This file was created by the TYPO3 extension
bib
--- Timezone: UTC
Creation date: 2025-01-18
Creation time: 07-35-27
--- Number of references
15
inproceedings
2024_lohmoeller_tee_datasharing
Complementing Organizational Security in Data Ecosystems with Technical Guarantees
2024
12
19
Federated data ecosystems continue to emerge to connect previously isolated data silos across organizational boundaries over the Internet. These platforms aim to facilitate data sharing while maintaining data sovereignty, which is supposed to empower data owners to retain control over their data. However, the employed organizational security measures, such as policy-enforcing middleware besides software certification, processes, and employees are insufficient to provide reliable guarantees against malicious insiders. This paper thus proposes a corresponding technical solution for federated platforms that builds on communication between Trusted Execution Environments (TEEs) and demonstrates the feasibility of technically enforceable data protection. Specifically, we provide dependable guarantees for data owners formulated via rich policies while maintaining usability as a general-purpose data exchange platform. Further, by evaluating a real-world use case that concerns sharing sensitive genomic data, we demonstrate its real-world suitability. Our findings emphasize the potential of TEEs in establishing trust and increasing data security for federated data scenarios far beyond a single use case.
internet-of-production;health
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-tee-data-sharing.pdf
IEEE
Proceedings of the 1st Conference on Building a Secure and Empowered Cyberspace (BuildSEC '24), December 19-21, 2024, New Delhi, India
New Delhi, India
Building a Secure & Empowered Cyberspace
December 19-21, 2024
accepted
en
1
JohannesLohmöller
RomanMatzutt
JoschaLoos
EduardVlad
JanPennekamp
KlausWehrle
inproceedings
2024_lohmoeller_scematch
scE(match): Privacy-Preserving Cluster Matching of Single-Cell Data
2024
12
17
2123-2132
Advances in single-cell RNA sequencing (scRNA-seq) have dramatically enhanced our understanding of cellular functions and disease mechanisms. Despite its potential, scRNA-seq faces significant challenges related to data privacy, cost, and Intellectual Property (IP) protection, which hinder the sharing and collaborative use of these sensitive datasets. In this paper, we introduce a novel method, scE(match), a privacy-preserving tool that facilitates the matching of single-cell clusters between different datasets by relying on scmap as an established projection tool, but without compromising data privacy or IP. scE(match) utilizes homomorphic encryption to ensure that data and unique cell clusters remain confidential while enabling the identification of overlapping cell types for further collaboration and downstream analysis. Our evaluation shows that scE(match) performantly matches cell types across datasets with high precision, addressing both practical and ethical concerns in sharing scRNA-seq data. This approach not only supports secure data collaboration but also fosters advances in biomedical research by reliably protecting sensitive information and IP rights.
confidentiality; scmap; privacy-preserving computations; offloading; healthcare
rfc;health
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-scEmatch.pdf
IEEE
Proceedings of the 23rd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '24), December 17-21, 2024, Sanya, China
Sanya, China
TrustCom 2024
December 17-21, 2024
accepted
en
979-8-3315-0620-9
2324-9013
10.1109/TrustCom63139.2024.00294
1
JohannesLohmöller
JannisScheiber
RafaelKramann
KlausWehrle
SikanderHayat
JanPennekamp
article
2024_welten_pasta
PASTA-4-PHT: A Pipeline for Automated Security and Technical Audits for the Personal Health Train
arXiv
2024
12
2
With the introduction of data protection regulations, the need for innovative privacy-preserving approaches to process and analyse sensitive data has become apparent. One approach is the Personal Health Train (PHT) that brings analysis code to the data and conducts the data processing at the data premises. However, despite its demonstrated success in various studies, the execution of external code in sensitive environments, such as hospitals, introduces new research challenges because the interactions of the code with sensitive data are often incomprehensible and lack transparency. These interactions raise concerns about potential effects on the data and increases the risk of data breaches. To address this issue, this work discusses a PHT-aligned security and audit pipeline inspired by DevSecOps principles. The automated pipeline incorporates multiple phases that detect vulnerabilities. To thoroughly study its versatility, we evaluate this pipeline in two ways. First, we deliberately introduce vulnerabilities into a PHT. Second, we apply our pipeline to five real-world PHTs, which have been utilised in real-world studies, to audit them for potential vulnerabilities. Our evaluation demonstrates that our designed pipeline successfully identifies potential vulnerabilities and can be applied to real-world studies. In compliance with the requirements of the GDPR for data management, documentation, and protection, our automated approach supports researchers using in their data-intensive work and reduces manual overhead. It can be used as a decision-making tool to assess and document potential vulnerabilities in code for data processing. Ultimately, our work contributes to an increased security and overall transparency of data processing activities within the PHT framework.
