This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-05-03 Creation time: 19-00-17 --- Number of references 16 inproceedings 2024-wagner-madtls 2024 7 1 https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf 19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur Singapur ACM ASIA Conference on Computer and Communications Security (AsiaCCS) July 1-5, 2024 unpublished 1 EricWagner DavidHeye MartinSerror IkeKunze KlausWehrle MartinHenze inproceedings 2024_dahlmanns_ipv6-deployments 2024 5 10 Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data. Internet of Things, security, Internet measurements, IPv6, address generators internet-of-production IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 accepted 1 MarkusDahlmanns FelixHeidenreich JohannesLohmöller JanPennekamp KlausWehrle MartinHenze inproceedings 2024-dahlmanns-doctoralsym 2024 5 10 Advances like Industry 4.0 lead to a rising number of Internet-connected industrial deployments and thus an Industrial Internet of Things with growing attack vectors. To uphold a secure and safe operation of these deployments, industrial protocols nowadays include security features, e.g., end-to-end secure communication. However, so far, it is unclear how well these features are used in practice and which obstacles might prevent operators from securely running their deployments. In this research description paper, we summarize our recent research activities to close this gap. Specifically, we show that even secure-by-design protocols are by far no guarantee for secure deployments. Instead, many deployments still open the doors for eavesdropping attacks or malicious takeovers. Additionally, we give an outlook on how to overcome identified obstacles allowing operators to configure their deployments more securely. IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 accepted 1 MarkusDahlmanns KlausWehrle inproceedings 2024_pennekamp_dissertation-digest 2024 5 9 The Industrial Internet of Things (IIoT) leads to increasingly-interconnected industrial processes and environments, which, in turn, result in stakeholders collecting a plethora of information. Even though the global sharing of information and industrial collaborations in the IIoT promise significant improvements concerning productivity, sustainability, and product quality, among others, the majority of stakeholders is hesitant to implement them due to confidentiality and reliability concerns. However, strong technical guarantees could convince them of the contrary. Thus, to address these concerns, our interdisciplinary efforts focus on establishing and realizing secure industrial collaborations in the IIoT. By applying private computing, we are indeed able to reliably secure collaborations that not only scale to industry-sized applications but also allow for use case-specific confidentiality guarantees. Hence, improvements that follow from industrial collaborations with (strong) technical guarantees are within reach, even when dealing with cautious stakeholders. Still, until we can fully exploit these benefits, several challenges remain, primarily regarding collaboration management, introduced overhead, interoperability, and universality of proposed protocols. security; privacy; private computing; reliability internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-noms-dissertation-digest.pdf IEEE Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea Seoul, Korea 2024 IEEE Network Operations and Management Symposium May 6-10, 2024 accepted 1 JanPennekamp inproceedings 2024-kunze-spintrap 2024 5 7 IEEE/IFIP Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24) 2024 IEEE/IFIP Network Operations and Management Symposium accepted 1 IkeKunze ConstantinSander LarsTissen BenediktBode KlausWehrle article 2024_lohmoeller_sovereignty-survey Data & Knowledge Engineering 2024 5 1 151 Data ecosystems emerged as a new paradigm to facilitate the automated and massive exchange of data from heterogeneous information sources between different stakeholders. However, the corresponding benefits come with unforeseen risks as sensitive information is potentially exposed, questioning their reliability. Consequently, data security is of utmost importance and, thus, a central requirement for successfully realizing data ecosystems. Academia has recognized this requirement, and current initiatives foster sovereign participation via a federated infrastructure where participants retain local control over what data they offer to whom. However, recent proposals place significant trust in remote infrastructure by implementing organizational security measures such as certification processes before the admission of a participant. At the same time, the data sensitivity incentivizes participants to bypass the organizational security measures to maximize their benefit. This issue significantly weakens security, sovereignty, and trust guarantees and highlights that organizational security measures are insufficient in this context. In this paper, we argue that data ecosystems must be extended with technical means to (re)establish dependable guarantees. We underpin this need with three representative use cases for data ecosystems, which cover personal, economic, and governmental data, and systematically map the lack of dependable guarantees in related work. To this end, we identify three enablers of dependable guarantees, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. These