This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-04-18 Creation time: 23-41-52 --- Number of references 121 inproceedings 2024_dahlmanns_ipv6-deployments 2024 5 10 Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data. Internet of Things, security, Internet measurements, IPv6, address generators internet-of-production IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 accepted 1 MarkusDahlmanns FelixHeidenreich JohannesLohmöller JanPennekamp KlausWehrle MartinHenze inproceedings 2024_pennekamp_dissertation-digest 2024 5 9 The Industrial Internet of Things (IIoT) leads to increasingly-interconnected industrial processes and environments, which, in turn, result in stakeholders collecting a plethora of information. Even though the global sharing of information and industrial collaborations in the IIoT promise significant improvements concerning productivity, sustainability, and product quality, among others, the majority of stakeholders is hesitant to implement them due to confidentiality and reliability concerns. However, strong technical guarantees could convince them of the contrary. Thus, to address these concerns, our interdisciplinary efforts focus on establishing and realizing secure industrial collaborations in the IIoT. By applying private computing, we are indeed able to reliably secure collaborations that not only scale to industry-sized applications but also allow for use case-specific confidentiality guarantees. Hence, improvements that follow from industrial collaborations with (strong) technical guarantees are within reach, even when dealing with cautious stakeholders. Still, until we can fully exploit these benefits, several challenges remain, primarily regarding collaboration management, introduced overhead, interoperability, and universality of proposed protocols. security; privacy; private computing; reliability internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-noms-dissertation-digest.pdf IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 accepted 1 JanPennekamp phdthesis 2024_pennekamp_phd-thesis 2024 4 The Industrial Internet of Things (IIoT) is leading to increasingly-interconnected and networked industrial processes and environments, which, in turn, results in stakeholders gathering vast amounts of information. Although the global sharing of information and industrial collaborations in the IIoT promise to enhance productivity, sustainability, and product quality, among other benefits, most information is still commonly encapsulated in local information silos. In addition to interoperability issues, confidentiality concerns of involved stakeholders remain the main obstacle to fully realizing these improvements in practice as they largely hinder real-world industrial collaborations today. Therefore, this dissertation addresses this mission-critical research gap. Since existing approaches to privacy-preserving information sharing are not scalable to industry-sized applications in the IIoT, we present solutions that enable secure collaborations in the IIoT while providing technical (confidentiality) guarantees to the involved stakeholders. Our research is crucial (i) for demonstrating the potential and added value of (secure) collaborations and (ii) for convincing cautious stakeholders of the usefulness and benefits of technical building blocks, enabling reliable sharing of confidential information, even among direct competitors. Our interdisciplinary research thus focuses on establishing and realizing secure industrial collaborations in the IIoT. In this regard, we study two overarching angles of collaborations in detail. First, we distinguish between collaborations along and across supply chains, with the former type entailing more relaxed confidentiality requirements. Second, whether or not collaborators know each other in advance implies different levels of trust and requires different technical guarantees. We rely on well-established building blocks from private computing (i.e., privacy-preserving computation and confidential computing) to reliably realize secure collaborations. We thoroughly evaluate each of our designs, using multiple real-world use cases from production technology, to prove their practical feasibility for the IIoT. By applying private computing, we are indeed able to secure collaborations that not only scale to industry-sized applications but also allow for use case-specific configurations of confidentiality guarantees. In this dissertation, we use well-established building blocks to assemble novel solutions with technical guarantees for all types of collaborations (along and across supply chains as well as with known or unknown collaborators). Finally, on the basis of our experience with engineers, we have derived a research methodology for future use that structures the process of interdisciplinary development and evaluation of secure collaborations in the evolving IIoT. Overall, given the aforementioned improvements, our research should greatly contribute to convincing even cautious stakeholders to participate in (reliably-secured) industrial collaborations. Our work is an essential first step toward establishing widespread information sharing among stakeholders in the IIoT. We further conclude: (i) collaborations can be reliably secured, and we can even provide technical guarantees while doing so; (ii) building blocks from private computing scale to industrial applications and satisfy the outlined confidentiality needs; (iii) improvements resulting from industrial collaborations are within reach, even when dealing with cautious stakeholders; and (iv) the interdisciplinary development of sophisticated yet appropriate designs for use case-driven secure collaborations can succeed in practice. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-phd-thesis.pdf Shaker Verlag