10.48550/arXiv.2412.01275
SaschaWelten
KarlKindermann
AhmetPolat
MartinGörz
MaximilianJugl
LaurenzNeumann
AlexanderNeumann
JohannesLohmöller
JanPennekamp
StefanDecker
inproceedings
2024_dahlmanns_lua-iot
LUA-IoT: Let's Usably Authenticate the IoT
2024
11
20
Following the advent of the Internet of Things (IoT), users and their devices transmit sensitive data over the Internet. For the Web, Let’s Encrypt offers a usable foundation to safeguard such data by straightforwardly issuing certificates. However, its approach is not directly applicable to the IoT as deployments lack a (dedicated) domain or miss essentials to prove domain ownership required for Let’s Encrypt. Thus, a usable approach to secure IoT deployments by properly authenticating IoT devices is missing. To close this research gap, we propose LUA-IoT, our framework to Let’s Usably Authenticate the IoT. LUA-IoT enables autonomous certificate enrollment by orienting at the success story of Let’s Encrypt, seamlessly integrating in the setup process of modern IoT devices, and relying on process steps that users already know from other domains. In the end, LUA-IoT binds the authenticity of IoT deployments to a globally valid user identifier, e.g., an email address, that is included in certificates directly issued to the IoT deployments. We exemplarily implement LUA-IoT to show that it is realizable on commodity IoT hardware and conduct a small user study indicating that LUA-IoT indeed nudges users to safeguard their devices and data (transmissions).
Lecture Notes in Computer Science (LNCS)
internet-of-production
Springer
Proceedings of the 27th Annual International Conference on Information Security and Cryptology (ICISC '24), November 20-22, 2024, Seoul, Korea
Seoul, Korea
International Conference on Information Security and Cryptology
November 20-22, 2024
accepted
0302-9743
1
MarkusDahlmanns
JanPennekamp
RobinDecker
KlausWehrle
article
2024_querfurth_mcbert
mcBERT: Patient-Level Single-cell Transcriptomics Data Representation
bioRxiv
2024
11
7
health
10.1101/2024.11.04.621897
Benediktvon Querfurth
JohannesLohmöller
JanPennekamp
ToreBleckwehl
RafaelKramann
KlausWehrle
SikanderHayat
inproceedings
2024-buildsys-breyer-waterreview
A Critical Review of Household Water Datasets
2024
11
6
318-322
www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-breyer-waterreview.pdf
Online
ACM
Proceedings of the 11th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation (BuildSys 2024), Hangzhou, China
en
979-8-4007-0706-3/24/11
10.1145/3671127.3698793
1
JustusBreyer
MaximilianPetri
Muhammad HamadAlizai
KlausWehrle
inproceedings
2024_lohmoeller_consent
Toward Technically Enforceable Consent in Healthcare Research
2024
10
17
4
7-12
health
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-consent-aware-discovery.pdf
Online
Fraunhofer ISI
Research Papers of the Platform Privacy, 2024, October 17-18, Berlin, Germany
Berlin
Plattform Privatheit
October 17-18, 2024
en
2942-8874
10.24406/publica-3685
1
JohannesLohmöller
JanPennekamp
KlausWehrle
inproceedings
2024_dahlmanns_ipv6-deployments
Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet
2024
5
10
Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.
