% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-20 % Creation time: 12-01-29 % --- Number of references % 29 % @Incollection { 2017-cps-henze-network, title = {Network Security and Privacy for Cyber-Physical Systems}, year = {2017}, month = {11}, day = {13}, pages = {25-56}, tags = {sensorcloud,ipacs}, editor = {Song, Houbing and Fink, Glenn A. and Jeschke, Sabina}, publisher = {Wiley-IEEE Press}, edition = {First}, chapter = {2}, booktitle = {Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications}, language = {en}, ISBN = {978-1-119-22604-8}, DOI = {10.1002/9781119226079.ch2}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus and Ziegeldorf, Jan Henrik} } @Inproceedings { 2015-ziegeldorf-dpm-comparison, title = {Comparison-based Privacy: Nudging Privacy in Social Media (Position Paper)}, year = {2015}, month = {9}, day = {22}, volume = {9481}, pages = {226-234}, url = {fileadmin/papers/2015/2015-ziegeldorf-dpm-cbp.pdf}, misc2 = {Online}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, booktitle = {The 10th DPM International Workshop on Data Privacy Management, Vienna, Austria}, language = {en}, ISBN = {978-3-319-29882-5}, DOI = {10.1007/978-3-319-29883-2_15}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Henze, Martin and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2015-gerdes-authorization, title = {Autorisierungsmanagement f{\"u}r das Internet of Things}, year = {2015}, month = {9}, tags = {iotsec}, misc2 = {Online}, booktitle = {D•A•CH Security 2015}, event_place = {Sankt Augustin, Germany}, event_name = {D•A•CH Security 2015}, event_date = {08.09. - 09.09.2015}, state = {accepted}, language = {de}, reviewed = {1}, author = {Gerdes, Stefanie and Hummen, Ren{\'e} and Bergmann, Olaf} } @Phdthesis { 2015-hummen-resource-conscious, title = {Resource-Conscious Network Security for the IP-Based Internet of Things}, year = {2015}, month = {6}, day = {30}, tags = {iot}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-hummen-phd-thesis.pdf}, publisher = {Shaker Verlag}, address = {Aachen, Germany}, series = {Reports on Communications and Distributed Systems}, edition = {11}, school = {RWTH Aachen University}, institute = {Chair of Communication and Distributed Systems}, type = {Ph.D. Thesis}, ISBN = {978-3-8440-3755-5}, author = {Hummen, Ren{\'e}} } @Phdthesis { 2015-hummen-phdthesis, title = {Resource-Conscious Network Security for the IP-Based Internet of Things}, year = {2015}, school = {RWTH Aachen University}, author = {Hummen, Ren{\'e}} } @Incollection { 2014-tcc-henze-trustpoint, title = {A Trust Point-based Security Architecture for Sensor Data in the Cloud}, year = {2014}, month = {12}, day = {14}, pages = {77-106}, tags = {sensorcloud}, misc2 = {Online}, editor = {Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard}, publisher = {Springer}, booktitle = {Trusted Cloud Computing}, ISBN = {978-3-319-12717-0}, DOI = {10.1007/978-3-319-12718-7_6}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus} } @Incollection { 2013-wtc-eggert-sensorcloud, title = {SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators}, year = {2014}, month = {12}, day = {14}, pages = {203-218}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-wtc-eggert-sensorcloud.pdf}, misc2 = {Online}, editor = {Krcmar, Helmut and Reussner, Ralf and Rumpe, Bernhard}, publisher = {Springer}, booktitle = {Trusted Cloud Computing}, language = {en}, ISBN = {978-3-319-12717-0}, DOI = {10.1007/978-3-319-12718-7_13}, reviewed = {1}, author = {Eggert, Michael and H{\"a}u{\ss}ling, Roger and Henze, Martin and Hermerschmidt, Lars and Hummen, Ren{\'e} and Kerpen, Daniel and Navarro P{\'e}rez, Antonio and Rumpe, Bernhard and Thi{\ss}en, Dirk and Wehrle, Klaus} } @Inproceedings { 2014-aasnet-henze-scslib, title = {SCSlib: Transparently Accessing Protected Sensor Data in the Cloud}, year = {2014}, month = {9}, day = {24}, volume = {37}, pages = {370-375}, tags = {sensorcloud}, url = {/fileadmin/papers/2014/2014-henze-aasnet-scslib.pdf}, misc2 = {Online}, publisher = {Elsevier}, series = {Procedia Computer Science}, booktitle = {The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14), Halifax, NS, Canada}, event_place = {Halifax, NS, Canada}, event_name = {The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET'14)}, language = {en}, DOI = {10.1016/j.procs.2014.08.055}, reviewed = {1}, author = {Henze, Martin and Bereda, Sebastian and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2014-hummen-delegation, title = {Delegation-based Authentication and Authorization for the IP-based Internet of Things}, year = {2014}, month = {6}, day = {30}, pages = {284-292}, tags = {iotsec; sensorcloud}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-hummen-secon-delegation.