This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2022-05-27
Creation time: 18-20-02
--- Number of references
5
inproceedings
2022_dahlmanns_tlsiiot
Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things
2022
5
31
252-266
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space.
Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.
industrial communication; network security; security configuration
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf
ACM
Proceedings of the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan
Nagasaki, Japan
ASIACCS 2022
May 30-June 3, 2022
accepted
978-1-4503-9140-5/22/05
10.1145/3488932.3497762
1
MarkusDahlmanns
JohannesLohmöller
JanPennekamp
JörnBodenhausen
KlausWehrle
MartinHenze
inproceedings
2022_kus_iids_generalizability
A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection
2022
5
30
73-84
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.
anomaly detection; machine learning; industrial control system
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf
ACM
Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan
accepted
978-1-4503-9176-4/22/05
10.1145/3494107.3522773
1
DominikKus
EricWagner
JanPennekamp
KonradWolsing
Ina BereniceFink
MarkusDahlmanns
KlausWehrle
MartinHenze
inproceedings
2022_wagner_ccchain
Scalable and Privacy-Focused Company-Centric Supply Chain Management
2022
5
4
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.
supply chain management; blockchain; permissionless; deployment; tracing and tracking; privacy
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wagner-ccchain.pdf
IEEE
Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China
Shanghai, China
May 2-5, 2022
accepted
978-1-6654-9538-7/22
1
EricWagner
RomanMatzutt
JanPennekamp
LennartBader
IrakliBajelidze
KlausWehrle
MartinHenze
inproceedings
2022_matzutt_redactchain
A Moderation Framework for the Swift and Transparent Removal of Illicit Blockchain Content
2022
5
3
Blockchains gained tremendous attention for their capability to provide immutable and decentralized event ledgers that can facilitate interactions between mutually distrusting parties. However, precisely this immutability and the openness of permissionless blockchains raised concerns about the consequences of illicit content being irreversibly stored on them. Related work coined the notion of redactable blockchains, which allow for removing illicit content from their history without affecting the blockchain's integrity. While honest users can safely prune identified content, current approaches either create trust issues by empowering fixed third parties to rewrite history, cannot react quickly to reported content due to using lengthy public votings, or create large per-redaction overheads.
In this paper, we instead propose to outsource redactions to small and periodically exchanged juries, whose members can only jointly redact transactions using chameleon hash functions and threshold cryptography. Multiple juries are active at the same time to swiftly redact reported content. They oversee their activities via a global redaction log, which provides transparency and allows for appealing and reversing a rogue jury's decisions. Hence, our approach establishes a framework for the swift and transparent moderation of blockchain content. Our evaluation shows that our moderation scheme can be realized with feasible per-block and per-redaction overheads, i.e., the redaction capabilities do not impede the blockchain's normal operation.
redactable blockchain; illicit content; chameleon hash functions; threshold cryptography
mynedata; impact-digital; digital-campus
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-matzutt-redactchain.pdf
IEEE
Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China
Shanghai, China
May 2-5, 2022
accepted
978-1-6654-9538-7/22
1
RomanMatzutt
VincentAhlrichs
JanPennekamp
RomanKarwacik
KlausWehrle
article
2022_brauner_iop
A Computer Science Perspective on Digital Transformation in Production
ACM Transactions on Internet of Things
2022
5
1
3
2
The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality.
Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf
ACM
2691-1914
10.1145/3502265
1
PhilippBrauner
ManuelaDalibor
MatthiasJarke
IkeKunze
IstvánKoren
GerhardLakemeyer
MartinLiebenberg
JudithMichael
JanPennekamp
ChristophQuix
BernhardRumpe
Wilvan der Aalst
KlausWehrle
AndreasWortmann
MartinaZiefle