Internet of Things, security, Internet measurements, IPv6, address generators
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-ipv6.pdf
IEEE
Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea
Seoul, Korea
2024 IEEE Network Operations and Management Symposium
May 6-10, 2024
10.1109/NOMS59830.2024.10574963
1
MarkusDahlmanns
FelixHeidenreich
JohannesLohmöller
JanPennekamp
KlausWehrle
MartinHenze
inproceedings
2024_pennekamp_dissertation-digest
Evolving the Industrial Internet of Things: The Advent of Secure Collaborations
2024
5
9
The Industrial Internet of Things (IIoT) leads to increasingly-interconnected industrial processes and environments, which, in turn, result in stakeholders collecting a plethora of information. Even though the global sharing of information and industrial collaborations in the IIoT promise significant improvements concerning productivity, sustainability, and product quality, among others, the majority of stakeholders is hesitant to implement them due to confidentiality and reliability concerns. However, strong technical guarantees could convince them of the contrary. Thus, to address these concerns, our interdisciplinary efforts focus on establishing and realizing secure industrial collaborations in the IIoT. By applying private computing, we are indeed able to reliably secure collaborations that not only scale to industry-sized applications but also allow for use case-specific confidentiality guarantees. Hence, improvements that follow from industrial collaborations with (strong) technical guarantees are within reach, even when dealing with cautious stakeholders. Still, until we can fully exploit these benefits, several challenges remain, primarily regarding collaboration management, introduced overhead, interoperability, and universality of proposed protocols.
security; privacy; private computing; reliability
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-noms-dissertation-digest.pdf
IEEE
Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea
Seoul, Korea
2024 IEEE Network Operations and Management Symposium
May 6-10, 2024
10.1109/NOMS59830.2024.10575325
1
JanPennekamp
article
2024_lohmoeller_sovereignty-survey
The Unresolved Need for Dependable Guarantees on Security, Sovereignty, and Trust in Data Ecosystems
Data & Knowledge Engineering
2024
5
1
151
Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts.
Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases
internet-of-production; coat-ers; vesitrust; health
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf
Elsevier
0169-023X
10.1016/j.datak.2024.102301
1
JohannesLohmöller
JanPennekamp
RomanMatzutt
Carolin VictoriaSchneider
EduardVlad
ChristianTrautwein
KlausWehrle
phdthesis
2024_pennekamp_phd-thesis
Secure Collaborations for the Industrial Internet of Things
2024
4
15
The Industrial Internet of Things (IIoT) is leading to increasingly-interconnected and networked industrial processes and environments, which, in turn, results in stakeholders gathering vast amounts of information. Although the global sharing of information and industrial collaborations in the IIoT promise to enhance productivity, sustainability, and product quality, among other benefits, most information is still commonly encapsulated in local information silos. In addition to interoperability issues, confidentiality concerns of involved stakeholders remain the main obstacle to fully realizing these improvements in practice as they largely hinder real-world industrial collaborations today. Therefore, this dissertation addresses this mission-critical research gap. Since existing approaches to privacy-preserving information sharing are not scalable to industry-sized applications in the IIoT, we present solutions that enable secure collaborations in the IIoT while providing technical (confidentiality) guarantees to the involved stakeholders. Our research is crucial (i) for demonstrating the potential and added value of (secure) collaborations and (ii) for convincing cautious stakeholders of the usefulness and benefits of technical building blocks, enabling reliable sharing of confidential information, even among direct competitors.
Our interdisciplinary research thus focuses on establishing and realizing secure industrial collaborations in the IIoT. In this regard, we study two overarching angles of collaborations in detail. First, we distinguish between collaborations along and across supply chains, with the former type entailing more relaxed confidentiality requirements. Second, whether or not collaborators know each other in advance implies different levels of trust and requires different technical guarantees. We rely on well-established building blocks from private computing (i.e., privacy-preserving computation and confidential computing) to reliably realize secure collaborations. We thoroughly evaluate each of our designs, using multiple real-world use cases from production technology, to prove their practical feasibility for the IIoT.
By applying private computing, we are indeed able to secure collaborations that not only scale to industry-sized applications but also allow for use case-specific configurations of confidentiality guarantees. In this dissertation, we use well-established building blocks to assemble novel solutions with technical guarantees for all types of collaborations (along and across supply chains as well as with known or unknown collaborators). Finally, on the basis of our experience with engineers, we have derived a research methodology for future use that structures the process of interdisciplinary development and evaluation of secure collaborations in the evolving IIoT.