enablers are critical for securely implementing data ecosystems in data-sensitive contexts. Data sharing; Confidentiality; Integrity protection; Data Markets; Distributed databases internet-of-production; coat-ers https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-data-sovereignty-survey.pdf Elsevier 0169-023X 10.1016/j.datak.2024.102301 1 JohannesLohmöller JanPennekamp RomanMatzutt Carolin VictoriaSchneider EduardVlad ChristianTrautwein KlausWehrle inproceedings 2024-kunze-civic 2024 5 internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-civic.pdf Proceedings of the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '24) accepted 1 IkeKunze DominikScheurenberg LiamTirpitz SandraGeisler KlausWehrle phdthesis 2024_pennekamp_phd-thesis 2024 4 15 The Industrial Internet of Things (IIoT) is leading to increasingly-interconnected and networked industrial processes and environments, which, in turn, results in stakeholders gathering vast amounts of information. Although the global sharing of information and industrial collaborations in the IIoT promise to enhance productivity, sustainability, and product quality, among other benefits, most information is still commonly encapsulated in local information silos. In addition to interoperability issues, confidentiality concerns of involved stakeholders remain the main obstacle to fully realizing these improvements in practice as they largely hinder real-world industrial collaborations today. Therefore, this dissertation addresses this mission-critical research gap. Since existing approaches to privacy-preserving information sharing are not scalable to industry-sized applications in the IIoT, we present solutions that enable secure collaborations in the IIoT while providing technical (confidentiality) guarantees to the involved stakeholders. Our research is crucial (i) for demonstrating the potential and added value of (secure) collaborations and (ii) for convincing cautious stakeholders of the usefulness and benefits of technical building blocks, enabling reliable sharing of confidential information, even among direct competitors. Our interdisciplinary research thus focuses on establishing and realizing secure industrial collaborations in the IIoT. In this regard, we study two overarching angles of collaborations in detail. First, we distinguish between collaborations along and across supply chains, with the former type entailing more relaxed confidentiality requirements. Second, whether or not collaborators know each other in advance implies different levels of trust and requires different technical guarantees. We rely on well-established building blocks from private computing (i.e., privacy-preserving computation and confidential computing) to reliably realize secure collaborations. We thoroughly evaluate each of our designs, using multiple real-world use cases from production technology, to prove their practical feasibility for the IIoT. By applying private computing, we are indeed able to secure collaborations that not only scale to industry-sized applications but also allow for use case-specific configurations of confidentiality guarantees. In this dissertation, we use well-established building blocks to assemble novel solutions with technical guarantees for all types of collaborations (along and across supply chains as well as with known or unknown collaborators). Finally, on the basis of our experience with engineers, we have derived a research methodology for future use that structures the process of interdisciplinary development and evaluation of secure collaborations in the evolving IIoT. Overall, given the aforementioned improvements, our research should greatly contribute to convincing even cautious stakeholders to participate in (reliably-secured) industrial collaborations. Our work is an essential first step toward establishing widespread information sharing among stakeholders in the IIoT. We further conclude: (i) collaborations can be reliably secured, and we can even provide technical guarantees while doing so; (ii) building blocks from private computing scale to industrial applications and satisfy the outlined confidentiality needs; (iii) improvements resulting from industrial collaborations are within reach, even when dealing with cautious stakeholders; and (iv) the interdisciplinary development of sophisticated yet appropriate designs for use case-driven secure collaborations can succeed in practice. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-phd-thesis.pdf Shaker Verlag

Germany

Reports on Communications and Distributed Systems 23 RWTH Aachen University Ph.D. Thesis 978-3-8440-9467-1 2191-0863 1 JanPennekamp incollection 2024_pennekamp_blockchain-industry 2024 3 7 105 531-564 Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations. internet-of-production Springer Advances in Information Security 17 Blockchains – A Handbook on Fundamentals, Platforms and Applications 978-3-031-32145-0 10.1007/978-3-031-32146-7_17 1 JanPennekamp LennartBader EricWagner JensHiller RomanMatzutt KlausWehrle incollection 2024_matzutt_blockchain-content 2024 3 7 105 301-336 Augmenting public blockchains with arbitrary, nonfinancial content fuels novel applications that facilitate the interactions between mutually distrusting parties. However, new risks emerge at the same time when illegal content is added. This chapter thus provides a holistic overview of