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {11th IEEE International Conference on Sensing, Communication, and Networking (SECON 2014)}, event_place = {Singapore}, event_name = {11th IEEE International Conference on Sensor, Communication, and Networking (SECON 2014)}, event_date = {30.06. - 03.07.2014}, language = {en}, DOI = {10.1109/SAHCN.2014.6990364}, reviewed = {1}, author = {Hummen, Ren{\'e} and Shafagh, Hossein and Raza, Shahid and Voigt, Thiemo and Wehrle, Klaus} } @Article { 2013-ijghpc-henze-sensorcloud, title = {Maintaining User Control While Storing and Processing Sensor Data in the Cloud}, journal = {International Journal of Grid and High Performance Computing (IJGHPC)}, year = {2013}, month = {12}, volume = {5}, number = {4}, pages = {97-112}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-ijghpc-henze-sensorcloud.pdf}, misc2 = {Online}, publisher = {IGI Global}, language = {en}, ISSN = {1938-0259}, DOI = {10.4018/ijghpc.2013100107}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Matzutt, Roman and Catrein, Daniel and Wehrle, Klaus} } @Inproceedings { 2013-hummen-standards, title = {Standards-based End-to-End IP Security for the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-3}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-standards.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {PhD Forum of 21st IEEE International Conference on Network Protocols (ICNP 2013 PhD Forum)}, event_date = {7 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733648}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2013-hummen-slimfit, title = {Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {259-266}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on}, event_place = {Lyon, France}, event_name = {IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013)}, language = {en}, ISBN = {978-1-4577-2014-7}, ISSN = {2160-4886}, DOI = {10.1109/WiMOB.2013.6673370}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2013-icnp-hummen-tailoring, title = {Tailoring End-to-End IP Security Protocols to the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-10}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {21st IEEE International Conference on Network Protocols (ICNP 2013)}, event_date = {7-10 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733571}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Article { 2013-raza-lithe, title = {Lithe: Lightweight Secure CoAP for the Internet of Things}, journal = {IEEE Sensors Journal}, year = {2013}, month = {10}, volume = {13}, number = {10}, pages = {3711-3720}, keywords = {Internet of Things;operating systems (computers);personal area networks;protocols;security of data;6LoWPAN standard;Contiki operating system;DTLS;Internet of Things;IoT;Lithe;authenticated confidential communication;constrained application protocol;datagram transport layer security;e-health domain;end-to-end security;lightweight secure CoAP;resource-constrained devices;Encoding;Internet;Payloads;Protocols;Security;Sensors;Standards;6LoWPAN;CoAP;CoAPs;DTLS;IoT;security}, tags = {iotsec}, language = {en}, ISSN = {1530-437X}, DOI = {10.1109/JSEN.2013.2277656}, reviewed = {1}, author = {Raza, Shahid and Shafagh, Hossein and Hewage, Kasun and Hummen, Ren{\'e} and Voigt, Thiemo} } @Inproceedings { 2013-duma-henze-cloud-annotations, title = {The Cloud Needs Cross-Layer Data Handling Annotations (Position Paper)}, year = {2013}, month = {5}, day = {23}, pages = {18-22}, tags = {sensorcloud}, url = {fileadmin/papers/2013/2013-duma-henze-cloudannotations.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 4th International Workshop on Data Usage Management (DUMA 2013), part of 2013 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA}, language = {en}, ISBN = {978-1-4799-0458-7}, DOI = {10.1109/SPW.2013.31}, reviewed = {1}, author = {Henze, Martin and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2013-hummen-towards, title = {Towards Viable Certificate-based Authentication for the Web of Things}, year = {2013}, month = {4}, day = {19}, tags = {iotsec}, url = {fileadmin/papers/2013/2013-hummen-towards.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec '13)}, event_place = {Budapest, Hungary}, event_name = {2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy}, language = {en}, ISBN = {978-1-4503-2003-0}, DOI = {10.1145/2463183.2463193}, reviewed = {1}, author = {Hummen, Ren{\'e} and Ziegeldorf, Jan Henrik and Shafagh, Hossein and Raza, Shahid and Wehrle, Klaus} } @Inproceedings { 2013-hummen-6lowpan, title = {6LoWPAN Fragmentation Attacks and Mitigation Mechanisms}, year = {2013}, month = {4}, day = {17}, tags = {iotsec; sensorcloud}, url = {fileadmin/papers/2013/2013-hummen-6lowpan.