This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2024-09-15
Creation time: 14-49-47
--- Number of references
6
inproceedings
2021_mitseva_sequences
POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages
2021
11
17
2411-2413
Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface.
Traffic Analysis; Website Fingerprinting; Web Privacy
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf
ACM
Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea
Seoul, Korea
November 15-19, 2021
978-1-4503-8454-4/21/11
10.1145/3460120.3485347
1
AsyaMitseva
JanPennekamp
JohannesLohmöller
TorstenZiemann
CarlHoerchner
KlausWehrle
AndriyPanchenko
inproceedings
2021_pennekamp_bootstrapping
Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships
2021
11
15
RWTH-2021-09499
In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment.
bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf
RWTH Aachen University
Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea
RWTH Aachen University
Seoul, Korea
November 14, 2021
10.18154/RWTH-2021-09499
JanPennekamp
FrederikFuhrmann
MarkusDahlmanns
TimoHeutmann
AlexanderKreppein
DennisGrunert
ChristophLange
Robert H.Schmitt
KlausWehrle
inproceedings
2021-glebke-service-based-forwarding
Service-based Forwarding via Programmable Dataplanes
2021
6
10
reflexes
/fileadmin/papers/2021/2021-glebke-service-based-forwarding.pdf
IEEE
Proceedings of the 2021 IEEE International Conference on High Performance Switching and Routing: Workshop on Semantic Addressing and Routing for Future Networks (SARNET-21)
978-1-6654-4005-9
2325-5609
10.1109/HPSR52026.2021.9481814
1
RenéGlebke
DirkTrossen
IkeKunze
DavidLou
JanRüth
MirkoStoffers
KlausWehrle
article
2021_bader_privaccichain
Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability
Information Processing & Management
2021
5
1
58
3
The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships.
multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf
Elsevier
0306-4573
10.1016/j.ipm.2021.102529
1
LennartBader
JanPennekamp
RomanMatzutt
DavidHedderich
MarkusKowalski
VolkerLücken
KlausWehrle
article
2021_schomakers_insights
Insights on Data Sensitivity from the Technical, Legal and the Users' Perspectives
Computer Law Review International
2021
2
15
22
1
8-15
Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to "special categories" of data. This article assesses the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as "potentially sensitive." The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. The key findings here suggest the GDPR adequately protecting users' privacy but for small adjustments.
Information Sensitivity, Privacy, European Data Protection Law
1610-7608
10.9785/cri-2021-220103
1
Eva-MariaSchomakers
ChantalLidynia
DirkMüllmann
RomanMatzutt
KlausWehrle
IndraSpiecker gen. Döhmann
MartinaZiefle
inproceedings
2019_rut_schomakers_privacy
Putting Privacy into Perspective -- Comparing Technical, Legal, and Users' View of Information Sensitivity
2021
1
27
857-870
Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to "special categories" of data. In this paper, we assess the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as "potentially sensitive." The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. Our key findings still suggest the GDPR adequately protecting users' privacy but for small adjustments.
Information Sensitivity,Privacy,European Data Protection Law
mynedata
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-schomakers-3perspectives.pdf
https://dl.gi.de/handle/20.500.12116/34788
https://arxiv.org/abs/1911.06569
Gesellschaft für Informatik
Bonn
INFORMATIK 2020
Karlsruhe, Germany
INFORMATIK 2020
2020-09-28 to 2020-10-01
English
10.18420/inf2020_76
1
Eva-MariaSchomakers
ChantalLidynia
DirkMüllmann
RomanMatzutt
KlausWehrle
IndraSpiecker gen. Döhmann
MartinaZiefle