This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2022-08-09 Creation time: 10-30-45 --- Number of references 17 inproceedings 2022-wireless-anycast Proceedings of the 61st IEEE Conference on Decision and Control (CDC 2022) 2022 12 reflexes IEEE Proceedings of the 61st IEEE Conference on Decision and Control (CDC 2022) accepted 1 RenéGlebke JanScheiper StefanLenz MirkoStoffers KlausWehrle inproceedings 2022-wolsing-ipal 2022 10 26 The increasing interconnection of industrial networks exposes them to an ever-growing risk of cyber attacks. To reveal such attacks early and prevent any damage, industrial intrusion detection searches for anomalies in otherwise predictable communication or process behavior. However, current efforts mostly focus on specific domains and protocols, leading to a research landscape broken up into isolated silos. Thus, existing approaches cannot be applied to other industries that would equally benefit from powerful detection. To better understand this issue, we survey 53 detection systems and find no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenarios in theory. To unlock this potential, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial protocols. After proving IPAL’s correctness in a reproducibility study of related work, we showcase its unique benefits by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols and can perform outside their restricted silos. Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022) accepted 10.1145/3545948.3545968 1 KonradWolsing EricWagner AntoineSaillard MartinHenze inproceedings 2022_lohmoeller_sovereignty Proceedings of the VLDB Endowment 2022 9 5 14 1 internet-of-production VLDB Endowment Proceedings of the 1st International Workshop on Data Ecosystems (DEco '22), co-located with the 48th International Conference on Very Large Databases (VLDB '22), September 5-9, 2022, Sydney, Australia Sydney, Australia International Workshop on Data Ecosystems (DEco '22) September 5, 2022 accepted 2150-8097 1 JohannesLohmöller JanPennekamp RomanMatzutt KlausWehrle proceedings 2022-wolsing-radarsec 2022 9 IEEE Edmonton, Canada 47th IEEE Conference on Local Computer Networks (LCN) September 26-29, 2022 accepted 1 KonradWolsing AntoineSaillard JanBauer EricWagner Christianvan Sloun Ina BereniceFink MariSchmidt KlausWehrle MartinHenze proceedings 2022-wolsing-simple 2022 9 Copenhagen, Denmark 27th European Symposium on Research in Computer Security (ESORICS) September 26-30, 2022 accepted 1 KonradWolsing LeaThiemt Christianvan Sloun EricWagner KlausWehrle MartinHenze proceedings 2022-serror-cset 2022 8 8 5 data sets, network traffic, smart grid security, IDS https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-serror-cset-powerduck.pdf ACM

New York, NY, USA

online Virtual Cyber Security Experimentation and Test Workshop (CSET 2022) August 8, 2022 978-1-4503-9684-4/22/08 10.1145/3546096.3546102 1 SvenZemanek ImmanuelHacker KonradWolsing EricWagner MartinHenze MartinSerror inproceedings 2022-sander-h3-prio-hol 2022 6 27 legato https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-sander-h3-prio-hol.pdf IFIP Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '22) Enschede Network Traffic Measurement and Analysis Conference 27.06.22-30.06.22 978-3-903176-47-8 1 ConstantinSander IkeKunze KlausWehrle inproceedings 2022-schemmel-kdalloc 2022 6 safe https://drops.dagstuhl.de/opus/volltexte/2022/16237/pdf/LIPIcs-ECOOP-2022-9.pdf European Conference on Object-Oriented Programming (ECOOP 2022) 10.4230/LIPIcs.ECOOP.2022.9 1 DanielSchemmel JulianBüning FrankBusse MartinNowack CristianCadar inproceedings 2022_dahlmanns_tlsiiot 2022 5 31 252-266 The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space. Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security. industrial communication; network security; security configuration internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf ACM Proceedings of the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan Nagasaki, Japan ASIACCS 2022 May 30-June 3, 2022 978-1-4503-9140-5/22/05 10.1145/3488932.3497762 1 MarkusDahlmanns JohannesLohmöller JanPennekamp JörnBodenhausen KlausWehrle MartinHenze inproceedings 2022_kus_iids_generalizability 2022 5 30 73-84 Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks. anomaly detection; machine learning; industrial control system internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf ACM Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan 978-1-4503-9176-4/22/05 10.1145/3494107.3522773 1 DominikKus EricWagner JanPennekamp KonradWolsing Ina BereniceFink MarkusDahlmanns KlausWehrle MartinHenze inproceedings WagnerSWH2022 2022 5 18 201-206 /fileadmin/papers/2022/2022-wagner-bpmac.pdf ACM Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22) San Antonio, Texas, USA 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22) 978-1-4503-9216-7/22/05 10.1145/3507657.3528554 1 EricWagner MartinSerror KlausWehrle MartinHenze inproceedings WagnerBH2022 2022 5 18 207-221 /fileadmin/papers/2022/2022-wagner-r2d2.pdf ACM Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22) San Antonio, Texas, USA 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '22) 978-1-4503-9216-7/22/05 10.1145/3507657.3528539 1 EricWagner JanBauer MartinHenze inproceedings 2022_wagner_ccchain 2022 5 4 Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products. supply chain management; blockchain; permissionless; deployment; tracing and tracking; privacy internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wagner-ccchain.pdf IEEE Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China Shanghai, China May 2-5, 2022 978-1-6654-9538-7/22 