt KlausWehrle inproceedings 2023-dahlmanns-docker 2023 7 10 797-811 Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse. network security; security configuration; secret leakage; container ven2us, internet-of-production, https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf ACM Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia Melbourne, VIC, Australia ASIA CCS '23 July 10-14, 2023 979-8-4007-0098-9/23/07 10.1145/3579856.3590329 1 MarkusDahlmanns ConstantinSander RobinDecker KlausWehrle article Jakobs_2023_3 European Intellectual Property Review 2023 7 45 7 371-375 It has long been recognized in Europe and elsewhere that standards-development organizations (SDOs) may adopt policies that require their participants to license patents essential to the SDO’s standards (standards-essential patents or SEPs) to manufacturers of standardized products (“implementers”) on a royalty-free (RF) basis. This requirement contrasts with SDO policies that permit SEP holders to charge implementers monetary patent royalties, sometimes on terms that are specified as “fair, reasonable and nondiscriminatory” (FRAND). As demonstrated by two decades of intensive litigation around the world, FRAND royalties have given rise to intractable disputes regarding the manner in which such royalties should be calculated and adjudicated. In contrast, standards distributed on an RF basis are comparatively free from litigation and the attendant transaction costs. Accordingly, numerous SDOs around the world have adopted RF licensing policies and many widely adopted standards, including Bluetooth, USB, IPv6, HTTP, HTML and XML, are distributed on an RF basis. This note briefly discusses the commercial considerations surrounding RF standards, the relationship between RF standards and open source software (OSS) and the SDO policy mechanisms – including “universal reciprocity” -- that enable RF licensing to succeed in the marketplace. 0142-0461 10.2139/ssrn.4235647 1 JorgeContreras RudiBekkers BradBiddle EnricoBonadio Michael A.Carrier BernardChao CharlesDuan RichardGilbert JoachimHenkel ErikHovenkamp MartinHusovec KaiJakobs Dong-hyuKim Mark A.Lemley Brian J.Love LukeMcDonagh Fiona M.Scott Morton JasonSchultz TimothySimcoe Jennifer M.Urban Joy YXiang incollection 2023_pennekamp_crd-a.i 2023 2 8 35-60 The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL. Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf Springer Interdisciplinary Excellence Accelerator Series Internet of Production: Fundamentals, Applications and Proceedings 978-3-031-44496-8 10.1007/978-3-031-44497-5_2 1 JanPennekamp AnastasiiaBelova ThomasBergs MatthiasBodenbenner AndreasBührig-Polaczek MarkusDahlmanns IkeKunze MoritzKröger SandraGeisler MartinHenze DanielLütticke BenjaminMontavon PhilippNiemietz LuciaOrtjohann MaximilianRudack Robert H.Schmitt UweVroomen KlausWehrle MichaelZeng inproceedings 2023-lorz-cired 2023 3286-3290 ven2us 27th International Conference on Electricity Distribution (CIRED 2023), Rome, Italy, June 12-15, 2023 Rome, Italy International Conference & Exhibition on Electricity Distribution (CIRED) June 12-15, 2023 10.1049/icp.2023.0864 1 TobiasLorz JohannJaeger AntigonaSelimaj ImmanuelHacker AndreasUlbig Jan-PeterHeckel ChristianBecker MarkusDahlmanns Ina BereniceFink KlausWehrle GerritErichsen MichaelSchindler RainerLuxenburger GuosongLin