Germany

Reports on Communications and Distributed Systems 23 RWTH Aachen University Ph.D. Thesis 978-3-8440-9467-1 2191-0863 10.18154/RWTH-2024-03585 1 JanPennekamp article 2024_lohmoeller_sovereignty-survey Data & Knowledge Engineering 2024 3 19 151 Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts. Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf Elsevier 0169-023X 10.1016/j.datak.2024.102301 1 JohannesLohmöller JanPennekamp RomanMatzutt Carolin VictoriaSchneider EduardVlad ChristianTrautwein KlausWehrle incollection 2024_pennekamp_blockchain-industry 2024 3 7 105 531-564 Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations. internet-of-production Springer Advances in Information Security 17 Blockchains – A Handbook on Fundamentals, Platforms and Applications 978-3-031-32145-0 10.1007/978-3-031-32146-7_17 1 JanPennekamp LennartBader EricWagner JensHiller RomanMatzutt KlausWehrle article 2024_pennekamp_supply-chain-survey ACM Computing Surveys 2024 2 1 56 2 Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points. information flows; data communication; supply chain management; data security; data sharing; systematic literature review internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf ACM 0360-0300 10.1145/3606693 1 JanPennekamp RomanMatzutt ChristopherKlinkmüller LennartBader MartinSerror EricWagner SidraMalik MariaSpiß JessicaRahn TanGürpinar EduardVlad Sander J. J.Leemans Salil S.Kanhere VolkerStich KlausWehrle article 2024_pennekamp_supply-chain-sensing IEEE Access 2024 1 8 12 9350-9368 Supply chains increasingly develop toward complex networks, both technically in terms of devices and connectivity, and also anthropogenic with a growing number of actors. The lack of mutual trust in such networks results in challenges that are exacerbated by stringent requirements for shipping conditions or quality, and where actors may attempt to reduce costs or cover up incidents. In this paper, we develop and comprehensively study four scenarios that eventually lead to end-to-end-secured sensing in complex IoT-based supply chains with many mutually distrusting actors, while highlighting relevant pitfalls and challenges—details that are still missing in related work. Our designs ensure that sensed data is securely transmitted and stored, and can be verified by all parties. To prove practical feasibility, we evaluate the most elaborate design with regard to performance, cost, deployment, and also trust implications on the basis of prevalent (mis)use cases. Our work enables a notion of secure end-to-end sensing with minimal trust across the system stack, even for complex and opaque supply chain networks. blockchain technology; reliability; security; trust management; trusted computing; trusted execution environments internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-secure-sensing.pdf 2169-3536 10.1109/ACCESS.2024.3350778 1 JanPennekamp FritzAlder LennartBader GianlucaScopelliti KlausWehrle Jan TobiasMühlberg inproceedings 2023_matzutt_street_problems 2023 11 27 3591-3593 Municipalities increasingly depend on citizens to file digital reports about issues such as potholes or illegal trash dumps to improve their response time. However, the responsible authorities may be incentivized to ignore certain reports, e.g., when addressing them inflicts high costs. In this work, we explore the applicability of blockchain technology to hold authorities accountable regarding filed reports. Our initial assessment indicates that our approach can be extended to benefit citizens and authorities in the future. street problems; accountability; consortium blockchain; privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-matzutt-street-problems.pdf ACM Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23), November 26-30, 2023, Copenhagen, Denmark Copenhagen, Denmark November 26-30, 2023 979-8-4007-0050-7/23/11 10.1145/3576915.3624367 1 RomanMatzutt JanPennekamp KlausWehrle article 2023_pennekamp_purchase_inquiries ACM Transactions on Internet Technology 2023 11 17 23 4 Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness. Related work overlooks this issue so far: Existing approaches only protect the information of a single party only, hindering dynamic and on-demand business relationships. To account for the corresponding research gap of inadequately privacy-protected information and to deal with companies without an established trust relation, we pursue the direction of innovative privacy-preserving purchase inquiries that seamlessly integrate into today's established supplier management and procurement processes. Utilizing well-established building blocks from private computing, such as private set intersection and homomorphic encryption, we propose two designs with slightly different privacy and performance implications to securely realize purchase inquiries over the Internet. In particular, we allow buyers to consider more potential sellers without sharing sensitive information and relieve sellers of the burden of repeatedly preparing elaborate yet discarded offers. We demonstrate our approaches' scalability using two real-world use cases from the domain of production technology. Overall, we present deployable designs that offer two-way privacy for purchase inquiries and, in turn, fill a gap that currently hinders establishing dynamic and flexible business relationships. In the future, we expect significantly increasing research activity in this overlooked area to address the needs of an evolving production landscape. bootstrapping procurement; secure industrial collaboration; private set intersection; homomorphic encryption; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-purchase-inquiries.pdf ACM 1533-5399 10.1145/3599968 1 JanPennekamp MarkusDahlmanns FrederikFuhrmann TimoHeutmann AlexanderKreppein DennisGrunert ChristophLange Robert H.Schmitt KlausWehrle inproceedings 2023_bader_reputation-systems 2023 11 Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volatile supply chain networks introduce, (2) give an overview of the diverse landscape of privacy-preserving reputation systems and their properties, and (3) based on well-established concepts from supply chain information systems and cryptography, we further propose an initial concept that accounts for the aforementioned challenges by utilizing fully homomorphic encryption. For future work, we identify the need of evaluating whether novel systems address the supply chain-specific privacy and confidentiality needs. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST) SCM; confidentiality; anonymity; voter; votee; FHE internet-of-production https://jpennekamp.de/wp-content/papercite-data/pdf/bpt+23.pdf Springer Proceedings of the 20th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '23), November 14-17, 2023, Melbourne, VIC, Australia Melbourne, VIC, Australia November 14-17, 2023 accepted 1867-8211 1 LennartBader JanPennekamp EmildeonThevaraj MariaSpiß Salil S.Kanhere KlausWehrle article 2023_hauser_technical-documentation Journal of Systems Research 2023 10 31 3 1 The ever-increasing variety of microcontrollers aggravates the challenge of porting embedded software to new devices through much manual work, whereas code generators can be used only in special cases. Moreover, only little technical documentation for these devices is available in machine-readable formats that could facilitate automating porting efforts. Instead, the bulk of documentation comes as print-oriented PDFs. We hence identify a strong need for a processor to access the PDFs and extract their data with a high quality to improve the code generation for embedded software. In this paper, we design and implement a modular processor for extracting detailed datasets from PDF files containing technical documentation using deterministic table processing for thousands of microcontrollers. Namely, we systematically extract device identifiers, interrupt tables, package and pinouts, pin functions, and register maps. In our evaluation, we compare the documentation from STMicro against existing machine-readable sources. Our results show that our processor matches 96.5 % of almost 6 million reference data points, and we further discuss identified issues in both sources. Hence, our tool yields very accurate data with only limited manual effort and can enable and enhance a significant amount of existing and new code generation use cases in the embedded software domain that are currently limited by a lack of machine-readable data sources. https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-hauser-technical-documents.pdf eScholarship Publishing 2770-5501 10.5070/SR33162446 1 NiklasHauser JanPennekamp article 2023_lamberts_metrics-sok Journal of Systems Research 2023 10 31 3 1 Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward. internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf eScholarship Publishing 2770-5501 10.5070/SR33162445 1 OlavLamberts KonradWolsing EricWagner JanPennekamp JanBauer KlausWehrle MartinHenze inproceedings 2023-wolsing-xluuvlab 2023 10 Roughly two-thirds of our planet is covered with water, and so far, the oceans have predominantly been used at their surface for the global transport of our goods and commodities. Today, there is a rising trend toward subsea infrastructures such as pipelines, telecommunication cables, or wind farms which demands potent vehicles for underwater work. To this end, a new generation of vehicles, large and Extra-Large Unmanned Underwater Vehicles (XLUUVs), is currently being engineered that allow for long-range, remotely controlled, and semi-autonomous missions in the deep sea. However, although these vehicles are already heavily developed and demand state-of-the-art communi- cation technologies to realize their autonomy, no dedicated test and development environments exist for research, e.g., to assess the implications on cybersecurity. Therefore, in this paper, we present XLab-UUV, a virtual testbed for XLUUVs that allows researchers to identify novel challenges, possible bottlenecks, or vulnerabilities, as well as to develop effective technologies, protocols, and procedures. Maritime Simulation Environment, XLUUV, Cyber Range, Autonomous Shipping, Operational Technology https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-wolsing-xluuvlab.pdf IEEE 1st IEEE LCN Workshop on Maritime Communication and Security (MarCaS) Daytona Beach, Florida, USA 1st IEEE LCN Workshop on Maritime Communication and Security (MarCaS) Oktober 1-5, 2023 accepted en 10.1109/LCN58197.2023.10223405 1 KonradWolsing AntoineSaillard ElmarPadilla JanBauer inproceedings 2023_wolsing_ensemble 2023 9 25 14345 102-122 Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity. Lecture Notes in Computer Science (LNCS), Volume 14345 Intrusion Detection; Ensemble Learning; ICS internet-of-production, rfc https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf Springer Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands The Hague, The Netherlands 28th European Symposium on Research in Computer Security (ESORICS '23) September 25-29, 2023 978-3-031-51475-3 0302-9743 10.1007/978-3-031-51476-0_6 1 KonradWolsing DominikKus EricWagner JanPennekamp KlausWehrle MartinHenze inproceedings 2023_bodenbenner_fairsensor 2023 7 20 The long-term utility and reusability of measurement data from production processes depend on the appropriate contextualization of the measured values. These requirements further mandate that modifications to the context need to be recorded. To be (re-)used at all, the data must be easily findable in the first place, which requires arbitrary filtering and searching routines. Following the FAIR guiding principles, fostering findable, accessible, interoperable and reusable (FAIR) data, in this paper, the FAIR Sensor Ecosystem is proposed, which provides a contextualization middleware based on a unified data metamodel. All information and relations which might change over time are versioned and associated with temporal validity intervals to enable full reconstruction of a system's state at any point in time. A technical validation demonstrates the correctness of the FAIR Sensor Ecosystem, including its contextualization model and filtering techniques. State-of-the-art FAIRness assessment frameworks rate the proposed FAIR Sensor Ecosystem with an average FAIRness of 71%. The obtained rating can be considered remarkable, as deductions mainly result from the lack of fully appropriate FAIRness metrics and the absence of relevant community standards for the domain of the manufacturing industry. FAIR Data; Cyber-Physical Systems; Data Management; Data Contextualization; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-bodenbenner-fair-ecosystem.pdf IEEE Proceedings of the 21th IEEE International Conference on Industrial Informatics (INDIN '23), July 17-20, 2023, Lemgo, Germany Lemgo, Germany July 17-20, 2023 978-1-6654-9313-0 2378-363X 10.1109/INDIN51400.2023.10218149 1 MatthiasBodenbenner JanPennekamp BenjaminMontavon KlausWehrle Robert H.Schmitt inproceedings 2023_pennekamp_benchmarking_comparison 2023 6 15 13901 489-505 Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees—an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today's building blocks from private computing. Lecture Notes in Computer Science (LNCS), Volume 13901 real-world computing; trusted execution environments; homomorphic encryption; key performance indicators; benchmarking internet-of-production https://jpennekamp.de/wp-content/papercite-data/pdf/plv+23.pdf Springer Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain Zaragoza, Spain 35th International Conference on Advanced Information Systems Engineering (CAiSE '23) June 12-16, 2023 978-3-031-34559-3 0302-9743 10.1007/978-3-031-34560-9_29 1 JanPennekamp JohannesLohmöller EduardVlad JoschaLoos NiklasRodemann PatrickSapel Ina BereniceFink SethSchmitz ChristianHopmann MatthiasJarke GüntherSchuh KlausWehrle MartinHenze incollection 2023_pennekamp_crd-a.i 2023 2 8 35-60 The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL. Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf Springer Interdisciplinary Excellence Accelerator Series Internet of Production: Fundamentals, Applications and Proceedings 978-3-031-44496-8 10.1007/978-3-031-44497-5_2 1 JanPennekamp AnastasiiaBelova ThomasBergs MatthiasBodenbenner AndreasBührig-Polaczek MarkusDahlmanns IkeKunze MoritzKröger SandraGeisler MartinHenze DanielLütticke BenjaminMontavon PhilippNiemietz LuciaOrtjohann MaximilianRudack Robert H.Schmitt UweVroomen KlausWehrle MichaelZeng incollection 2023_rueppel_crd-b2.ii 2023 2 8 221-246 The main objectives in production technology are quality assurance, cost reduction, and guaranteed process safety and stability. Digital shadows enable a more comprehensive understanding and monitoring of processes on shop floor level. Thus, process information becomes available between decision levels, and the aforementioned criteria regarding quality, cost, or safety can be included in control decisions for production processes. The contextual data for digital shadows typically arises from heterogeneous sources. At shop floor level, the proximity to the process requires usage of available data as well as domain knowledge. Data sources need to be selected, synchronized, and processed. Especially high-frequency data requires algorithms for intelligent distribution and efficient filtering of the main information using real-time devices and in-network computing. Real-time data is enriched by simulations, metadata from product planning, and information across the whole process chain. Well-established analytical and empirical models serve as the base for new hybrid, gray box approaches. These models are then applied to optimize production process control by maximizing the productivity under given quality and safety constraints. To store and reuse the developed models, ontologies are developed and a data lake infrastructure is utilized and constantly enlarged laying the basis for a World Wide Lab (WWL). Finally, closing the control loop requires efficient quality assessment, immediately after the process and directly on the machine. This chapter addresses works in a connected job shop to acquire data, identify and optimize models, and automate systems and their deployment in the Internet of Production (IoP). Process control; Model-based control; Data aggregation; Model identification; Model optimization internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-rueppel-iop-b2.i.pdf Springer Interdisciplinary Excellence Accelerator Series Internet of Production: Fundamentals, Applications and Proceedings 978-3-031-44496-8 10.1007/978-3-031-44497-5_7 1 Adrian KarlRüppel MuzafferAy BenediktBiernat IkeKunze MarkusLandwehr SamuelMann JanPennekamp PascalRabe Mark P.Sanders DominikScheurenberg SvenSchiller TiandongXi DirkAbel ThomasBergs ChristianBrecher UweReisgen Robert H.Schmitt KlausWehrle inproceedings 2022_pennekamp_cumul 2022 12 8 RWTH-2022-10811 Anonymous communication on the Internet is about hiding the relationship between communicating parties. At NDSS '16, we presented a new website fingerprinting approach, CUMUL, that utilizes novel features and a simple yet powerful algorithm to attack anonymization networks such as Tor. Based on pattern observation of data flows, this attack aims at identifying the content of encrypted and anonymized connections. Apart from the feature generation and the used classifier, we also provided a large dataset to the research community to study the attack at Internet scale. In this paper, we emphasize the impact of our artifacts by analyzing publications referring to our work with respect to the dataset, feature extraction method, and source code of the implementation. Based on this data, we draw conclusions about the impact of our artifacts on the research field and discuss their influence on related cybersecurity topics. Overall, from 393 unique citations, we discover more than 130 academic references that utilize our artifacts, 61 among them are highly influential (according to SemanticScholar), and at least 35 are from top-ranked security venues. This data underlines the significant relevance and impact of our work as well as of our artifacts in the community and beyond. https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-pennekamp-cumul-artifacts.pdf https://www.acsac.org/2022/program/artifacts_competition/ ACSA