the risks of content insertion as well as proposed countermeasures. We first establish a simple framework for how content is added to the blockchain and subsequently distributed across the blockchain’s underlying peer-to-peer network. We then discuss technical as well as legal implications of this form of content distribution and give a systematic overview of basic methods and high-level services for inserting arbitrary blockchain content. Afterward, we assess to which extent these methods and services have been used in the past on the blockchains of Bitcoin Core, Bitcoin Cash, and Bitcoin SV, respectively. Based on this assessment of the current state of (unwanted) blockchain content, we discuss (a) countermeasures to mitigate its insertion, (b) how pruning blockchains relates to this issue, and (c) how strategically weakening the otherwise desired immutability of a blockchain allows for redacting objectionable content. We conclude this chapter by identifying future research directions in the domain of blockchain content insertion. Blockchain content insertion; Illicit content; Pruning; Redaction Springer Advances in Information Security 10 Blockchains – A Handbook on Fundamentals, Platforms and Applications 978-3-031-32145-0 10.1007/978-3-031-32146-7_10 1 RomanMatzutt MartinHenze DirkMüllmann KlausWehrle inproceedings 2024-wagner-acns-aggregate 2024 3 5 https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-mac-aggregation.pdf 22nd International Conference on Applied Cryptography and Network Security (ACNS '24), Abu Dhabi, UAE Abu Dhabi, UAE International Conference on Applied Cryptography and Network Security (ACNS) March 5-9, 2024 accepted 1 EricWagner MartinSerror KlausWehrle MartinHenze poster 2024-dahlmanns-sul 2024 3 5 19 ven2us https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-slt.pdf VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik, March 05-06, 2024, Leipzig, Germany Leipzig, Germany VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik March 05-06, 2024 1 MarkusDahlmanns AndreasWark Carl-HeinzGenzel KlausWehrle article 2024_pennekamp_supply-chain-survey ACM Computing Surveys 2024 2 1 56 2 Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points. information flows; data communication; supply chain management; data security; data sharing; systematic literature review internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf ACM 0360-0300 10.1145/3606693 1 JanPennekamp RomanMatzutt ChristopherKlinkmüller LennartBader MartinSerror EricWagner SidraMalik MariaSpiß JessicaRahn TanGürpinar EduardVlad Sander J. J.Leemans Salil S.Kanhere VolkerStich KlausWehrle inproceedings Jakobs_2024_1 2024 2 Proc. IRI§24 – International Legal Informatics Symposium accepted 1 KaiJakobs article 2024_pennekamp_supply-chain-sensing IEEE Access 2024 1 8 12 9350-9368 Supply chains increasingly develop toward complex networks, both technically in terms of devices and connectivity, and also anthropogenic with a growing number of actors. The lack of mutual trust in such networks results in challenges that are exacerbated by stringent requirements for shipping conditions or quality, and where actors may attempt to reduce costs or cover up incidents. In this paper, we develop and comprehensively study four scenarios that eventually lead to end-to-end-secured sensing in complex IoT-based supply chains with many mutually distrusting actors, while highlighting relevant pitfalls and challenges—details that are still missing in related work. Our designs ensure that sensed data is securely transmitted and stored, and can be verified by all parties. To prove practical feasibility, we evaluate the most elaborate design with regard to performance, cost, deployment, and also trust implications on the basis of prevalent (mis)use cases. Our work enables a notion of secure end-to-end sensing with minimal trust across the system stack, even for complex and opaque supply chain networks. blockchain technology; reliability; security; trust management; trusted computing; trusted execution environments internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-secure-sensing.pdf 2169-3536 10.1109/ACCESS.2024.3350778 1 JanPennekamp FritzAlder LennartBader GianlucaScopelliti KlausWehrle Jan TobiasMühlberg inproceedings 2024-dahlmanns-fps 2024 14551 Security configurations remain challenging for trained administrators. Nowadays, due to the advent of the Internet of Things (IoT), untrained users operate numerous and heterogeneous Internet-facing services in manifold use case-specific scenarios. In this work, we close the growing gap between the complexity of IoT security configuration and the expertise of the affected users. To this end, we propose ColPSA, a platform for collective and privacy-aware security advice that allows users to optimize their configuration by exchanging information about what security can be realized given their IoT deployment and scenario. Mohamed Mosbah, Florence Sèdes, Nadia Tawbi, Toufik Ahmed, Nora Boulahia-Cuppens, Joaquin Garcia-Alfaro Springer Cham Lecture Notes in Computer Science Proceedings of the 16th International Symposium on Foundations and Practice of Security (FPS '23), December 11-13, 2023, Bordeaux, France Bordeaux, France International Symposium on Foundations and Practice of Security 2023 (FPS 23) December 11-13, 2023 unpublished 10.1007/978-3-031-57540-2_2 1 MarkusDahlmanns RomanMatzutt ChrisDax KlausWehrle