This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-04-20 Creation time: 12-15-21 --- Number of references 6 inproceedings 2021_mitseva_sequences 2021 11 17 2411-2413 Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface. Traffic Analysis; Website Fingerprinting; Web Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf ACM Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea Seoul, Korea November 15-19, 2021 978-1-4503-8454-4/21/11 10.1145/3460120.3485347 1 AsyaMitseva JanPennekamp JohannesLohmöller TorstenZiemann CarlHoerchner KlausWehrle AndriyPanchenko inproceedings 2021_pennekamp_bootstrapping 2021 11 15 RWTH-2021-09499 In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment. bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf RWTH Aachen University Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea RWTH Aachen University Seoul, Korea November 14, 2021 10.18154/RWTH-2021-09499 JanPennekamp FrederikFuhrmann MarkusDahlmanns TimoHeutmann AlexanderKreppein DennisGrunert ChristophLange Robert H.Schmitt KlausWehrle inproceedings 2021-glebke-service-based-forwarding 2021 6 10 reflexes /fileadmin/papers/2021/2021-glebke-service-based-forwarding.pdf IEEE Proceedings of the 2021 IEEE International Conference on High Performance Switching and Routing: Workshop on Semantic Addressing and Routing for Future Networks (SARNET-21) 978-1-6654-4005-9 2325-5609 10.1109/HPSR52026.2021.9481814 1 RenéGlebke DirkTrossen IkeKunze DavidLou JanRüth MirkoStoffers KlausWehrle article 2021_bader_privaccichain Information Processing & Management 2021 5 1 58 3 The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships. multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf Elsevier 0306-4573 10.1016/j.ipm.2021.102529 1 LennartBader JanPennekamp RomanMatzutt DavidHedderich MarkusKowalski VolkerLücken KlausWehrle article 2021_schomakers_insights Computer Law Review International 2021 2 15 22 1 8-15 Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to "special categories" of data. This article assesses the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as "potentially sensitive." The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. The key findings here suggest the GDPR adequately protecting users' privacy but for small adjustments. Information Sensitivity, Privacy, European Data Protection Law 1610-7608 10.9785/cri-2021-220103 1 Eva-MariaSchomakers ChantalLidynia DirkMüllmann RomanMatzutt KlausWehrle IndraSpiecker gen. Döhmann MartinaZiefle inproceedings 2019_rut_schomakers_privacy 2021 1 27 857-870 Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to "special categories" of data. In this paper, we assess the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as "potentially sensitive." The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. Our key findings still suggest the GDPR adequately protecting users' privacy but for small adjustments. Information Sensitivity,Privacy,European Data Protection Law mynedata https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-schomakers-3perspectives.pdf https://dl.gi.de/handle/20.500.12116/34788 https://arxiv.org/abs/1911.06569 Gesellschaft für Informatik

Bonn

INFORMATIK 2020 Karlsruhe, Germany INFORMATIK 2020 2020-09-28 to 2020-10-01 English 10.18420/inf2020_76 1 Eva-MariaSchomakers ChantalLidynia DirkMüllmann RomanMatzutt KlausWehrle IndraSpiecker gen. Döhmann MartinaZiefle