Cybersecurity Artifacts Competition and Impact Award at 38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA Austin, TX, USA 38th Annual Computer Security Applications Conference (ACSAC '22) December 5-9, 2022 10.18154/RWTH-2022-10811 1 JanPennekamp MartinHenze AndreasZinnen FabianLanze KlausWehrle AndriyPanchenko inproceedings 2022_kus_ensemble 2022 12 8 RWTH-2022-10809 Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor different parts of the system, e.g., the network or the physical process. Combining multiple such systems promises to leverage their joint strengths, allowing the detection of a wider range of attacks due to their diverse specializations and reducing false positives. We study this concept's feasibility with initial results of various methods to combine detectors. rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-ensemble-poster.pdf RWTH Aachen University 38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA RWTH Aachen University Austin, TX, USA 38th Annual Computer Security Applications Conference (ACSAC '22) December 5-9, 2022 10.18154/RWTH-2022-10809 1 DominikKus KonradWolsing JanPennekamp EricWagner MartinHenze KlausWehrle inproceedings 2022-rechenberg-cim 2022 10 Maritime Cybersecurity, Intrusion Detection System, Integrated Bridge System, IEC 61162-450, NMEA 0183 https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-rechenberg-guiding.pdf https://zenodo.org/record/7148794 Zenodo European Workshop on Maritime Systems Resilience and Security (MARESEC 2022) Bremerhaven, Germany 10.5281/zenodo.7148794 1 Merlinvon Rechenberg NinaRößler MariSchmidt KonradWolsing FlorianMotz MichaelBergmann ElmarPadilla JanBauer inproceedings 2022_lohmoeller_sovereignty 2022 9 5 3306 51-63 Data ecosystems are the foundation of emerging data-driven business models as they (i) enable an automated exchange between their participants and (ii) provide them with access to huge and heterogeneous data sources. However, the corresponding benefits come with unforeseen risks as also sensitive information is potentially exposed. Consequently, data security is of utmost importance and, thus, a central requirement for the successful implementation of these ecosystems. Current initiatives, such as IDS and GAIA-X, hence foster sovereign participation via a federated infrastructure where participants retain local control. However, these designs place significant trust in remote infrastructure by mostly implementing organizational security measures such as certification processes prior to admission of a participant. At the same time, due to the sensitive nature of involved data, participants are incentivized to bypass security measures to maximize their own benefit: In practice, this issue significantly weakens sovereignty guarantees. In this paper, we hence claim that data ecosystems must be extended with technical means to reestablish such guarantees. To underpin our position, we analyze promising building blocks and identify three core research directions toward stronger data sovereignty, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. We conclude that these directions are critical to securely implement data ecosystems in data-sensitive contexts. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-lohmoeller-deco.pdf CEUR Workshop Proceedings Proceedings of the 1st International Workshop on Data Ecosystems (DEco '22), co-located with the 48th International Conference on Very Large Databases (VLDB '22), September 5-9, 2022, Sydney, Australia, Sydney, Australia International Workshop on Data Ecosystems (DEco '22) September 5, 2022 1613-0073 1 JohannesLohmöller JanPennekamp RomanMatzutt KlausWehrle inproceedings 2022_dahlmanns_tlsiiot 2022 5 31 252-266 The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space. Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security. industrial communication; network security; security configuration internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf ACM Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan Nagasaki, Japan ASIACCS '22 May 30-June 3, 2022 978-1-4503-9140-5/22/05 10.1145/3488932.3497762 1 MarkusDahlmanns JohannesLohmöller JanPennekamp JörnBodenhausen KlausWehrle MartinHenze inproceedings 2022_kus_iids_generalizability 2022 5 30 73-84 Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks. anomaly detection; machine learning; industrial control system internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf ACM Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan 978-1-4503-9176-4/22/05 10.1145/3494107.3522773 1 DominikKus EricWagner JanPennekamp KonradWolsing Ina BereniceFink MarkusDahlmanns KlausWehrle MartinHenze inproceedings 2022_wagner_ccchain 2022 5 4 Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products. supply chain management; blockchain; permissionless; deployment; tracing and tracking; privacy internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wagner-ccchain.pdf IEEE Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China Shanghai, China May 2-5, 2022 978-1-6654-9538-7/22 10.1109/ICBC54727.2022.9805503 1 EricWagner RomanMatzutt JanPennekamp LennartBader IrakliBajelidze KlausWehrle MartinHenze inproceedings 2022_matzutt_redactchain 2022 5 3 Blockchains gained tremendous attention for their capability to provide immutable and decentralized event ledgers that can facilitate interactions between mutually distrusting parties. However, precisely this immutability and the openness of permissionless blockchains raised concerns about the consequences of illicit content being irreversibly stored on them. Related work coined the notion of redactable blockchains, which allow for removing illicit content from their history without affecting the blockchain's integrity. While honest users can safely prune identified content, current approaches either create trust issues by empowering fixed third parties to rewrite history, cannot react quickly to reported content due to using lengthy public votings, or create large per-redaction overheads. In this paper, we instead propose to outsource redactions to small and periodically exchanged juries, whose members can only jointly redact transactions using chameleon hash functions and threshold cryptography. Multiple juries are active at the same time to swiftly redact reported content. They oversee their activities via a global redaction log, which provides transparency and allows for appealing and reversing a rogue jury's decisions. Hence, our approach establishes a framework for the swift and transparent moderation of blockchain content. Our evaluation shows that our moderation scheme can be realized with feasible per-block and per-redaction overheads, i.e., the redaction capabilities do not impede the blockchain's normal operation. redactable blockchain; illicit content; chameleon hash functions; threshold cryptography mynedata; impact-digital; digital-campus https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-matzutt-redactchain.pdf IEEE Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China Shanghai, China May 2-5, 2022 978-1-6654-9538-7/22 10.1109/ICBC54727.2022.9805508 1 RomanMatzutt VincentAhlrichs JanPennekamp RomanKarwacik KlausWehrle article 2022_brauner_iop ACM Transactions on Internet of Things 2022 5 1 3 2 The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality. Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf ACM 2691-1914 10.1145/3502265 1 PhilippBrauner ManuelaDalibor MatthiasJarke IkeKunze IstvánKoren GerhardLakemeyer MartinLiebenberg JudithMichael JanPennekamp ChristophQuix BernhardRumpe Wilvan der Aalst KlausWehrle AndreasWortmann MartinaZiefle inproceedings lorenz-ven2us-2022 2022 Power grids are increasingly faced with the introduction of decentralized, highly volatile power supplies from renewable energies and high loads occurring from e-mobility. However, today’s static grid protection cannot manage all upcoming conditions while providing a high level of dependability and security. It forms a bottleneck of a future decarbonizing grid development. In our research project, we develop and verify an adaptive grid protection algorithm. It calculates situation dependent protection parameters for the event of power flow shifts and topology changes caused by volatile power supplies due to the increase of renewable generation and the rapid expansion of e-mobility. As a result the distribution grid can be operated with the optimally adapted protection parameters and functions for changing operating states. To safely adjust the values on protection hardware in the field, i.e., safe from hardware failures and cyberattacks, we research resilient and secure communication concepts for the adaptive and interconnected grid protection system. Finally, we validate our concept and system by demonstrations in the laboratory and field tests. ven2us Proceedings of the CIRED workshop on E-mobility and power distribution systems 2022, June 2-3, 2022, Porto, Portugal Porto CIRED workshop on E-mobility and power distribution systems 2022 June 2-3, 2022 10.1049/icp.2022.0768 1 MatthiasLorenz Tobias MarkusPletzer MalteSchuhmacher TorstenSowa MichaelDahms SimonStock DavoodBabazadeh ChristianBecker JohannJaeger TobiasLorz MarkusDahlmanns Ina BereniceFink KlausWehrle AndreasUlbig PhilippLinnartz AntigonaSelimaj ThomasOffergeld inproceedings 2021_pennekamp_laser 2021 12 21 Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf ACSA Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA Austin, TX, USA Learning from Authoritative Security Experiment Results (LASER '20) December 8, 2020 978-1-891562-81-5 10.14722/laser-acsac.2020.23088 1 JanPennekamp ErikBuchholz MarkusDahlmanns IkeKunze StefanBraun EricWagner MatthiasBrockmann KlausWehrle MartinHenze inproceedings 2021_kiesel_5g 2021 12 15 739-744 Latency-critical applications in production promise to be essential enablers for performance improvement in production. However, they require the right and often wireless communication system. 5G technology appears to be an effective way to achieve communication system for these applications. Its estimated economic benefit on production gross domestic product is immense ($740 billion Euro until 2030). However, 55% of production companies state that 5G technology deployment is currently not a subject matter for them and mainly state the lack of knowledge on benefits as a reason. Currently, it is missing an approach or model for a use case specific, data-based evaluation of 5G technology influence on the performance of production applications. Therefore, this paper presents a model to evaluate the potential of 5G technology for latency-critical applications in production. First, we derive requirements for the model to fulfill the decision-makers' needs. Second, we analyze existing evaluation approaches regarding their fulfillment of the derived requirements. Third, based on outlined research gaps, we develop a model fulfilling the requirements. Fourth, we give an outlook for further research needs. 5G technology; latency-critical applications; production; evaluation model https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kiesel-5g-model.pdf IEEE Proceedings of the 28th IEEE International Conference on Industrial Engineering and Engineering Management (IEEM '21), December 13-16, 2021, Singapore, Singapore Singapore, Singapore December 13-16, 2021 978-1-6654-3771-4 10.1109/IEEM50564.2021.9673074 1 RaphaelKiesel FalkBoehm JanPennekamp Robert H.Schmitt inproceedings 2021_mitseva_sequences 2021 11 17 2411-2413 Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface. Traffic Analysis; Website Fingerprinting; Web Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf ACM Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea Seoul, Korea November 15-19, 2021 978-1-4503-8454-4/21/11 10.1145/3460120.3485347 1 AsyaMitseva JanPennekamp JohannesLohmöller TorstenZiemann CarlHoerchner KlausWehrle AndriyPanchenko inproceedings 2021_pennekamp_bootstrapping 2021 11 15 RWTH-2021-09499 In addition to quality improvements and cost reductions, dynamic and flexible business relationships are expected to become more important in the future to account for specific customer change requests or small-batch production. Today, despite reservation, sensitive information must be shared upfront between buyers and sellers. However, without a trust relation, this situation is precarious for the involved companies as they fear for their competitiveness following information leaks or breaches of their privacy. To address this issue, the concepts of confidential computing and cloud computing come to mind as they promise to offer scalable approaches that preserve the privacy of participating companies. In particular, designs building on confidential computing can help to technically enforce privacy. Moreover, cloud computing constitutes an elegant design choice to scale these novel protocols to industry needs while limiting the setup and management overhead for practitioners. Thus, novel approaches in this area can advance the status quo of bootstrapping new relationships as they provide privacy-preserving alternatives that are suitable for immediate deployment. bootstrapping procurement; business relationships; secure industrial collaboration; privacy; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-bootstrapping.pdf RWTH Aachen University Blitz Talk at the 2021 Cloud Computing Security Workshop (CCSW '21), co-located with the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea RWTH Aachen University Seoul, Korea November 14, 2021 10.18154/RWTH-2021-09499 JanPennekamp FrederikFuhrmann MarkusDahlmanns TimoHeutmann AlexanderKreppein DennisGrunert ChristophLange Robert H.Schmitt KlausWehrle article 2021_kretschmer_cookies ACM Transactions on the Web 2021 11 1 15 4 The General Data Protection Regulation (GDPR) is in effect since May of 2018. As one of the most comprehensive pieces of legislation concerning privacy, it sparked a lot of discussion on the effect it would have on users and providers of online services in particular, due to the large amount of personal data processed in this context. Almost three years later, we are interested in revisiting this question to summarize the impact this new regulation has had on actors in the World Wide Web. Using Scopus, we obtain a vast corpus of academic work to survey studies related to changes on websites since and around the time, the GDPR went into force. Our findings show that the emphasis on privacy increased w.r.t. online services, but plenty potential for improvements remains. Although online services are on average more transparent regarding data processing practices in their public data policies, a majority of these policies still either lack information required by the GDPR (e.g., contact information for users to file privacy inquiries), or do not provide this information in a user-friendly form. Additionally, we summarize that online services more often provide means for their users to opt out of data processing, but regularly obstruct convenient access to such means through unnecessarily complex and sometimes illegitimate interface design. Our survey further details that this situation contradicts the preferences expressed by users both verbally and through their actions, and researchers have proposed multiple approaches to facilitate GDPR-conform data processing without negatively impacting the user experience. Thus, we compiled reoccurring points of criticism by privacy researchers and data protection authorities into a list of four guidelines for service providers to consider. Cookies; Privacy; GDPR; Web; Privacy Legislation; Fingerprinting https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kretschmer-tweb-cookies.pdf ACM 1559-1131 10.1145/3466722 1 MichaelKretschmer JanPennekamp KlausWehrle inproceedings 2021_reuter_demo 2021 9 14 Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis. Electronic Communications of the EASST, Volume 080 Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf TU Berlin Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, Lübeck, Germany Lübeck, Germany September 13-16, 2021 1863-2122 10.14279/tuj.eceasst.80.1151 1 SebastianReuter JensHiller JanPennekamp AndriyPanchenko KlausWehrle article 2021_pennekamp_accountable_manufacturing Automation 2021 9 13 2 3 202-219 The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust. blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf MDPI 2673-4052 10.3390/automation2030013 1 JanPennekamp RomanMatzutt Salil S.Kanhere JensHiller KlausWehrle article 2021_matzutt_coinprune_v2 IEEE Transactions on Network and Service Management 2021 9 10 18 3 3064-3078 Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute. blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin mynedata; impact_digital; digital_campus https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf English 1932-4537 10.1109/TNSM.2021.3073270 1 RomanMatzutt BenediktKalde JanPennekamp ArthurDrichel MartinHenze KlausWehrle article 2021_pennekamp_ercim ERCIM News 2021 7 9 126 24-25 In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-ercim-news.pdf https://ercim-news.ercim.eu/en126/special/unlocking-secure-industrial-collaborations-through-privacy-preserving-computation ERCIM EEIG 0926-4981 JanPennekamp MartinHenze KlausWehrle inproceedings 2021_mangel_reshare 2021 6 8 12731 265-283 As decision-making is increasingly data-driven, trustworthiness and reliability of the underlying data, e.g., maintained in knowledge graphs or on the Web, are essential requirements for their usability in the industry. However, neither traditional solutions, such as paper-based data curation processes, nor state-of-the-art approaches, such as distributed ledger technologies, adequately scale to the complex requirements and high throughput of continuously evolving industrial data. Motivated by a practical use case with high demands towards data trustworthiness and reliability, we identify the need for digitally-verifiable data immutability as a still insufficiently addressed dimension of data quality. Based on our discussion of shortcomings in related work, we thus propose ReShare, our novel concept of digital transmission contracts with bilateral signatures, to address this open issue for both RDF knowledge graphs and arbitrary data on the Web. Our quantitative evaluation of ReShare’s performance and scalability reveals only moderate computation and