% % This file was created by the TYPO3 extension % bib % --- Timezone: UTC % Creation date: 2024-12-03 % Creation time: 14-15-45 % --- Number of references % 12 % @Inproceedings { 2021_pennekamp_laser, title = {Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use}, year = {2021}, month = {12}, day = {21}, abstract = {Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf}, publisher = {ACSA}, booktitle = {Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_name = {Learning from Authoritative Security Experiment Results (LASER '20)}, event_date = {December 8, 2020}, ISBN = {978-1-891562-81-5}, DOI = {10.14722/laser-acsac.2020.23088}, reviewed = {1}, author = {Pennekamp, Jan and Buchholz, Erik and Dahlmanns, Markus and Kunze, Ike and Braun, Stefan and Wagner, Eric and Brockmann, Matthias and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2021-hemminghaus-sigmar, title = {SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures}, year = {2021}, month = {11}, day = {25}, abstract = {Distributed maritime bridge systems are customary standard equipment on today’s commercial shipping and cruising vessels. The exchange of nautical data, e.g., geographical positions, is usually implemented using multicast network communication without security measures, which poses serious risks to the authenticity and integrity of transmitted data. In this paper, we introduce digital SIGnatures for MARitime systems (SIGMAR), a low-cost solution to seamlessly retrofit authentication of nautical data based on asymmetric cryptography. Extending the existing IEC 61162-450 protocol makes it is possible to build a backward-compatible authentication mechanism that prevents common cyber attacks. The development was successfully accompanied by permanent investigations in a bridge simulation environment, including a maritime cyber attack generator. We demonstrate SIGMAR’s feasibility by introducing a proof-of-concept implementation on low-cost and low-resource hardware and present a performance analysis of our approach.}, keywords = {Maritime Cyber Security;Authentication;Integrity;IEC 61162-450;NMEA 0183}, publisher = {IEEE}, booktitle = {In Proceedings of the International Symposium on Networks, Computers and Communications (ISNCC)}, event_place = {Dubai, United Arab Emirates}, event_name = {International Symposium on Networks, Computers and Communications}, event_date = {31 Oct.-2 Nov. 2021}, DOI = {10.1109/ISNCC52172.2021.9615738}, reviewed = {1}, author = {Hemminghaus, Christian and Bauer, Jan and Wolsing, Konrad} } @Inproceedings { 2021_mitseva_sequences, title = {POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages}, year = {2021}, month = {11}, day = {17}, pages = {2411-2413}, abstract = {Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20\% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface.}, keywords = {Traffic Analysis; Website Fingerprinting; Web Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, event_place = {Seoul, Korea}, event_date = {November 15-19, 2021}, ISBN = {978-1-4503-8454-4/21/11}, DOI = {10.1145/3460120.3485347}, reviewed = {1}, author = {Mitseva, Asya and Pennekamp, Jan and Lohm{\"o}ller, Johannes and Ziemann, Torsten and Hoerchner, Carl and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2021_pennekamp_bootstrapping, title = {Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships}, year = {2021}, month = {11}, day = {15}, number = {RWTH-2021-09499}, abstract = {In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment.}, keywords = {bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf}, publisher = {RWTH Aachen University}, booktitle = {Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea}, institution = {RWTH Aachen University}, event_place = {Seoul, Korea}, event_date = {November 14, 2021}, DOI = {10.18154/RWTH-2021-09499}, author = {Pennekamp, Jan and Fuhrmann, Frederik and Dahlmanns, Markus and Heutmann, Timo and Kreppein, Alexander and Grunert, Dennis and Lange, Christoph and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2021_reuter_demo, title = {Demo: Traffic Splitting for Tor — A Defense against Fingerprinting Attacks}, year = {2021}, month = {9}, day = {14}, abstract = {Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis.}, note = {Electronic Communications of the EASST, Volume 080}, keywords = {Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf}, publisher = {TU Berlin}, booktitle = {Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, L{\"u}beck, Germany}, event_place = {L{\"u}beck, Germany}, event_date = {September 13-16, 2021}, ISSN = {1863-2122}, DOI = {10.14279/tuj.eceasst.80.1151}, reviewed = {1}, author = {Reuter, Sebastian and Hiller, Jens and Pennekamp, Jan and Panchenko, Andriy and Wehrle, Klaus} } @Article { 2021_pennekamp_accountable_manufacturing, title = {The Road to Accountable and Dependable Manufacturing}, journal = {Automation}, year = {2021}, month = {9}, day = {13}, volume = {2}, number = {3}, pages = {202-219}, abstract = {The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust.}, keywords = {blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf}, publisher = {MDPI}, ISSN = {2673-4052}, DOI = {10.3390/automation2030013}, reviewed = {1}, author = {Pennekamp, Jan and Matzutt, Roman and Kanhere, Salil S. and Hiller, Jens and Wehrle, Klaus} } @Article { 2021_matzutt_coinprune_v2, title = {CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively}, journal = {IEEE Transactions on Network and Service Management}, year = {2021}, month = {9}, day = {10}, volume = {18}, number = {3}, pages = {3064-3078}, abstract = {Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf}, language = {English}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2021.3073270}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Article { 2021_pennekamp_ercim, title = {Unlocking Secure Industrial Collaborations through Privacy-Preserving Computation}, journal = {ERCIM News}, year = {2021}, month = {7}, day = {9}, volume = {126}, pages = {24-25}, abstract = {In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-ercim-news.pdf}, web_url = {https://ercim-news.ercim.eu/en126/special/unlocking-secure-industrial-collaborations-through-privacy-preserving-computation}, publisher = {ERCIM EEIG}, ISSN = {0926-4981}, author = {Pennekamp, Jan and Henze, Martin and Wehrle, Klaus} } @Article { 2021_buckhorst_lmas, title = {Holarchy for Line-less Mobile Assembly Systems Operation in the Context of the Internet of Production}, journal = {Procedia CIRP}, year = {2021}, month = {5}, day = {3}, volume = {99}, pages = {448-453}, abstract = {Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike.}, note = {Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy}, keywords = {Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf}, publisher = {Elsevier}, event_place = {Gulf of Naples, Italy}, event_date = {July 14-17, 2020}, ISSN = {2212-8271}, DOI = {10.1016/j.procir.2021.03.064}, reviewed = {1}, author = {Buckhorst, Armin F. and Montavon, Benjamin and Wolfschl{\"a}ger, Dominik and Buchsbaum, Melanie and Shahidi, Amir and Petruck, Henning and Kunze, Ike and Pennekamp, Jan and Brecher, Christian and H{\"u}sing, Mathias and Corves, Burkhard and Nitsch, Verena and Wehrle, Klaus and Schmitt, Robert H.} } @Article { 2021_bader_privaccichain, title = {Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability}, journal = {Information Processing \& Management}, year = {2021}, month = {5}, day = {1}, volume = {58}, number = {3}, abstract = {The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships.}, keywords = {multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf}, publisher = {Elsevier}, ISSN = {0306-4573}, DOI = {10.1016/j.ipm.2021.102529}, reviewed = {1}, author = {Bader, Lennart and Pennekamp, Jan and Matzutt, Roman and Hedderich, David and Kowalski, Markus and Lücken, Volker and Wehrle, Klaus} } @Inproceedings { 2021_dahlmanns_entrust, title = {Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems}, year = {2021}, month = {4}, day = {28}, pages = {78–87}, abstract = {The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems.}, keywords = {cyber-physical system security; publish-subscribe security; end-to-end security}, tags = {internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA}, event_place = {Virtual Event, USA}, event_name = {ACM Workshop on Secure and Trustworthy Cyber-Physical Systems}, event_date = {April 28, 2021}, ISBN = {978-1-4503-8319-6/21/04}, DOI = {10.1145/3445969.3450423}, reviewed = {1}, author = {Dahlmanns, Markus and Pennekamp, Jan and Fink, Ina Berenice and Schoolmann, Bernd and Wehrle, Klaus and Henze, Martin} } @Article { 2021-wehrle-energy, title = {A Novel Receiver Design for Energy Packet‐Based Dispatching}, journal = {Energy Technology}, year = {2021}, volume = {9}, number = {2}, DOI = {10.1002/ente.202000937}, reviewed = {1}, author = {Wiegel, Friedirch and De Din, Edoardo and Monti, Antonello and Wehrle, Klaus and Hiller, Marc and Zitterbart, Martina and Hagenmeyer, Veit} }