Overall, given the aforementioned improvements, our research should greatly contribute to convincing even cautious stakeholders to participate in (reliably-secured) industrial collaborations. Our work is an essential first step toward establishing widespread information sharing among stakeholders in the IIoT. We further conclude: (i) collaborations can be reliably secured, and we can even provide technical guarantees while doing so; (ii) building blocks from private computing scale to industrial applications and satisfy the outlined confidentiality needs; (iii) improvements resulting from industrial collaborations are within reach, even when dealing with cautious stakeholders; and (iv) the interdisciplinary development of sophisticated yet appropriate designs for use case-driven secure collaborations can succeed in practice.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-phd-thesis.pdf
Shaker Verlag
Germany
Reports on Communications and Distributed Systems
23
RWTH Aachen University
Ph.D. Thesis
978-3-8440-9467-1
2191-0863
1
JanPennekamp
incollection
2024_pennekamp_blockchain-industry
Blockchain Technology Accelerating Industry 4.0
2024
3
7
105
531-564
Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations.
internet-of-production
Springer
Advances in Information Security
17
Blockchains – A Handbook on Fundamentals, Platforms and Applications
978-3-031-32145-0
10.1007/978-3-031-32146-7_17
1
JanPennekamp
LennartBader
EricWagner
JensHiller
RomanMatzutt
KlausWehrle
article
2024_pennekamp_supply-chain-survey
An Interdisciplinary Survey on Information Flows in Supply Chains
ACM Computing Surveys
2024
2
1
56
2
Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points.
information flows; data communication; supply chain management; data security; data sharing; systematic literature review
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf
ACM
0360-0300
10.1145/3606693
1
JanPennekamp
RomanMatzutt
ChristopherKlinkmüller
LennartBader
MartinSerror
EricWagner
SidraMalik
MariaSpiß
JessicaRahn
TanGürpinar
EduardVlad
Sander J. J.Leemans
Salil S.Kanhere
VolkerStich
KlausWehrle
article
2024_pennekamp_supply-chain-sensing
Securing Sensing in Supply Chains: Opportunities, Building Blocks, and Designs
IEEE Access
2024
1
8
12
9350-9368
Supply chains increasingly develop toward complex networks, both technically in terms of devices and connectivity, and also anthropogenic with a growing number of actors. The lack of mutual trust in such networks results in challenges that are exacerbated by stringent requirements for shipping conditions or quality, and where actors may attempt to reduce costs or cover up incidents. In this paper, we develop and comprehensively study four scenarios that eventually lead to end-to-end-secured sensing in complex IoT-based supply chains with many mutually distrusting actors, while highlighting relevant pitfalls and challenges—details that are still missing in related work. Our designs ensure that sensed data is securely transmitted and stored, and can be verified by all parties. To prove practical feasibility, we evaluate the most elaborate design with regard to performance, cost, deployment, and also trust implications on the basis of prevalent (mis)use cases. Our work enables a notion of secure end-to-end sensing with minimal trust across the system stack, even for complex and opaque supply chain networks.
blockchain technology; reliability; security; trust management; trusted computing; trusted execution environments
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-secure-sensing.pdf
2169-3536
10.1109/ACCESS.2024.3350778
1
JanPennekamp
FritzAlder
LennartBader
GianlucaScopelliti
KlausWehrle
Jan TobiasMühlberg
inproceedings
2024-basels-demo
Demo: Maritime Radar Systems under Attack. Help is on the Way!
2024
For a long time, attacks on radar systems were limited to military targets. With increasing interconnection, cyber attacks have nowadays become a serious complementary threat also affecting civil radar systems for aviation traffic control or maritime navigation. Hence, operators need to be enabled to detect and respond to cyber attacks and must be supported by defense capabilities. However, security research in this domain is only just beginning and is hampered by a lack of adequate test and development environments. In this demo, we thus present a maritime Radar Cyber Security Lab (RCSL) as a holistic framework to identify vulnerabilities of navigation radars and to support the development of defensive solutions. RCSL offers an offensive tool for attacking navigation radars and a defensive module leveraging network-based anomaly detection. In our demonstration, we will showcase the radars’ vulnerabilities in a simulative environment and demonstrate the benefit of an application-specific Intrusion Detection System.
IEEE
Proceedings of the 2023 IEEE 48th Conference on Local Computer Networks (LCN)
Caen, Normandy, France
October 8-10, 2024
accepted
1
FrederikBasels
KonradWolsing
ElmarPadilla
JanBauer