communication overhead, indicating significant potential for cost-reductions compared to today’s approaches. By cleverly integrating digital transmission contracts with existing Web-based information systems, ReShare provides a promising foundation for data sharing and reuse in Industry 4.0 and beyond, enabling digital accountability through easily-adoptable digitally-verifiable data immutability and non-repudiation. Lecture Notes in Computer Science (LNCS), Volume 12731 Digital transmission contracts; Trust; Data immutability; Non-repudiation; Accountability; Data dynamics; Linked Data; Knowledge graphs internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mangel-eswc-reshare.pdf Springer Proceedings of the 18th Extended Semantic Web Conference (ESWC '21), June 6-10, 2021, Heraklion, Greece Heraklion, Greece June 6-10, 2021 978-3-030-77384-7 0302-9743 10.1007/978-3-030-77385-4_16 1 SimonMangel LarsGleim JanPennekamp KlausWehrle StefanDecker inproceedings 2021_gleim_factstack 2021 5 31 P-312 371-395 Data exchange throughout the supply chain is essential for the agile and adaptive manufacturing processes of Industry 4.0. As companies employ numerous, frequently mutually incompatible data management and preservation approaches, interorganizational data sharing and reuse regularly requires human interaction and is thus associated with high overhead costs. An interoperable system, supporting the unified management, preservation and exchange of data across organizational boundaries is missing to date. We propose FactStack, a unified approach to data management and preservation based upon a novel combination of existing Web-standards and tightly integrated with the HTTP protocol itself. Based on the FactDAG model, FactStack guides and supports the full data lifecycle in a FAIR and interoperable manner, independent of individual software solutions and backward-compatible with existing resource oriented architectures. We describe our reference implementation of the approach and evaluate its performance, showcasing scalability even to high-throughput applications. We analyze the system's applicability to industry using a representative real-world use case in aircraft manufacturing based on principal requirements identified in prior work. We conclude that FactStack fulfills all requirements and provides a promising solution for the on-demand integration of persistence and provenance into existing resource-oriented architectures, facilitating data management and preservation for the agile and interorganizational manufacturing processes of Industry 4.0. Through its open source distribution, it is readily available for adoption by the community, paving the way for improved utility and usability of data management and preservation in digital manufacturing and supply chains. Lecture Notes in Informatics (LNI), Volume P-312 Web Technologies; Data Management; Memento; Persistence; PID; Industry 4.0 internet-of-production https://comsys.rwth-aachen.de/fileadmin/papers/2021/2021-gleim-btw-iop-interoperability-realization.pdf Gesellschaft für Informatik Proceedings of the 19th Symposium for Database Systems for Business, Technology and Web (BTW '21), September 13-17, 2021, Dresden, Germany Dresden, Germany September 13-17, 2021 978-3-88579-705-0 1617-5468 10.18420/btw2021-20 1 LarsGleim JanPennekamp LiamTirpitz SaschaWelten FlorianBrillowski StefanDecker article 2021_buckhorst_lmas Procedia CIRP 2021 5 3 99 448-453 Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike. Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf Elsevier Gulf of Naples, Italy July 14-17, 2020 2212-8271 10.1016/j.procir.2021.03.064 1 Armin F.Buckhorst BenjaminMontavon DominikWolfschläger MelanieBuchsbaum AmirShahidi HenningPetruck IkeKunze JanPennekamp ChristianBrecher MathiasHüsing BurkhardCorves VerenaNitsch KlausWehrle Robert H.Schmitt article 2021_bader_privaccichain Information Processing & Management 2021 5 1 58 3 The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships. multi-hop collaboration; tracking and tracing; Internet of Production; e.GO; attribute-based encryption internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-bader-ipm-privaccichain.pdf Elsevier 0306-4573 10.1016/j.ipm.2021.102529 1 LennartBader JanPennekamp RomanMatzutt DavidHedderich MarkusKowalski VolkerLücken KlausWehrle inproceedings 2021_dahlmanns_entrust 2021 4 28 78–87 The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems. cyber-physical system security; publish-subscribe security; end-to-end security internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf ACM Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA Virtual Event, USA ACM Workshop on Secure and Trustworthy Cyber-Physical Systems April 28, 2021 978-1-4503-8319-6/21/04 10.1145/3445969.3450423 1 MarkusDahlmanns JanPennekamp Ina BereniceFink BerndSchoolmann KlausWehrle MartinHenze inproceedings 2020_pennekamp_benchmarking 2020 12 15 31-44 Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of companies using secure multi-party computation or homomorphic encryption. However, related work so far does not consider that also the benchmarking algorithm, used in today's applied real-world scenarios to compute all relevant statistics, itself contains significant intellectual property, and thus needs to be protected. Addressing this issue, we present PCB — a practical design for Privacy-preserving Company Benchmarking that utilizes homomorphic encryption and a privacy proxy — which is specifically tailored for realistic real-world applications in which we protect companies' sensitive input data and the valuable algorithms used to compute underlying key performance indicators. We evaluate PCB's performance using synthetic measurements and showcase its applicability alongside an actual company benchmarking performed in the domain of injection molding, covering 48 distinct key performance indicators calculated out of hundreds of different input values. By protecting the privacy of all participants, we enable them to fully profit from the benefits of company benchmarking. practical encrypted computing; homomorphic encryption; algorithm confidentiality; benchmarking; key performance indicators; industrial application; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-company-benchmarking.pdf https://eprint.iacr.org/2020/1512 HomomorphicEncryption.org Proceedings of the 8th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC '20), December 15, 2020, Virtual Event Virtual Event December 15, 2020 978-3-00-067798-4 10.25835/0072999 1 JanPennekamp PatrickSapel Ina BereniceFink SimonWagner SebastianReuter ChristianHopmann KlausWehrle MartinHenze inproceedings 2020_pennekamp_parameter_exchange 2020 12 10 510-525 Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging valuable production data entails the risk of improper use of potentially sensitive information. Therefore, companies hesitate to offer their production data, e.g., process parameters that would allow other companies to establish new production lines faster, against a quid pro quo. Nevertheless, the expected benefits of industrial collaboration, data exchanges, and the utilization of external knowledge are significant. In this paper, we introduce our Bloom filter-based Parameter Exchange (BPE), which enables companies to exchange process parameters privacy-preservingly. We demonstrate the applicability of our platform based on two distinct real-world use cases: injection molding and machine tools. We show that BPE is both scalable and deployable for different needs to foster industrial collaborations. Thereby, we reward data-providing companies with payments while preserving their valuable data and reducing the risks of data leakage. secure industrial collaboration; Bloom filter; oblivious transfer; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-parameter-exchange.pdf ACM Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA Austin, TX, USA December 7-11, 2020 978-1-4503-8858-0/20/12 10.1145/3427228.3427248 1 JanPennekamp ErikBuchholz YannikLockner MarkusDahlmanns TiandongXi MarcelFey ChristianBrecher ChristianHopmann KlausWehrle inproceedings 2020_delacadena_trafficsliver 2020 11 12 1971-1985 Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only. To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network. Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf https://github.com/TrafficSliver ACM Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA Virtual Event, USA November 9-13, 2020 978-1-4503-7089-9/20/11 10.1145/3372297.3423351 1 WladimirDe la Cadena AsyaMitseva JensHiller JanPennekamp SebastianReuter JulianFilter KlausWehrle ThomasEngel AndriyPanchenko inproceedings 2020_gleim_factdag_provenance 2020 11 1 2821 53-58 To foster data sharing and reuse across organizational boundaries, provenance tracking is of vital importance for the establishment of trust and accountability, especially in industrial applications, but often neglected due to associated overhead. The abstract FactDAG data interoperability model strives to address this challenge by simplifying the creation of provenance-linked knowledge graphs of revisioned (and thus immutable) resources. However, to date, it lacks a practical provenance implementation. In this work, we present a concrete alignment of all roles and relations in the FactDAG model to the W3C PROV provenance standard, allowing future software implementations to directly produce standard-compliant provenance information. Maintaining compatibility with existing PROV tooling, an implementation of this mapping will pave the way for practical FactDAG implementations and deployments, improving trust and accountability for Open Data through simplified provenance management. Provenance; Data Lineage; Open Data; Semantic Web Technologies; Ontology Alignment; PROV; RDF; Industry 4.0; Internet of Production; IIoT internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-factdag-provenance.pdf CEUR Workshop Proceedings Proceedings of the 6th Workshop on Managing the Evolution and Preservation of the Data Web (MEPDaW '20), co-located with the 19th International Semantic Web Conference (ISWC '20), November 1-6, 2020, Athens, Greece, Athens, Greece November 1-6, 2020 1613-0073 1 LarsGleim LiamTirpitz JanPennekamp StefanDecker inproceedings 2020-dahlmanns-imc-opcua 2020 10 27 101-110 Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols. industrial communication; network security; security configuration internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf ACM Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA Pittsburgh, PA, USA ACM Internet Measurement Conference 2020 October 27-29, 2020 978-1-4503-8138-3/20/10 10.1145/3419394.3423666 1 MarkusDahlmanns JohannesLohmöller Ina BereniceFink JanPennekamp KlausWehrle MartinHenze inproceedings 2020_matzutt_anonboot 2020 10 7 531-542 Distributed anonymity services, such as onion routing networks or cryptocurrency tumblers, promise privacy protection without trusted third parties. While the security of these services is often well-researched, security implications of their required bootstrapping processes are usually neglected: Users either jointly conduct the anonymization themselves, or they need to rely on a set of non-colluding privacy peers. However, the typically small number of privacy peers enable single adversaries to mimic distributed services. We thus present AnonBoot, a Sybil-resistant medium to securely bootstrap distributed anonymity services via public blockchains. AnonBoot enforces that peers periodically create a small proof of work to refresh their eligibility for providing secure anonymity services. A pseudo-random, locally replicable bootstrapping process using on-chain entropy then prevents biasing the election of eligible peers. Our evaluation using Bitcoin as AnonBoot's underlying blockchain shows its feasibility to maintain a trustworthy repository of 1000 peers with only a small storage footprint while supporting arbitrarily large user bases on top of most blockchains. anonymization; bootstrapping; public blockchain; Sybil attack; anonymity network; cryptocurrency tumbler; Bitcoin; Tor impact_digital; digital_campus https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-anonboot.pdf ACM Proceedings of the 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS '20), October 5-9, 2020, Taipei, Taiwan Taipei, Taiwan ASIACCS 2020 October 5-9, 2020 978-1-4503-6750-9/20/10 10.1145/3320269.3384729 1 RomanMatzutt JanPennekamp ErikBuchholz KlausWehrle article 2020_niemietz_stamping Procedia Manufacturing 2020 7 11 49 61-68 Sharing data between companies throughout the supply chain is expected to be beneficial for product quality as well as for the economical savings in the manufacturing industry. To utilize the available data in the vision of an Internet of Production (IoP) a precise condition monitoring of manufacturing and production processes that facilitates the quantification of influences throughout the supply chain is inevitable. In this paper, we consider stamping processes in the context of an Internet of Production and the preliminaries for analytical models that utilize the ever-increasing available data. Three research objectives to cope with the amount of data and for a methodology to monitor, analyze and evaluate the influence of available data onto stamping processes have been identified: (i) State detection based on cyclic sensor signals, (ii) mapping of in- and output parameter variations onto process states, and (iii) models for edge and in-network computing approaches. After discussing state-of-the-art approaches to monitor stamping processes and the introduction of the fineblanking process as an exemplary stamping process, a research roadmap for an IoP enabling modeling framework is presented. Proceedings of the 8th International Conference on Through-Life Engineering Service (TESConf '19), October 27-29, 2019, Cleveland, OH, USA Stamping Process; Industry 4.0; Fine-blanking; Internet of production; Condition monitoring; Data analytics internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-niemietz-stamping-modelling.pdf Elsevier Cleveland, OH, USA October 27-29, 2019 2351-9789 10.1016/j.promfg.2020.06.012 1 PhilippNiemietz JanPennekamp IkeKunze DanielTrauth KlausWehrle ThomasBergs inproceedings 2020_pennekamp_supply_chain_sensing 2020 7 1 Trust along digitalized supply chains is challenged by the aspect that monitoring equipment may not be trustworthy or unreliable as respective measurements originate from potentially untrusted parties. To allow for dynamic relationships along supply chains, we propose a blockchain-backed supply chain monitoring architecture relying on trusted hardware. Our design provides a notion of secure end-to-end sensing of interactions even when originating from untrusted surroundings. Due to attested checkpointing, we can identify misinformation early on and reliably pinpoint the origin. A blockchain enables long-term verifiability for all (now trustworthy) IoT data within our system even if issues are detected only after the fact. Our feasibility study and cost analysis further show that our design is indeed deployable in and applicable to today's supply chain settings. supply chain; trusted computing; trusted execution; blockchain; Internet of Production; condition monitoring internet-of-production https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-supply-chain-sensing.pdf IEEE Proceedings of the 5th International Workshop on Cyber-Physical Systems Security (CPS-Sec '20), co-located with the 8th IEEE Conference on Communications and Network Security (CNS '20), June 29-July 1, 2020, Avignon, France Avignon, France June 29-July 1, 2020 978-1-7281-4760-4 10.1109/CNS48642.2020.9162337 1 JanPennekamp FritzAlder RomanMatzutt Jan TobiasMühlberg FrankPiessens KlausWehrle inproceedings 2020_matzutt_coinprune 2020 6 24 298-306 Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices. blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin mynedata; impact_digital; digital_campus https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coinprune.pdf https://coinprune.comsys.rwth-aachen.de IEEE Proceedings of the 19th IFIP Networking 2020 Conference (NETWORKING '20), June 22-26, 2020, Paris, France Paris, France NETWORKING 2020 June 22-26, 2020 978-3-903176-28-7 1 RomanMatzutt BenediktKalde JanPennekamp ArthurDrichel MartinHenze KlausWehrle inproceedings 2020_pennekamp_supply_chain_accountability 2020 6 7 Today's supply chains are becoming increasingly flexible in nature. While adaptability is vastly increased, these more dynamic associations necessitate more extensive data sharing among different stakeholders while simultaneously overturning previously established levels of trust. Hence, manufacturers' demand to track goods and to investigate root causes of issues across their supply chains becomes more challenging to satisfy within these now untrusted environments. Complementarily, suppliers need to keep any data irrelevant to such routine checks secret to remain competitive. To bridge the needs of contractors and suppliers in increasingly flexible supply chains, we thus propose to establish a privacy-preserving and distributed multi-hop accountability log among the involved stakeholders based on Attribute-based Encryption and backed by a blockchain. Our large-scale feasibility study is motivated by a real-world manufacturing process, i.e., a fine blanking line, and reveals only modest costs for multi-hop tracing and tracking of goods. supply chain; multi-hop tracking and tracing; blockchain; attribute-based encryption; Internet of Production internet-of-production https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-supply-chain-privacy.pdf IEEE Proceedings of the 2020 IEEE International Conference on Communications Workshops (ICC Workshops '20), 1st Workshop on Blockchain for IoT and Cyber-Physical Systems (BIoTCPS '20), June 7-11, 2020, Dublin, Ireland Dublin, Ireland June 7-11, 2020 978-1-7281-7440-2 2474-9133 10.1109/ICCWorkshops49005.2020.9145100 1 JanPennekamp LennartBader RomanMatzutt PhilippNiemietz DanielTrauth MartinHenze ThomasBergs KlausWehrle article 2020_gleim_factDAG IEEE Internet of Things Journal 2020 4 14 7 4 3243-3253 In the production industry, the volume, variety and velocity of data as well as the number of deployed protocols increase exponentially due to the influences of IoT advances. While