10.1109/ICBC54727.2022.9805503 1 EricWagner RomanMatzutt JanPennekamp LennartBader IrakliBajelidze KlausWehrle MartinHenze inproceedings 2022_matzutt_redactchain 2022 5 3 Blockchains gained tremendous attention for their capability to provide immutable and decentralized event ledgers that can facilitate interactions between mutually distrusting parties. However, precisely this immutability and the openness of permissionless blockchains raised concerns about the consequences of illicit content being irreversibly stored on them. Related work coined the notion of redactable blockchains, which allow for removing illicit content from their history without affecting the blockchain's integrity. While honest users can safely prune identified content, current approaches either create trust issues by empowering fixed third parties to rewrite history, cannot react quickly to reported content due to using lengthy public votings, or create large per-redaction overheads. In this paper, we instead propose to outsource redactions to small and periodically exchanged juries, whose members can only jointly redact transactions using chameleon hash functions and threshold cryptography. Multiple juries are active at the same time to swiftly redact reported content. They oversee their activities via a global redaction log, which provides transparency and allows for appealing and reversing a rogue jury's decisions. Hence, our approach establishes a framework for the swift and transparent moderation of blockchain content. Our evaluation shows that our moderation scheme can be realized with feasible per-block and per-redaction overheads, i.e., the redaction capabilities do not impede the blockchain's normal operation. redactable blockchain; illicit content; chameleon hash functions; threshold cryptography mynedata; impact-digital; digital-campus https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-matzutt-redactchain.pdf IEEE Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China Shanghai, China May 2-5, 2022 978-1-6654-9538-7/22 10.1109/ICBC54727.2022.9805508 1 RomanMatzutt VincentAhlrichs JanPennekamp RomanKarwacik KlausWehrle article 2022_brauner_iop ACM Transactions on Internet of Things 2022 5 1 3 2 The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality. Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf ACM 2691-1914 10.1145/3502265 1 PhilippBrauner ManuelaDalibor MatthiasJarke IkeKunze IstvánKoren GerhardLakemeyer MartinLiebenberg JudithMichael JanPennekamp ChristophQuix BernhardRumpe Wilvan der Aalst KlausWehrle AndreasWortmann MartinaZiefle article 2022-wolsing-aistracks Journal of Marine Science and Engineering 2022 1 14 10 1 The automatic identification system (AIS) was introduced in the maritime domain to increase the safety of sea traffic. AIS messages are transmitted as broadcasts to nearby ships and contain, among others, information about the identification, position, speed, and course of the sending vessels. AIS can thus serve as a tool to avoid collisions and increase onboard situational awareness. In recent years, AIS has been utilized in more and more applications since it enables worldwide surveillance of virtually any larger vessel and has the potential to greatly support vessel traffic services and collision risk assessment. Anomalies in AIS tracks can indicate events that are relevant in terms of safety and also security. With a plethora of accessible AIS data nowadays, there is a growing need for the automatic detection of anomalous AIS data. In this paper, we survey 44 research articles on anomaly detection of maritime AIS tracks. We identify the tackled AIS anomaly types, assess their potential use cases, and closely examine the landscape of recent AIS anomaly research as well as their limitations. automatic identification system; AIS; anomaly detection; maritime safety; maritime security; maritime surveillance https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-aistracks.pdf https://www.mdpi.com/2077-1312/10/1/112 en 10.3390/jmse10010112 1 KonradWolsing LinusRoepert JanBauer KlausWehrle inproceedings lorenz-ven2us-2022 2022 Power grids are increasingly faced with the introduction of decentralized, highly volatile power supplies from renewable energies and high loads occurring from e-mobility. However, today’s static grid protection cannot manage all upcoming conditions while providing a high level of dependability and security. It forms a bottleneck of a future decarbonizing grid development. In our research project, we develop and verify an adaptive grid protection algorithm. It calculates situation dependent protection parameters for the event of power flow shifts and topology changes caused by volatile power supplies due to the increase of renewable generation and the rapid expansion of e-mobility. As a result the distribution grid can be operated with the optimally adapted protection parameters and functions for changing operating states. To safely adjust the values on protection hardware in the field, i.e., safe from hardware failures and cyberattacks, we research resilient and secure communication concepts for the adaptive and interconnected grid protection system. Finally, we validate our concept and system by demonstrations in the laboratory and field tests. Proceedings of the CIRED workshop on E-mobility and power distribution systems 2022 Porto CIRED workshop on E-mobility and power distribution systems 2022 2-3 June 2022 1 MatthiasLorenz Tobias MarkusPletzer MalteSchuhmacher TorstenSowa MichaelDahms SimonStock DavoodBabazadeh ChristianBecker JohannJaeger TobiasLorz MarkusDahlmanns Ina BereniceFink KlausWehrle AndreasUlbig PhilippLinnartz AntigonaSelimaj ThomasOffergeld