% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-24 % Creation time: 21-22-12 % --- Number of references % 9 % @Inproceedings { 2019_pennekamp_securityConsiderations, title = {Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs}, year = {2019}, month = {12}, day = {4}, abstract = {The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.}, keywords = {secure industrial collaboration; interconnected cyber-physical systems; stakeholders; Internet of Production}, tags = {internet-of-production; iotrust}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-security-considerations.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT '19), December 4–7, 2019, Dubai, United Arab Emirates}, event_place = {Dubai, United Arab Emirates}, event_date = {December 4–7, 2019}, ISBN = {978-1-7281-4873-1}, DOI = {10.1109/GCIoT47977.2019.9058413}, reviewed = {1}, author = {Pennekamp, Jan and Dahlmanns, Markus and Gleim, Lars and Decker, Stefan and Wehrle, Klaus} } @Inproceedings { 2019_delacadena_countermeasure, title = {POSTER: Traffic Splitting to Counter Website Fingerprinting}, year = {2019}, month = {11}, day = {12}, pages = {2533-2535}, abstract = {Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95\% to less than 35\% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom}, event_place = {London, United Kingdom}, event_date = {November 11-15, 2019}, ISBN = {978-1-4503-6747-9/19/11}, DOI = {10.1145/3319535.3363249}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Pennekamp, Jan and Hiller, Jens and Lanze, Fabian and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019_pennekamp_dataflows, title = {Dataflow Challenges in an Internet of Production: A Security \& Privacy Perspective}, year = {2019}, month = {11}, day = {11}, pages = {27-38}, abstract = {The Internet of Production (IoP) envisions the interconnection of previously isolated CPS in the area of manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality as well as reduced product development costs and time to market. This interconnection of CPS will lead to a plethora of new dataflows, especially between (partially) distrusting entities. In this paper, we identify and illustrate these envisioned inter-organizational dataflows and the participating entities alongside two real-world use cases from the production domain: a fine blanking line and a connected job shop. Our analysis allows us to identify distinct security and privacy demands and challenges for these new dataflows. As a foundation to address the resulting requirements, we provide a survey of promising technical building blocks to secure inter-organizational dataflows in an IoP and propose next steps for future research. Consequently, we move an important step forward to overcome security and privacy concerns as an obstacle for realizing the promised potentials in an Internet of Production.}, keywords = {Internet of Production; dataflows; Information Security}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-dataflows.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 5th ACM Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '19), co-located with the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom}, event_place = {London, United Kingdom}, event_date = {November 11-15, 2019}, ISBN = {978-1-4503-6831-5/19/11}, DOI = {10.1145/3338499.3357357}, reviewed = {1}, author = {Pennekamp, Jan and Henze, Martin and Schmidt, Simo and Niemietz, Philipp and Fey, Marcel and Trauth, Daniel and Bergs, Thomas and Brecher, Christian and Wehrle, Klaus} } @Inproceedings { 2019-hiller-icnp-tailoringOR, title = {Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments}, year = {2019}, month = {10}, day = {10}, abstract = {An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888033}, reviewed = {1}, author = {Hiller, Jens and Pennekamp, Jan and Dahlmanns, Markus and Henze, Martin and Panchenko, Andriy and Wehrle, Klaus} } @Inproceedings { 2019_pennekamp_multipath, title = {Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing}, year = {2019}, month = {10}, day = {7}, abstract = {Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.}, note = {Poster Session}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888029}, reviewed = {1}, author = {Pennekamp, Jan and Hiller, Jens and Reuter, Sebastian and De la Cadena, Wladimir and Mitseva, Asya and Henze, Martin and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019-dahlmanns-icnp-knowledgeSystem, title = {Privacy-Preserving Remote Knowledge System}, year = {2019}, month = {10}, day = {7}, abstract = {More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.