hundreds of isolated solutions exist to utilize this data, e.g., optimizing processes or monitoring machine conditions, the lack of a unified data handling and exchange mechanism hinders the implementation of approaches to improve the quality of decisions and processes in such an interconnected environment. The vision of an Internet of Production promises the establishment of a Worldwide Lab, where data from every process in the network can be utilized, even interorganizational and across domains. While numerous existing approaches consider interoperability from an interface and communication system perspective, fundamental questions of data and information interoperability remain insufficiently addressed. In this paper, we identify ten key issues, derived from three distinctive real-world use cases, that hinder large-scale data interoperability for industrial processes. Based on these issues we derive a set of five key requirements for future (IoT) data layers, building upon the FAIR data principles. We propose to address them by creating FactDAG, a conceptual data layer model for maintaining a provenance-based, directed acyclic graph of facts, inspired by successful distributed version-control and collaboration systems. Eventually, such a standardization should greatly shape the future of interoperability in an interconnected production industry. Data Management; Data Versioning; Interoperability; Industrial Internet of Things; Worldwide Lab internet-of-production https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-iotj-iop-interoperability.pdf IEEE 2327-4662 10.1109/JIOT.2020.2966402 1 LarsGleim JanPennekamp MartinLiebenberg MelanieBuchsbaum PhilippNiemietz SimonKnape AlexanderEpple SimonStorms DanielTrauth ThomasBergs ChristianBrecher StefanDecker GerhardLakemeyer KlausWehrle inproceedings 2020_roepert_opcua 2020 4 2 To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors. internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf en University of Tübingen Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany Tübingen, Germany April 2-3, 2020 10.15496/publikation-41813 1 LinusRoepert MarkusDahlmanns Ina BereniceFink JanPennekamp MartinHenze article 2020_mann_welding_layers Advanced Structured Materials 2020 4 1 125 101-118 A connected, digitalized welding production unlocks vast and dynamic potentials: from improving state of the art welding to new business models in production. For this reason, offering frameworks, which are capable of addressing multiple layers of applications on the one hand and providing means of data security and privacy for ubiquitous dataflows on the other hand, is an important step to enable the envisioned advances. In this context, welding production has been introduced from the perspective of interlaced process layers connecting information sources across various entities. Each layer has its own distinct challenges from both a process view and a data perspective. Besides, investigating each layer promises to reveal insight into (currently unknown) process interconnections. This approach has been substantiated by methods for data security and privacy to draw a line between secure handling of data and the need of trustworthy dealing with sensitive data among different parties and therefore partners. In conclusion, the welding production has to develop itself from an accumulation of local and isolated data sources towards a secure industrial collaboration in an Internet of Production. Proceedings of the 1st International Conference on Advanced Joining Processes (AJP '19) Welding Production; Industrie 4.0; Internet of Production; Data Security; Data Privacy Internet-of-Production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-mann-welding-layers.pdf Springer Ponta Delgada, Azores, Portugal October 24-25, 2019 978-981-15-2956-6 1869-8433 10.1007/978-981-15-2957-3_8 1 SamuelMann JanPennekamp TobiasBrockhoff AnahitaFarhang MahsaPourbafrani LukasOster Merih SeranUysal RahulSharma UweReisgen KlausWehrle Wilvan der Aalst inproceedings 2020_matzutt_coralis 2020 1 7 529-534 Traditionally, the university landscape is highly federated, which hinders potentials for coordinated collaborations. While the lack of a strict hierarchy on the inter-university level is critical for ensuring free research and higher education, this concurrency limits the access to high-quality education materials. Especially regarding resources such as lecture notes or exercise tasks we observe a high susceptibility to redundant work and lacking quality assessment of material created in isolation by individual university institutes. To remedy this situation, in this paper we propose CORALIS, a decentralized marketplace for offering, acquiring, discussing, and improving education resources across university borders. Our design is based on a permissioned blockchain to (a) realize accountable access control via simple on-chain license terms, (b) trace the evolution of encrypted containers accumulating bundles of shareable education resources, and (c) record user comments and ratings for further improving the quality of offered education material. blockchain platform; permissioned blockchain; education material; quality assessment; collaborative work impact_digital https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coralis.pdf IEEE Proceedings of the 34th International Conference on Information Networking (ICOIN '20), January 7-10, 2020, Barcelona, Spain Barcelona, Spain January 7-10, 2020 978-1-7281-4199-2 10.1109/ICOIN48656.2020.9016478 1 RomanMatzutt JanPennekamp KlausWehrle inproceedings 2019_pennekamp_securityConsiderations 2019 12 4 The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments. secure industrial collaboration; interconnected cyber-physical systems; stakeholders; Internet of Production internet-of-production; iotrust https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-security-considerations.pdf IEEE Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT '19), December 4–7, 2019, Dubai, United Arab Emirates Dubai, United Arab Emirates December 4–7, 2019 978-1-7281-4873-1 10.1109/GCIoT47977.2019.9058413 1 JanPennekamp MarkusDahlmanns LarsGleim StefanDecker KlausWehrle inproceedings 2019_delacadena_countermeasure 2019 11 12 2533-2535 Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95% to less than 35% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf ACM Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom London, United Kingdom November 11-15, 2019 978-1-4503-6747-9/19/11 10.1145/3319535.3363249 1 WladimirDe la Cadena AsyaMitseva JanPennekamp JensHiller FabianLanze ThomasEngel KlausWehrle AndriyPanchenko inproceedings 2019_pennekamp_dataflows 2019 11 11 27-38 The Internet of Production (IoP) envisions the interconnection of previously isolated CPS in the area of manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality as well as reduced product development costs and time to market. This interconnection of CPS will lead to a plethora of new dataflows, especially between (partially) distrusting entities. In this paper, we identify and illustrate these envisioned inter-organizational dataflows and the participating entities alongside two real-world use cases from the production domain: a fine blanking line and a connected job shop. Our analysis allows us to identify distinct security and privacy demands and challenges for these new dataflows. As a foundation to address the resulting requirements, we provide a survey of promising technical building blocks to secure inter-organizational dataflows in an IoP and propose next steps for future research. Consequently, we move an important step forward to overcome security and privacy concerns as an obstacle for realizing the promised potentials in an Internet of Production. Internet of Production; dataflows; Information Security internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-dataflows.pdf ACM Proceedings of the 5th ACM Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '19), co-located with the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom London, United Kingdom November 11-15, 2019 978-1-4503-6831-5/19/11 10.1145/3338499.3357357 1 JanPennekamp MartinHenze SimoSchmidt PhilippNiemietz MarcelFey DanielTrauth ThomasBergs ChristianBrecher KlausWehrle inproceedings 2019-hiller-icnp-tailoringOR 2019 10 10 An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888033 1 JensHiller JanPennekamp MarkusDahlmanns MartinHenze AndriyPanchenko KlausWehrle inproceedings 2019_pennekamp_multipath 2019 10 7 Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation. Poster Session https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888029 1 JanPennekamp JensHiller SebastianReuter WladimirDe la Cadena AsyaMitseva MartinHenze ThomasEngel KlausWehrle AndriyPanchenko inproceedings 2019-dahlmanns-icnp-knowledgeSystem 2019 10 7 More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only. Poster Session private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer kimusin; internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888121 1 MarkusDahlmanns ChrisDax RomanMatzutt JanPennekamp JensHiller KlausWehrle inproceedings 2019_pennekamp_doppelganger 2019 5 13 197-205 Public opinion manipulation is a serious threat to society, potentially influencing elections and the political situation even in established democracies. The prevalence of online media and the opportunity for users to express opinions in comments magnifies the problem. Governments, organizations, and companies can exploit this situation for biasing opinions. Typically, they deploy a large number of pseudonyms to create an impression of a crowd that supports specific opinions. Side channel information (such as IP addresses or identities of browsers) often allows a reliable detection of pseudonyms managed by a single person. However, while spoofing and anonymizing data that links these accounts is simple, a linking without is very challenging. In this paper, we evaluate whether stylometric features allow a detection of such doppelgängers within comment sections on news articles. To this end, we adapt a state-of-the-art doppelgängers detector to work on small texts (such as comments) and apply it on three popular news sites in two languages. Our results reveal that detecting potential doppelgängers based on linguistics is a promising approach even when no reliable side channel information is available. Preliminary results following an application in the wild shows indications for doppelgängers in real world data sets. online manipulation; doppelgänger detection; stylometry comtex https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-doppelganger.pdf ACM Companion Proceedings of the 2019 World Wide Web Conference (WWW '19 Companion), 4th Workshop on Computational Methods in Online Misbehavior (CyberSafety '19), May 13–17, 2019, San Francisco, CA, USA San Francisco, California, USA May 13-17, 2019 978-1-4503-6675-5/19/05 10.1145/3308560.3316496 1 JanPennekamp MartinHenze OliverHohlfeld AndriyPanchenko inproceedings 2019_pennekamp_infrastructure 2019 5 8 31-37 New levels of cross-domain collaboration between manufacturing companies throughout the supply chain are anticipated to bring benefits to both suppliers and consumers of products. Enabling a fine-grained sharing and analysis of data among different stakeholders in an automated manner, such a vision of an Internet of Production (IoP) introduces demanding challenges to the communication, storage, and computation infrastructure in production environments. In this work, we present three example cases that would benefit from an IoP (a fine blanking line, a high pressure die casting process, and a connected job shop) and derive requirements that cannot be met by today’s infrastructure. In particular, we identify three orthogonal research objectives: (i) real-time control of tightly integrated production processes to offer seamless low-latency analysis and execution, (ii) storing and processing heterogeneous production data to support scalable data stream processing and storage, and (iii) secure privacy-aware collaboration in production to provide a basis for secure industrial collaboration. Based on a discussion of state-of-the-art approaches for these three objectives, we create a blueprint for an infrastructure acting as an enabler for an IoP. Internet of Production; Cyber-Physical Systems; Data Processing; Low Latency; Secure Industrial Collaboration internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-iop-infrastructure.pdf IEEE Proceedings of the 2nd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '19), May 6-9, 2019, Taipei, TW Taipei, TW May 6-9, 2019 978-1-5386-8500-6/19 10.1109/ICPHYS.2019.8780276 1 JanPennekamp RenéGlebke MartinHenze TobiasMeisen ChristophQuix RihanHai LarsGleim PhilippNiemietz MaximilianRudack SimonKnape AlexanderEpple DanielTrauth UweVroomen ThomasBergs ChristianBrecher AndreasBührig-Polaczek MatthiasJarke KlausWehrle article 2019_wehrle_dagstuhl_beginners ACM SIGCOMM Computer Communication Review 2019 1 49 1 24-30 Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others. 0146-4833 10.1145/3314212.3314217 VaibhavBajpai AnnaBrunstrom AnjaFeldmann WolfgangKellerer AikoPras HenningSchulzrinne GeorgiosSmaragdakis MatthiasWählisch KlausWehrle inproceedings 2018-hiller-ic2e-cpplintegration 2018 4 19 241-249 ssiclops,iop https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-ic2e-policy-aware-cloud.pdf https://ieeexplore.ieee.org/document/8360335 IEEE Proceedings of the 2018 IEEE International Conference on Cloud Engineering (IC2E 2018), Orlando, Florida, USA Orlando, Florida, USA 2018 IEEE International Conference on Cloud Engineering (IC2E 2018) 2018-04-19 978-1-5386-5008-0 10.1109/IC2E.2018.00050 1 JensHiller MaelKimmerlin MaxPlauth SeppoHeikkila StefanKlauck VilleLindfors FelixEberhardt DariuszBursztynowski Jesus LlorenteSantos OliverHohlfeld KlausWehrle inproceedings 2018-rueth-quicadoptionstudy 2018 3 26 255-268 maki,reflexes https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-rueth-quicadoptionstudy.pdf https://arxiv.org/abs/1801.05168 Springer, Cham In Proceedings of the Passive and Active Measurement Conference (PAM '18) Berlin, Germany Passive and Active Measurement Conference (PAM 2018) 26.3.2018 - 27.3.2018 en 978-3-319-76481-8 10.1007/978-3-319-76481-8_19 1 JanRüth IngmarPoese ChristophDietzel OliverHohlfeld article 2017-pennekamp-pmc-survey Pervasive and Mobile Computing 2017 12 42 58-76 With the increasing proliferation of smartphones, enforcing privacy of smartphone users becomes evermore important. Nowadays, one of the major privacy challenges is the tremendous amount of permissions requested by applications, which can significantly invade users' privacy, often without their knowledge. In this paper, we provide a comprehensive review of approaches that can be used to report on applications' permission usage, tune permission access, contain sensitive information, and nudge users towards more privacy-conscious behavior. We discuss key shortcomings of privacy enforcement on smartphones so far and identify suitable actions for the future. Smartphones; Permission Granting; Privacy; Nudging trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-pennekamp-pmc-survey.pdf Online Elsevier en 1574-1192 10.1016/j.pmcj.2017.09.005 1 JanPennekamp MartinHenze KlausWehrle inproceedings 2017-poormohammady 13th International Conference on Network and Service Management 2017 11 26 Online IEEE 13th International Conference on Network and Service Management, Tokyo, Japan en 10.23919/CNSM.2017.8256009 1 EhsanPoormohammady Jens HelgeReelfs MirkoStoffers KlausWehrle ApostolosPapageorgiou inproceedings 2017-henze-mobiquitous-cloudanalyzer 2017 11 7 262-271 Developers of smartphone apps increasingly rely on cloud services for ready-made functionalities, e.g., to track app usage, to store data, or to integrate social networks. At the same time, mobile apps have access to various private information, ranging from users' contact lists to their precise locations. As a result, app deployment models and data flows have become too complex and entangled for users to understand. We present CloudAnalyzer, a transparency technology that reveals the cloud usage of smartphone apps and hence provides users with the means to reclaim informational self-determination. We apply CloudAnalyzer to study the cloud exposure of 29 volunteers over the course of 19 days. In addition, we analyze the cloud usage of the 5000 most accessed mobile websites as well as 500 popular apps from five different countries. Our results reveal an excessive exposure to cloud services: 90 % of apps use cloud services and 36 % of apps used by volunteers solely communicate with cloud services. Given the information provided by CloudAnalyzer, users can critically review the cloud usage of their apps. Privacy; Smartphones; Cloud Computing; Traffic Analysis trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-cloudanalyzer.pdf Online ACM Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '17), November 7-10, 2017, Melbourne, VIC, Australia Melbourne, VIC, Australia November 7-10, 2017 en 978-1-4503-5368-7 10.1145/3144457.3144471 1 MartinHenze JanPennekamp DavidHellmanns ErikMühmer Jan HenrikZiegeldorf ArthurDrichel KlausWehrle inproceedings 2017-panchenko-wpes-fingerprinting 2017 10 30 https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-panchenko-wpes-fingerprinting.pdf Online ACM Proceedings of the 16th Workshop on Privacy in the Electronic Society (WPES), co-located with the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, TX, USA en 978-1-4503-5175-1 10.1145/3139550.3139564 1 AndriyPanchenko AsyaMitseva MartinHenze FabianLanze KlausWehrle ThomasEngel article 2017-ziegeldorf-bmcmedgenomics-bloom BMC Medical Genomics 2017 7 26 10 Suppl 2 29-42 Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude. Proceedings of the 5th iDASH Privacy and Security Workshop 2016 Secure outsourcing; Homomorphic encryption; Bloom filters sscilops; mynedata; rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf Online BioMed Central Chicago, IL, USA November 11, 2016 en 1755-8794 10.1186/s12920-017-0277-y 1 Jan HenrikZiegeldorf JanPennekamp DavidHellmanns FelixSchwinger IkeKunze MartinHenze JensHiller RomanMatzutt KlausWehrle article dombrowski-vdi VDE Positionspapier 2017 6 1 VDE - Verband der Elektrotechnik, Elektronik, Informationstechnik e.V.

