This file was created by the TYPO3 extension bib --- Timezone: UTC Creation date: 2024-12-03 Creation time: 14-51-56 --- Number of references 12 inproceedings 2021_pennekamp_laser Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use 2021 12 21 Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf ACSA Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA Austin, TX, USA Learning from Authoritative Security Experiment Results (LASER '20) December 8, 2020 978-1-891562-81-5 10.14722/laser-acsac.2020.23088 1 JanPennekamp ErikBuchholz MarkusDahlmanns IkeKunze StefanBraun EricWagner MatthiasBrockmann KlausWehrle MartinHenze inproceedings 2021-hemminghaus-sigmar SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures 2021 11 25 Distributed maritime bridge systems are customary standard equipment on today’s commercial shipping and cruising vessels. The exchange of nautical data, e.g., geographical positions, is usually implemented using multicast network communication without security measures, which poses serious risks to the authenticity and integrity of transmitted data. In this paper, we introduce digital SIGnatures for MARitime systems (SIGMAR), a low-cost solution to seamlessly retrofit authentication of nautical data based on asymmetric cryptography. Extending the existing IEC 61162-450 protocol makes it is possible to build a backward-compatible authentication mechanism that prevents common cyber attacks. The development was successfully accompanied by permanent investigations in a bridge simulation environment, including a maritime cyber attack generator. We demonstrate SIGMAR’s feasibility by introducing a proof-of-concept implementation on low-cost and low-resource hardware and present a performance analysis of our approach. Maritime Cyber Security;Authentication;Integrity;IEC 61162-450;NMEA 0183 IEEE In Proceedings of the International Symposium on Networks, Computers and Communications (ISNCC) Dubai, United Arab Emirates International Symposium on Networks, Computers and Communications 31 Oct.-2 Nov. 2021 10.1109/ISNCC52172.2021.9615738 1 ChristianHemminghaus JanBauer KonradWolsing inproceedings 2021_mitseva_sequences POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages 2021 11 17 2411-2413 Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface. Traffic Analysis; Website Fingerprinting; Web Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf ACM Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea Seoul, Korea November 15-19, 2021 978-1-4503-8454-4/21/11 10.1145/3460120.3485347 1 AsyaMitseva JanPennekamp JohannesLohmöller TorstenZiemann CarlHoerchner KlausWehrle AndriyPanchenko inproceedings 2021_pennekamp_bootstrapping Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships 2021 11 15 RWTH-2021-09499 In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment. bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf RWTH Aachen University Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea RWTH Aachen University Seoul, Korea November 14, 2021 10.18154/RWTH-2021-09499 JanPennekamp FrederikFuhrmann MarkusDahlmanns TimoHeutmann AlexanderKreppein DennisGrunert ChristophLange Robert H.Schmitt KlausWehrle inproceedings 2021_reuter_demo Demo: Traffic Splitting for Tor — A Defense against Fingerprinting Attacks 2021 9 14 Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis. Electronic Communications of the EASST, Volume 080 Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf TU Berlin Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, Lübeck, Germany Lübeck, Germany September 13-16, 2021 1863-2122 10.14279/tuj.eceasst.80.1151 1 SebastianReuter JensHiller JanPennekamp AndriyPanchenko KlausWehrle article 2021_pennekamp_accountable_manufacturing The Road to Accountable and Dependable Manufacturing Automation 2021 9 13 2 3 202-219 The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust. blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf MDPI 2673-4052 10.3390/automation2030013 1 JanPennekamp RomanMatzutt Salil S.Kanhere JensHiller KlausWehrle article 2021_matzutt_coinprune_v2 CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively IEEE Transactions on Network and Service Management 2021 9 10 18 3 3064-3078 Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute. blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin mynedata; impact_digital; digital_campus https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf English 1932-4537 10.1109/TNSM.2021.3073270 1 RomanMatzutt BenediktKalde JanPennekamp ArthurDrichel MartinHenze KlausWehrle article 2021_pennekamp_ercim Unlocking Secure Industrial Collaborations through Privacy-Preserving Computation ERCIM News 2021 7 9 126 24-25 In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-ercim-news.pdf https://ercim-news.ercim.eu/en126/special/unlocking-secure-industrial-collaborations-through-privacy-preserving-computation ERCIM EEIG 0926-4981 JanPennekamp MartinHenze KlausWehrle article 2021_buckhorst_lmas Holarchy for Line-less Mobile Assembly Systems Operation in the Context of the Internet of Production Procedia CIRP 2021 5 3 99 448-453 Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike. Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf Elsevier Gulf of Naples, Italy July 14-17, 2020 2212-8271 10.1016/j.procir.2021.03.064 1 Armin F.Buckhorst BenjaminMontavon DominikWolfschläger MelanieBuchsbaum AmirShahidi HenningPetruck IkeKunze JanPennekamp ChristianBrecher MathiasHüsing BurkhardCorves VerenaNitsch KlausWehrle Robert H.Schmitt article 2021_bader_privaccichain Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability Information Processing & Management 2021 5 1 58 3 The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships. multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf Elsevier 0306-4573 10.1016/j.ipm.2021.102529 1 LennartBader JanPennekamp RomanMatzutt DavidHedderich MarkusKowalski VolkerLücken KlausWehrle inproceedings 2021_dahlmanns_entrust Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems 2021 4 28 78–87 The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems. cyber-physical system security; publish-subscribe security; end-to-end security internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf ACM Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA Virtual Event, USA ACM Workshop on Secure and Trustworthy Cyber-Physical Systems April 28, 2021 978-1-4503-8319-6/21/04 10.1145/3445969.3450423 1 MarkusDahlmanns JanPennekamp Ina BereniceFink BerndSchoolmann KlausWehrle MartinHenze article 2021-wehrle-energy A Novel Receiver Design for Energy Packet‐Based Dispatching Energy Technology 2021 9 2 10.1002/ente.202000937 1 FriedirchWiegel EdoardoDe Din AntonelloMonti KlausWehrle MarcHiller MartinaZitterbart VeitHagenmeyer