}, note = {Poster Session}, keywords = {private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer}, tags = {kimusin; internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888121}, reviewed = {1}, author = {Dahlmanns, Markus and Dax, Chris and Matzutt, Roman and Pennekamp, Jan and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2019_pennekamp_doppelganger, title = {Hi Doppelg{\"a}nger: Towards Detecting Manipulation in News Comments}, year = {2019}, month = {5}, day = {13}, pages = {197-205}, abstract = {Public opinion manipulation is a serious threat to society, potentially influencing elections and the political situation even in established democracies. The prevalence of online media and the opportunity for users to express opinions in comments magnifies the problem. Governments, organizations, and companies can exploit this situation for biasing opinions. Typically, they deploy a large number of pseudonyms to create an impression of a crowd that supports specific opinions. Side channel information (such as IP addresses or identities of browsers) often allows a reliable detection of pseudonyms managed by a single person. However, while spoofing and anonymizing data that links these accounts is simple, a linking without is very challenging. In this paper, we evaluate whether stylometric features allow a detection of such doppelg{\"a}ngers within comment sections on news articles. To this end, we adapt a state-of-the-art doppelg{\"a}ngers detector to work on small texts (such as comments) and apply it on three popular news sites in two languages. Our results reveal that detecting potential doppelg{\"a}ngers based on linguistics is a promising approach even when no reliable side channel information is available. Preliminary results following an application in the wild shows indications for doppelg{\"a}ngers in real world data sets.}, keywords = {online manipulation; doppelg{\"a}nger detection; stylometry}, tags = {comtex}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-doppelganger.pdf}, publisher = {ACM}, booktitle = {Companion Proceedings of the 2019 World Wide Web Conference (WWW '19 Companion), 4th Workshop on Computational Methods in Online Misbehavior (CyberSafety '19), May 13–17, 2019, San Francisco, CA, USA}, event_place = {San Francisco, California, USA}, event_date = {May 13-17, 2019}, ISBN = {978-1-4503-6675-5/19/05}, DOI = {10.1145/3308560.3316496}, reviewed = {1}, author = {Pennekamp, Jan and Henze, Martin and Hohlfeld, Oliver and Panchenko, Andriy} } @Inproceedings { 2019_pennekamp_infrastructure, title = {Towards an Infrastructure Enabling the Internet of Production}, year = {2019}, month = {5}, day = {8}, pages = {31-37}, abstract = {New levels of cross-domain collaboration between manufacturing companies throughout the supply chain are anticipated to bring benefits to both suppliers and consumers of products. Enabling a fine-grained sharing and analysis of data among different stakeholders in an automated manner, such a vision of an Internet of Production (IoP) introduces demanding challenges to the communication, storage, and computation infrastructure in production environments. In this work, we present three example cases that would benefit from an IoP (a fine blanking line, a high pressure die casting process, and a connected job shop) and derive requirements that cannot be met by today’s infrastructure. In particular, we identify three orthogonal research objectives: (i) real-time control of tightly integrated production processes to offer seamless low-latency analysis and execution, (ii) storing and processing heterogeneous production data to support scalable data stream processing and storage, and (iii) secure privacy-aware collaboration in production to provide a basis for secure industrial collaboration. Based on a discussion of state-of-the-art approaches for these three objectives, we create a blueprint for an infrastructure acting as an enabler for an IoP.}, keywords = {Internet of Production; Cyber-Physical Systems; Data Processing; Low Latency; Secure Industrial Collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-iop-infrastructure.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2nd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '19), May 6-9, 2019, Taipei, TW}, event_place = {Taipei, TW}, event_date = {May 6-9, 2019}, ISBN = {978-1-5386-8500-6/19}, DOI = {10.1109/ICPHYS.2019.8780276}, reviewed = {1}, author = {Pennekamp, Jan and Glebke, Ren{\'e} and Henze, Martin and Meisen, Tobias and Quix, Christoph and Hai, Rihan and Gleim, Lars and Niemietz, Philipp and Rudack, Maximilian and Knape, Simon and Epple, Alexander and Trauth, Daniel and Vroomen, Uwe and Bergs, Thomas and Brecher, Christian and B{\"u}hrig-Polaczek, Andreas and Jarke, Matthias and Wehrle, Klaus} } @Article { 2019_wehrle_dagstuhl_beginners, title = {The Dagstuhl Beginners Guide to Reproducibility for Experimental Networking Research}, journal = {ACM SIGCOMM Computer Communication Review}, year = {2019}, month = {1}, volume = {49}, number = {1}, pages = {24-30}, abstract = {Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.}, ISSN = {0146-4833}, DOI = {10.1145/3314212.3314217}, author = {Bajpai, Vaibhav and Brunstrom, Anna and Feldmann, Anja and Kellerer, Wolfgang and Pras, Aiko and Schulzrinne, Henning and Smaragdakis, Georgios and W{\"a}hlisch, Matthias and Wehrle, Klaus} }