Stresemannallee 15, 60596 Frankfurt am Main, Germany

IsmetAktas AlexanderBentkus FlorianBonanati ArminDekorsy ChristianDombrowski MichaelDoubrava AliGolestani FrankHofmann MikeHeidrich StefanHiensch RüdigerKays MichaelMeyer AndreasMüller Stephanten Brink NedaPetreska MilanPopovic LutzRauchhaupt AhmadSaad HansSchotten ChristophWöste IngoWolff inproceedings 2017-serror-ew-koi 2017 5 17 koi https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-serror-radio-design-ew17.pdf IEEE Proc. of 23rd European Wireless Conference (EW17), Dresden, Germany Dresden, Germany Proc. of 23rd European Wireless Conference (EW17) 17.-19. May 2017 1 Shehzad AliAshraf Y.-P. EricWang SamehEldessoki BerndHolfeld DonaldParruca MartinSerror JamesGross proceedings 2017-serror-netsys-industrial 2017 3 16 koi https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/Ansari_et_al_Wireless_Industrial_Automation_Demo_NetSys_2017.pdf IEEE Göttingen, Germany International Conference on Networked Systems (NetSys 2017) 10.1109/NetSys.2017.7931496 1 JunaidAnsari IsmetAktas ChristianBrecher ChristophPallasch NicolaiHoffmann MarkusObdenbusch MartinSerror KlausWehrle JamesGross phdthesis 2017-parruca-phdthesis 2017 RWTH Aachen University DonaldParruca inproceedings 2016-mitseva-ccs-fingerprinting 2016 10 24 1766-1768 https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-mitseva-ccs-fingerprinting.pdf Online ACM Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria en 978-1-4503-4139-4 10.1145/2976749.2989054 1 AsyaMitseva AndriyPanchenko FabianLanze MartinHenze KlausWehrle ThomasEngel conference 2016-hohlfeld-qcman 2016 9 Assessing the impact of network delay on perceived quality of gaming has been subject to many studies involving different genres ranging from fast-paced first-person shooters to strategy games. This paper assesses the impact of network latency on the Quality of Experience (QoE) of casual gamers playing Minecraft. It is based on a user study involving 12 casual gamers with no prior experience with Minecraft. QoE is assessed using the Game Experience Questionnaire (GEQ) and dedicated questions for the overall perceived quality and experienced gameplay interruptions. The main finding is that casual Minecraft players are rather insensitive to network delay of up to 1 sec. https://i-teletraffic.org/_Resources/Persistent/bc99ba4324ebc7cf1369f09a6caa334c0203943f/Hohlfeld2016.pdf http://ieeexplore.ieee.org/abstract/document/7810715/?reload=true IEEE QCMan IEEE QCMan 10.1109/ITC-28.2016.313 OliverHohlfeld HannesFiedler EnricPujol DennisGuse inproceedings 2016-panchenko-ndss-fingerprinting 2016 2 21 The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a client) of encrypted and anonymized connections by observing patterns of data flows such as packet size and direction. This attack can be performed by a local passive eavesdropper – one of the weakest adversaries in the attacker model of anonymization networks such as Tor. In this paper, we present a novel website fingerprinting attack. Based on a simple and comprehensible idea, our approach outperforms all state-of-the-art methods in terms of classification accuracy while being computationally dramatically more efficient. In order to evaluate the severity of the website fingerprinting attack in reality, we collected the most representative dataset that has ever been built, where we avoid simplified assumptions made in the related work regarding selection and type of webpages and the size of the universe. Using this data, we explore the practical limits of website fingerprinting at Internet scale. Although our novel approach is by orders of magnitude computationally more efficient and superior in terms of detection accuracy, for the first time we show that no existing method – including our own – scales when applied in realistic settings. With our analysis, we explore neglected aspects of the attack and investigate the realistic probability of success for different strategies a real-world adversary may follow. https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-panchenko-ndss-fingerprinting.pdf https://www.informatik.tu-cottbus.de/~andriy/zwiebelfreunde/ Internet Society Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS '16), February 21-24, 2016, San Diego, CA, USA San Diego, CA, USA February 21-24, 2016 978-1-891562-41-9 10.14722/ndss.2016.23477 1 AndriyPanchenko FabianLanze AndreasZinnen MartinHenze JanPennekamp KlausWehrle ThomasEngel phdthesis 2015-punal-phdthesis 2015 RWTH Aachen University OscarPuñal conference HohlfeldIMC 2014 11 ACM Internet Measurement Conference accepted OliverHohlfeld EnricPujol FlorinCiucu AnjaFeldmann PaulBarford conference parruca_2014ICIC 2014 9 21 To minimize interference in LTE networks, several inter-cell interference coordination (ICIC) techniques have been in- troduced. Among them, semi-static ICIC offers a balanced trade-off between applicability and system performance. The power allocation per resource block and cell is adapted in the range of seconds according to the load in the system. An open issue in the literature is the question how fast the adaptation should be performed. This leads basically to a trade-off between system performance and feasible compu- tation times of the associated power allocation problems. In this work, we close this open issue by studying the impact that different durations of update times of semi-static ICIC have on the system performance. We conduct our study on realistic scenarios considering also the mobility of mobile terminals. Secondly, we also consider the implementation aspects of a semi-static ICIC. We introduce a very efficient implementation on general purpose graphic processing units, harnessing the parallel computing capability of such devices. We show that the update periods have a significant impact on the performance of cell edge terminals. Additionally, we present a graphic processing unit (GPU) based implementation which speeds up existing implementations up to a factor of 92x. OFDMA; LTE; ICIC; Inter-Cell Interference Coordination; GPU; GA; Genetic Algorithm; 4G; Cellular Networks; In- terference; Proportional Fair Scheduling ACM ACM Proceedings of the 17th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWIM-14) Montreal, QC, Canada International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWIM-14) September 21-26 2014 http://dx.doi.org/10.1145/2641798.2641818 1 DonaldParruca FahadAizaz SoamsiriChantaraskul JamesGross inproceedings 2014-aktas-wintech-a-framework-for-remote-automation-configuration-and-monitoring 2014 9 7 1--8 crawler fileadmin/papers/2014/2014-aktas-wintech-remote-cross-layer.pdf Online ACM Proceedings of the 9th ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization (WiNTECH 2014), Hawaii, USA Hawaii, USA 9th ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization (WiNTECH 2014) 7 September 2014 en 978-1-4503-3072-5 10.1145/2643230.2643236 1 IsmetAktas OscarPuñal FlorianSchmidt TobiasDrüner KlausWehrle inproceedings 2014-aktas-punal-wowmom-machine-learning-based-jamming-detection-for-80211-conference Proceedings of the 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'14), Sydney, Australia 2014 6 16 1--10 crawler fileadmin/papers/2014/2014-aktas-wowmom-jammingdetection.pdf Online IEEE Proceedings of the 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'14), Sydney, Australia Sydney 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'14) 16-19 June, 2014 en 1 OscarPuñal IsmetAktas Caj-JulianSchnelke GloriaAbidin JamesGross KlausWehrle article parruca2014icc Proceedings of IEEE International Conference on Communications (ICC 2014) 2014 6 11 fileadmin/papers/2014/2014_parruca_gross.pdf Online en 1 DonaldParruca JamesGross conference CiucuPH2014 2014 5 http://www.ieee-lanman.org/ IEEE IEEE LANMAN Reno, NV, USA 1 FlorinCiucu FelixPoloczek OliverHohlfeld inproceedings 2014-smartcity-zimmermann-pubtrans 2014 3 30 fileadmin/papers/2014/2014-zimmermann-smartcity-pubtrans.pdf Online IEEE Proceedings of the 1st International IEEE Workshop on Architectures and Technologies for Smart Cities (SmartCitiy'14), Dubai, UAE Dubai, UAE 1st International IEEE Workshop on Architectures and Technologies for Smart Cities (SmartCitiy'14) 30 March - 2 April 2014 en 10.1109/NTMS.2014.6814007 1 TorstenZimmermann HannoWirtz OscarPuñal KlausWehrle conference VTC2013_parruca_gross 2013 9 Various system tasks like interference coordination, handover decisions, admission control etc. in upcoming cellular networks require precise mid-term (spanning over a few seconds) performance models. Due to channel-dependent scheduling at the base station, these performance models are not simple to obtain. Furthermore, upcoming cellular systems will be interference-limited, hence, the way interference is modeled is crucial for the accuracy. In this paper we present an analytical model for the SINR distribution of the scheduled subcarriers of an OFDMA system with proportional fair scheduling. The model takes the precise SINR distribution into account. We furthermore refine our model with respect to uniform modulation and coding, as applied in LTE networks. The derived models are validated by means of simulations. In additon, we show that our models are approximate estimators for the performance of rate-based proportional fair scheduling, while they outperform some simpler prediction models from related work significantly. https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013_VTC_parruca.pdf Proceedings of IEE Vehicular Telecommunications Conference (VTC-Fall 2013) Las Vegas, USA 2013 IEEE 78th Vehicular Technology Conference 2-5, September, 2013 DonaldParruca MariusGrysla SimonGörtzen JamesGross conference 2013-wowmom-punal-RFRA 2013 6 4 IEEE Proceedings of the 14th IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM'13) Madrid, Spain WoWMoM June, 2013 accepted OscarPuñal HanzhiZhang JamesGross inproceedings Dombrowski2013WiOpt 2013 5 13 341-348 energy minimization;quality-of-service;outage probability;deadline;optimization;multi-hop;average csi;instantaneous csi 11th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt 2013) Tsukuba Science City, Japan English 1 ChristianDombrowski NedaPetreska SimonGörtzen AnkeSchmeink JamesGross proceedings parruca_gross_2013 2013 1 25 1184,1190 Upcoming LTE networks have basically two different modes for scheduling data in the down-link by the base station. Dynamic scheduling brings the advantage of exploiting instantaneous channel state information while it puts on the other hand a significant burden on the system in terms of overhead and computation requirements. Especially for small packets that show up periodically, the overhead is typically too high. Therefore, the base station can serve such packet flows by the semi-persistent scheduling mode. In this mode, a certain resource allocation is fixed to a periodic schedule. While this does not allow any longer to exploit instantaneous channel states, it requires much less overhead. In this paper, we address the problem of selecting a modulation and coding scheme for such semi-persistent scheduling grants. The problem lies here in the stochastic characterization of the resource blocks over the next few seconds while on the other hand estimating based on such a characterization the blok error rate (and hence the average goodput). We provide a novel scheme, which outperforms all previously presented schemes significantly. The underlying model that we provide can also be used for any other long-term decision in an LTE system with semi-persistent scheduling such as interference coordination, handover decision etc. Long Term Evolution;decision making;dynamic scheduling;error statistics;modulation;radio links;resource allocation;stochastic processes;wireless channels;LTE networks;base station;blok error rate;data scheduling;down-link;dynamic scheduling;instantaneous channel state information;long-term decision;modulation selection;packet flows;periodic scheduling;rate selection analysis;resource allocation;resource blocks;semi-persistent scheduling mode;stochastic characterization www.performance.rwth-aachen.de/publications/conferences/2013ICNC_parruca.pdf http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6504261 San Diego, USA International Conference on Computing, Networking and Communications (ICNC) 2013 28-31 January 2013 English 978-1-4673-5287-1 10.1109/ICCNC.2013.6504261 DonaldParruca JamesGross inproceedings 2013-ccnc-lora-gossipmule 2013 1 11 Proceedings of the 1st Workshop on People Centric Sensing and Communications accepted 1 Mónica AlejandraLora Girón AlexanderPaulus KlausWehrle inproceedings 2013-ccncdemo-lora-gossipmule 2013 1 Proceedings of the 10th IEEE Consumer Communications & Networking Conference, CCNC Las Vegas, Nevada, USA CCNC 2013 Demonstration Track accepted Mónica AlejandraLora Girón AlexanderPaulus KlausWehrle conference EW2013_parruca_gross 2013 8 In this paper we consider the design of semi-static inter-cell interference coordination schemes for LTE networks. In this approach, base stations coordinate the power settings per resource block over long time spans such as seconds. In order to optimize the power settings, one needs to employ models which predict the rate of terminals over the next coordination period under the usage of a given power setting. However, these models are typically quite simple and neglect the impact from fading as well as from dynamic resource allocation performed at the base stations on a millisecond basis. Ignoring such properties of OFDMA networks leads therefore to suboptimal transmit power settings. In this paper, we study the impact from a precise rate prediction model that accurately accounts for fading and dynamic resource allocation. On the down-side, this more precise model leads to a much more involved optimization problem to be solved once per coordination period. We propose two different heuristic methods to deal with this problem. Especially the usage of genetic algorithm results to be promising to counteract the complexity increase. We then study the overall system performance and find precise rate prediction models to be essential for semi-static interference coordination as they provide significant performance improvements in comparison to approaches with simpler models. ICIC, proportional fair scheduling, power mask, resource block, scheduling, dynamic scheduling, inter cell interference coordination, LTE, OFDMA, WiMAX https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013_ICIC_parruca_grysla_gross.pdf http://www.vde-verlag.de/proceedings-en/563498043.html vde-verlag vde-verlag

