% 
% This file was created by the TYPO3 extension
% bib
% --- Timezone: CEST
% Creation date: 2024-05-10
% Creation time: 13-11-09
% --- Number of references
% 3
% 

@Inproceedings { 2024_dahlmanns_ipv6-deployments,
   title = {Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet},
   year = {2024},
   month = {5},
   day = {10},
   abstract = {Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39\% of deployments have access control in place and only 6.2\% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.},
   keywords = {Internet of Things, security, Internet measurements, IPv6, address generators},
   tags = {internet-of-production},
   publisher = {IEEE},
   booktitle = {Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea},
   event_place = {Seoul, Korea},
   event_name = {2024 IEEE Network Operations and Management Symposium},
   event_date = {May 6-10, 2024},
   state = {accepted},
   reviewed = {1},
   author = {Dahlmanns, Markus and Heidenreich, Felix and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin}
}

@Article { 2024_lohmoeller_sovereignty-survey,
   title = {The Unresolved Need for Dependable Guarantees on Security, Sovereignty, and Trust in Data Ecosystems},
   journal = {Data \& Knowledge Engineering},
   year = {2024},
   month = {5},
   day = {1},
   volume = {151},
   abstract = {Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts.},
   keywords = {Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases},
   tags = {internet-of-production; coat-ers},
   url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf},
   publisher = {Elsevier},
   ISSN = {0169-023X},
   DOI = {10.1016/j.datak.2024.102301},
   reviewed = {1},
   author = {Lohm{\"o}ller, Johannes and Pennekamp, Jan and Matzutt, Roman and Schneider, Carolin Victoria and Vlad, Eduard and Trautwein, Christian and Wehrle, Klaus}
}

@Article { 2024_pennekamp_supply-chain-survey,
   title = {An Interdisciplinary Survey on Information Flows in Supply Chains},
   journal = {ACM Computing Surveys},
   year = {2024},
   month = {2},
   day = {1},
   volume = {56},
   number = {2},
   abstract = {Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points.},
   keywords = {information flows; data communication; supply chain management; data security; data sharing; systematic literature review},
   tags = {internet-of-production},
   url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf},
   publisher = {ACM},
   ISSN = {0360-0300},
   DOI = {10.1145/3606693},
   reviewed = {1},
   author = {Pennekamp, Jan and Matzutt, Roman and Klinkm{\"u}ller, Christopher and Bader, Lennart and Serror, Martin and Wagner, Eric and Malik, Sidra and Spi{\ss}, Maria and Rahn, Jessica and G{\"u}rpinar, Tan and Vlad, Eduard and Leemans, Sander J. J. and Kanhere, Salil S. and Stich, Volker and Wehrle, Klaus}
}