http://www.vde-verlag.de/

Proceedings: European Wireless 2013 Guildford, UK 2013 - 19th European Wireless Conference 04/16/2012 - 04/18/2013 English DonaldParruca MariusGrysla PetriMähönen MarinaPetrova HanZhou FarshadNaghibi JamesGross inproceedings 2012-IPIN-Peter-Versatile-Maps 2012 11 13 1--4 fileadmin/papers/2012/2012-bitsch-IPIN-vegemite.pdf http://www.surveying.unsw.edu.au/ipin2012/proceedings/session.php?code=6C&name=SLAM Online Li, Binghao Li and Gallagher, Thomas School of Surveying and Geospatial Engineering, University of New South Wales, Sydney, Australia Proceedings of the 2012 International Conference on Indoor Positioning and Indoor Navigation (IPIN), Sydney, Australia Sydney, Australia 2012 International Conference on Indoor Positioning and Indoor Navigation November 13--15, 2012 en 978-0-646-57851-4 1 MichaelPeter DieterFritsch BernhardtSchäfer AlfredKleusberg Jó AgilaBitsch Link KlausWehrle inproceedings 2012-pimrc-schmidt-ofra 2012 9 10 1--7 Classical 802.11 rate adaptation algorithms rely on feedback from the receiver to correctly choose a sending rate, typically in the form of acknowledgments (ACKs). In the absence of such frames, novel techniques are required for rate selection. We present OFRA, a receiver-based rate adaptation algorithm that works with ACK-less traffic. Feedback information is sent on-demand using a control frame to explicitly inform the transmitter about which bit rate to use on subsequent data frames. This approach guarantees standard conformity and exhibits fast and accurate bit rate adaptation at the cost of a modest overhead increase. We evaluate the performance of OFRA against various state-of-the-art rate adaptation schemes by means of simulations. If ACK frames are to be transmitted, OFRA performs better than related work in most considered scenarios, and on par in the others. In the absence of ACKs, OFRA provides large goodput gains under good channel conditions and comparable goodput in other situations. OFRA refector fileadmin/papers/2012/2012-schmidt-pimrc-ofra.pdf Online IEEE Proceedings of the 23rd IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC'12), Sydney, Australia Sydney, Australia 23rd IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC'12) 9-12 September 2012 en 978-1-4673-2566-0 2166-9570 10.1109/PIMRC.2012.6362818 1 FlorianSchmidt AnwarHithnawi OscarPuñal JamesGross KlausWehrle inproceedings 2012-lora-mobiopp-Gossipmule:ScanningandDisseminatingInformationBetweenStationsinCooperativeWLANs 2012 3 15 87-88 In Cooperative WLAN scenarios, the lack of a centralized management, the existence of many administrative domains and the current association process in wireless networks make it difficult to guarantee the quality that users expect from services and networks. We present Gossipmule, an agent for wireless nodes that enhances the QoE perceived by users in Cooperative WLANs. Gossipmule uses mobile Crowdsensing between the wireless nodes to collect and disseminate information regarding the network. This information is used by the agent to have a more assertive association when making decisions regarding the user-AP association. (Poster) /fileadmin/papers/2012/2012-lora-MobiOpp12-Gossipmule.pdf http://dl.acm.org/citation.cfm?id=2159576&CFID=88550183&CFTOKEN=31687193 Online ACM

New York, NY, USA

Proceedings of the Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2012, Zurich, Switzerland Zurich, Switzerland Proceedings of the Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2012 2012-03-15 en 978-1-4503-1208-0 10.1145/2159576.2159598 1 Mónica AlejandraLora Girón AlexanderPaulus Jó AgilaBitsch Link KlausWehrle inproceedings Punal12_Jamming 2012 83--92 ACM Proc. of the 9th ACM International Workshop on Vehicular Inter-Networking, Systems, and Applications (VANET'12) OscarPuñal AnaAguiar JamesGross inproceedings Punal12_PowerLoading 2012 1-4 Proc. of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'12) OscarPuñal HumbertoEscudero JamesGross inproceedings PunalScOff11 2011 Proc. of the 18th IEEE International Workshop on Local and Metropolitan Area Networks (LANMAN'11) OscarPuñal JamesGross inproceedings Punal11 2011 124--132 Proc. of the 73rd IEEE Vehicular Technology Conference (VTC-Spring'11) OscarPuñal HumbertoEscudero JamesGross inproceedings Eisenblaetter10 2010 227 -236 Proc. of the 8th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt'10) AndreasEisenblätter Hans-FlorianGeerdes JamesGross OscarPuñal JonasSchweiger article Gross09a Elsevier Performance Evaluation Journal 2009 66 3-5 240--257 JamesGross MarcEmmelmann OscarPuñal AdamWolisz inproceedings Gross09 2009 220--233 Proc. of the 8th International IFIP Networking Conference (NETWORKING'09) JamesGross OscarPuñal MarcEmmelmann conference 2007-aktas-VTC-ApplicabilityofaMulti-ModeMACProtocol-Conference 2007 4 22 969 - 973 Vehicular Technology Conference, 2007. VTC2007-Spring. IEEE 65th ArifOtyakmaz IsmetAktas MarcSchinnenburg RalfPabst conference 2007-aktas-WCNC2007-AMulti-ModeMACProtocolwithRelaySupport-Conference 2007 3 11 328 - 333 Future mobile radio networks will have the requirement of very high data rates. Typical wireless data communication will not only occur in short range scenarios like hotspots in airports, city centres, exhibition halls, etc., but also in wide area environments, e.g. a moving car in a rural environment. Data services will require a ubiquitous mobile radio system and demand better quality of service, like high data rates and low delays. Two promising concepts for future mobile radio communication are the deployment of relays and the ability to adapt to various deployment strategies by using different radio access technologies, i.e. modes with a common technology basis. The former concept allows enlarging the cell coverage. Relays are not wired connected and consequently a cost-efficient alternative to base stations that work in a decode-and-forward principle. The latter concept provides modes that are tailored solutions for specific environments and thus allow the adaptation to various scenarios by selecting the most adequate one. The aim of this work is to merge the advantages taken from both concepts to one solution. Wireless Communications and Networking Conference, 2007. WCNC 2007 ArifOtyakmaz IsmetAktas MarcSchinnenburg RalfPabst conference 200701riecheccncmmog 2007 1 11 763-767 Online games are an interesting challenge and chance for the future development of the Peer-to-Peer paradigm. Massively multiplayer online games (MMOGs) are becoming increasingly popular today. However, even high-budget titles like World of Warcraft that have gone through extensive betatesting suffer from downtimes because of hard- and software problems. Our approach is to use structured P2P technology for the server infrastructure of MMOGs to improve their reliability and scalability. Such P2P networks are also able to adapt to the current state of the game and handle uneven distributions of the players in the game world. Another feature of our approach is being able to add supplementary servers at runtime. Our system allows using off-the-shelf PCs as infrastructure peers for participation in different game worlds as needed. Due to the nature of the Economy of Scale the same number of hosts will provide a better service than dedicated servers for each game world. RWTH Aachen University - Distributed Systems Group http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4199088&arnumber=4199243&count=254&index=154 http://www.ieee-ccnc.org/2007/ Print IEEE Press Proceedings of 4th Annual IEEE Consumer Communications and Networking Conference (CCNC 2007) IEEE Las Vegas, Nevada, USA 4th Annual IEEE Consumer Communications and Networking Conference (CCNC 2007) 11-13 January 2007 en 1-4244-0667-6 10.1109/CCNC.2007.155 1 SimonRieche KlausWehrle MarcFouquet HeikoNiedermayer LeoPetrak GeorgCarle conference 200711Globecom2007Landsiedelmultipathonionrouting 2007 Although recent years provided many protocols for anonymous routing in overlay networks, they commonly rely on the same communication paradigm: Onion Routing. In Onion Routing a static tunnel through an overlay network is build via layered encryption. All traffic exchanged by its end points is relayed through this tunnel.In contrast, this paper introduces dynamic multipath Onion Routing to extend the static Onion Routing paradigm. This approach allows each packet exchanged between two end points to travel along a different path. To provide anonymity the first half of this path is selected by the sender and the second half by the receiver of the packet. The results are manifold: First, dynamic multipath Onion Routing increases the resilience against threats, especially pattern and timing based analysis attacks. Second, the dynamic paths reduce the impact of misbehaving and overloaded relays. Finally, inspired by Internet routing, the forwarding nodes do not need to maintain any state about ongoing flows and so reduce the complexity of the router. In this paper, we describe the design of our dynamic Multipath Onion Router (MORE) for peer-to-peer overlay networks, and evaluate its performance. Furthermore, we integrate address virtualization to abstract from Internet addresses and provide transparent support for IP applications. Thus, no application-level gateways, proxies or modifications of applications are required to sanitize protocols from network level information. Acting as an IP-datagram service, our scheme provides a substrate for anonymous communication to a wide range of applications using TCP and UDP. IEEE Global Communication Conference (GlobeCom), Washington D.C. OlafLandsiedel AlexisPimenidis KlausWehrle HeikoNiedermayer GeorgCarle inproceedings Gross07 2007 124--132 Proc. of ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWIM'07) JamesGross MarcEmmelmann OscarPuñal AdamWolisz conference rieche2006cerco 2006 11 14 509-510 Structured Peer-to-Peer systems are designed for a highly scalable, self organizing, and efficient lookup for data. The key space of the so-called Distributed Hash Tables (DHTs) is partitioned and each partition with its keys and values is assigned to a node in the DHT. For data retrieval however, the very nature of hash tables allows only exact pattern matches. We propose Cerco, a simple solution for the problem of range queries by employing a hierarchically structured P2P approach based on the principles of Distributed Hash Tables. We show that a dynamic hierarchy of DHTs with on-demand classification of items can positively influence the response time of queries while maintaining lookup correctness. RWTH Aachen University - Distributed Systems Group http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4116490&arnumber=4116594&count=192&index=90 http://web.archive.org/web/20061008091738/http://www.ieeelcn.org/ Print IEEE Press Proceedings of 31st IEEE Conference on Local Computer Networks (LCN 2006) IEEE Tampa, Florida, USA 31st IEEE Conference on Local Computer Networks (LCN 2006) 14-16 November 2006 en 1-4244-0418-5 10.1109/LCN.2006.322147 1 SimonRieche KlausWehrle LeoPetrak ClemensWrzodek techreport 200608riechetrmmog 2006 8 WSI-2006-04 Online games are an interesting challenge and chance for the future development of the Peer-to-Peer paradigm. Massively multiplayer online games (MMOGs) are becoming increasingly popular today. However, even high-budget titles like World of Warcraft that have gone through extensive beta-testing suffer from downtimes because of hard- and software problems. Our approach is to use structured P2P technology for the server infrastructure of MMOGs to improve their reliability and scalability. Such P2P networks are also able to adapt to the current state of the game and handle uneven distributions of the players in the game world. Another feature of our approach is being able to add supplementary servers at runtime. Our system allows using off-the-shelf PCs as infrastructure peers for participation in different game worlds as needed. Due to the nature of the Economy of Scale the same number of hosts will provide a better service than dedicated servers for each game world. RWTH Aachen University - Distributed Systems Group http://www.rieche.net/pdf/wsi-2006-04.pdf Online

Tübingen, Germany

Wilhelm-Schickard-Institute for Computer Science, University of Tübingen Technical Report en SimonRieche MarcFouquet HeikoNiedermayer LeoPetrak KlausWehrle GeorgCarle conference 200607landsiedelngimodels 2006 In this talk we discuss the increasing need for flexible and modular simulation models and our ongoing work in this area. Although a huge number of simulation models are available today, these models do not interoperate and cannot be easily combined to form a full protocol simulation stack. Visions of Future Generation Networks, Würzburg, Germany OlafLandsiedel LeoPetrak KlausWehrle inproceedings petrak2005dienstguete 2005 3 Proceedings of Workshop Peer-to-Peer-Systems and -Applications, KiVS 2005 Kaiserslautern, Germany Workshop Peer-to-Peer-Systems and -Applications, KiVS 2005 March 2005 LeoPetrak SimonRieche KlausWehrle article 200504landsiedelpikenergy Special Issue on Sensor Networks, PIK Journal 2005 28 2 Simulation is the de-facto standard tool for the evaluation of distributed and communication systems like sensor networks. Most simulation efforts focus on protocol- and algorithm-level issues, thus depending on the right choice and configuration of models. However, as such models commonly neglect time dependent issues, many research challenges, like energy consumption and radio channel utilization still remain. In this article we present two new tools to model and analyze sensor networks: Avrora, a fast and accurate sensor network simulator, and AEON, a novel tool built on top of Avrora, to evaluate the energy consumption and to accurately predict the lifetime of sensor networks. Avrora is a highly scalable instruction-level simulator for sensor network programs. It simulates the execution of the program down to the level of individual clock cycles, a time quantum of about 135 ns. By incorporating state of the art simulation techniques, including an efficiently maintained event queue, fast-forward through sleep-time, and parallel simulation, it can simulate entire networks of nodes in real time. AEON's energy model is based on Avrora and makes use of the cycle accurate execution of sensor node applications for precise energy measurements. Due to limited energy resources, power consumption is a crucial characteristic of sensor networks. AEON uses accurate measurements of node current draw and the execution of real code to enable accurate prediction of the actual power consumption of sensor nodes. Consequently, it prevents erroneous assumptions on node and network lifetime. Moreover, our detailed energy model allows to compare different low power and energy aware approaches in terms of energy efficiency. Thus, it enables a highly precise estimation of the overall lifetime of a sensor network. OlafLandsiedel KlausWehrle Ben LTitzer JensPalsberg conference 200509petraksoftcommobility 2005 Proceedings of the 2005 Conference on Software for Communication Systems and Computer Networks LeoPetrak OlafLandsiedel KlausWehrle inproceedings 200503landsiedelfgsnaeon 2005 481 72-76 Power consumption is a crucial characteristic of sensor networks and their applications, as sensor nodes are commonly battery driven. Although recent research focuses strongly on energy aware applications and operating systems, power consumption is still a limiting factor. Once sensor nodes are deployed, it is challenging and sometimes even impossible to change batteries. As a result, erroneous lifetime prediction causes high costs and may render a sensor network useless, before its purpose is fulfilled. In this paper we present AEON, a novel evaluation tool to quantitatively predict power consumption of sensor nodes and whole sensor networks. Our energy model, based on measurements of node current draw and the execution of real code, enables accurate prediction of the actual power consumption of sensor nodes. Consequently, preventing erroneous assumptions on node and network lifetime. Moreover, our detailed energy model allows to compare different low power and energy aware approaches in terms of energy efficiency.

Zürich, CH

Proceedings of the 4th GI/ITG KuVS Fachgespräch "Wireless Sensor Networks", Techical Report No. 481 OlafLandsiedel KlausWehrle SimonRieche StefanGötz LeoPetrak conference rieche2004thermaldissipation 2004 11 15-23 A major objective of peer-to-peer (P2P) systems is the management of large amounts of data distributed across many systems. Distributed hash tables (DHT) are designed for highly scalable, self-organizing, and efficient distribution and lookup of data, whereby data is stored globally persistent. The range of values of the corresponding hash function is partitioned and each interval is assigned to a node of the DHT. Because the assignment of data to nodes is based on hash functions, one assumes that the respective data load is distributed evenly across all participating nodes. However most DHT show difficulties with load balancing as we demonstrate in this paper. As a solution for this problem, we present a new and very simple approach for balancing stored data between peers in a fashion analogous to the dissipation of heat energy in materials. We compare this algorithm with other approaches for load balancing and present results based on simulations and a prototype implementation. This new algorithm improves the distribution of load in DHT without requiring major changes of the DHT themselves. In addition, we show that the fault tolerance of peer-to-peer systems is increased by the proposed algorithm. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?isnumber=29935&arnumber=1367197&count=128&index=2 Print IEEE Press Proceedings of LCN 2004 – 29th IEEE Conference on Local Computer Networks IEEE Tampa, Florida, USA LCN 2004 – 29th IEEE Conference on Local Computer Networks November 2004 en 0-7695-2260-2 10.1109/LCN.2004.10 SimonRieche LeoPetrak KlausWehrle inproceedings 200410riechehotp2preliability 2004 10 108-113 Peer-to-Peer (P2P) systems are very useful for managing large amounts of widely distributed data. For this purpose Distributed Hash Tables (DHT) offer a highly scalable and self-organizing paradigm for efficient distribution and retrieval of data. Thereby a common assumption of P2P-Systems is, that the participating nodes are unreliable and may fail at any time. Since many of research goes into the design of DHT lookup services, these systems aim to provide a stable global addressing structure. But to storage data reliable in a DHT only few techniques were already developed. However since data has to be stored persistent in the network, it should be retrieved anytime, even if nodes fail. In this work we discuss possibilities to store data fault tolerant in a structured Peer-to-Peer system. Print Proceedings of HOT-P2P '04: Hot Topics in Peer-to-Peer Computing at 12th Annual Meeting of the IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) Volendam, Netherlands HOT-P2P '04: Hot Topics in Peer-to-Peer Computing at 12th Annual Meeting of the IEEE International Symposium on Modeling, Analysis, and Simulation of Computer Oct. 2004 en 1 SimonRieche KlausWehrle OlafLandsiedel StefanGötz LeoPetrak inproceedings rieche2004comparison 2004 9 51 Print GI. LNI

Bonn, Germany

LNI Proceedings of Workshop on Algorithms and Protocols for Efficient Peer-to-Peer Applications (PEPPA), GI-Jahrestagung Informatik 2004 Ulm, Germany GI-Jahrestagung Informatik 2004 en 1 SimonRieche LeoPetrak KlausWehrle inproceedings 2006-heer-gi2004 2004 9 51 239-244 Recently, Distributed Hash Tables evolved to a preferred approach for decentralized data management in widely distributed systems. Due to their crucial characteristics – namely scalability, flexibility, and resilience – they are quite interesting for being applied in ad-hoc networks. But, there are plenty of open questions concerning the applicability of Distributed Hash Tables in mobile ad-hoc scenarios: Do new problems arise when both technologies are used together? Are there any synergy effects when both technologies are combined? Are the results and assumptions, made for the infrastructural Internet, still true if a mobile ad-hoc network is used instead? In this paper, we discuss these and further questions and offer some solutions for using Distributed Hash Tables in ad-hoc networks. Print GI. LNI

Bonn, Germany

LNI Proceedings of Workshop on Algorithms and Protocols for Efficient Peer-to-Peer Applications (PEPPA), GI-Jahrestagung Informatik 2004, Bonn, Germany Ulm, Germany GI-Jahrestagung Informatik 2004 en 3-88579-380-6 1 TobiasHeer HeikoNiedermayer LeoPetrak SimonRieche KlausWehrle inproceedings 200410wehrlefgpcintegriertekonstruktionsmethode 2004

Stuttgart, Germany

Proceedings of the GI/ITG KuVS Fachgespräch Systemsoftware für Pervasive Computing KlausWehrle OlafLandsiedel SimonRieche StefanGötz LeoPetrak