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, event_place = {Budapest, Hungary}, event_name = {6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, language = {en}, ISBN = {978-1-4503-1998-0}, DOI = {10.1145/2462096.2462107}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Wirtz, Hanno and Henze, Martin and Shafagh, Hossein and Wehrle, Klaus} } @Inproceedings { 2012-hummen-cloud, title = {A Cloud Design for User-controlled Storage and Processing of Sensor Data}, year = {2012}, month = {12}, day = {3}, pages = {232-240}, tags = {sensorcloud}, url = {fileadmin/papers/2012/2012-hummen-cloud.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), Taipei, Taiwan}, event_place = {Taipei, Taiwan}, event_name = {Fourth IEEE International Conference on Cloud Computing Technology and Science}, language = {en}, ISBN = {978-1-4673-4511-8}, DOI = {10.1109/CloudCom.2012.6427523}, reviewed = {1}, author = {Hummen, Ren{\'e} and Henze, Martin and Catrein, Daniel and Wehrle, Klaus} } @Inproceedings { 2012-hummen-seams, title = {SEAMS: A Signaling Layer for End-host-Assisted Middlebox Services}, year = {2012}, month = {6}, day = {25}, pages = {525--532}, url = {fileadmin/papers/2012/2012-hummen-seams.pdf}, booktitle = {Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-12)}, organization = {IEEE}, event_place = {Liverpool, United Kingdom}, language = {en}, ISBN = {978-1-4673-2172-3}, DOI = {10.1109/TrustCom.2012.250}, reviewed = {1}, author = {Hummen, Ren{\'e} and Ziegeldorf, Jan Henrik and Heer, Tobias and Wirtz, Hanno and Wehrle, Klaus} } @Inproceedings { WirtzHHW2012, title = {Mesh-DHT: A Locality-Based Distributed Look-Up Structure for Wireless Mesh Networks}, year = {2012}, month = {6}, day = {14}, pages = {653-658}, url = {fileadmin/papers/2012/2012_wirtz_icc_mesh_dht.pdf}, misc2 = {Print Online}, publisher = {IEEE}, booktitle = {Proceedings of the IEEE International Conference on Communications (ICC 2012), Ottawa, Canada}, event_place = {Ottawa, Canada}, event_name = {ICC 2012}, event_date = {10.-15.06.2012}, language = {en}, ISBN = {978-1-4577-2051-2}, DOI = {10.1109/ICC.2012.6364336}, reviewed = {1}, author = {Wirtz, Hanno and Heer, Tobias and Hummen, Ren{\'e} and Wehrle, Klaus} } @Miscellaneous { 2012-hummen-iot-trust, title = {Modeling User-defined Trust Overlays for the IP-based Internet of Things (Position Paper)}, year = {2012}, month = {3}, day = {20}, tags = {iotsec}, url = {fileadmin/papers/2012/2012-hummen-iot-trust.pdf}, misc2 = {Online}, howpublished = {Workshop on Smart Object Security}, language = {en}, reviewed = {1}, author = {Hummen, Ren{\'e} and R{\"o}ller, Christian and Wehrle, Klaus} } @Inproceedings { 2011-wirtz-kaleidoscope, title = {Cooperative Wi-Fi-Sharing: Encouraging Fair Play}, year = {2011}, month = {12}, day = {14}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-wirtz-kaleidoscope.pdf}, misc = {Online}, address = {ITU}, booktitle = {Proceedings of the ITU-T Kaleidoscope Event 2011, Cape Town, South Africa}, event_place = {Cape Town, South Africa}, event_name = {ITU-T Kaleidoscope: The fully networked human?}, event_date = {2011-12-12}, language = {en}, ISBN = {978-92-61-13651-2}, reviewed = {1}, author = {Wirtz, Hanno and Hummen, Ren{\'e} and Viol, Nicolai and Heer, Tobias and Lora Gir{\'o}n, M{\'o}nica Alejandra and Wehrle, Klaus} } @Article { 2011-heer-iot-journal, title = {Security Challenges in the IP-based Internet of Things}, journal = {Springer Wireless Personal Communications Journal}, year = {2011}, month = {10}, volume = {61}, number = {3}, pages = {527-542}, abstract = {A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.}, tags = {iotsec}, url = {fileadmin/papers/2011/2011-heer-iot-challenges.pdf}, misc2 = {Online}, publisher = {Springer}, address = {Netherlands}, language = {en}, ISSN = {0929-6212}, DOI = {10.1007/s11277-011-0385-5}, reviewed = {1}, author = {Heer, Tobias and Garcia-Morchon, Oscar and Hummen, Ren{\'e} and Keoh, Sye Loong and Kumar, Sandeep S. and Wehrle, Klaus} } @Inproceedings { 2011-wintech-wirtz, title = {Demo: Establishing Mobile Ad-Hoc Networks in 802.11 Infrastructure Mode}, year = {2011}, month = {9}, day = {19}, pages = {89-90}, abstract = {Mobile Ad-Hoc Networks (MANETs) rely on the 802.11 ad- hoc mode to establish communication with nearby peers. In practice, this makes MANETs hard to realize. While 802.11-compliant mobile devices implement the ad-hoc mode on the hardware layer, the software layer typically does not implement support for ad-hoc networking in terms of ad-hoc routing and name resolution protocols. Modern mobile operating systems, such as Android and iOS, even hide the inherent ad-hoc functionality of the wireless card through restrictions in the OS. In contrast to this, support for the 802.11 infrastructure mode is a commodity. We propose establishing ad-hoc networks using the 802.11 infrastructure mode. In MA-Fi (Mobile Ad-Hoc Wi-Fi), a small core of mobile router nodes (RONs) provides infrastruc-ture mode network access to mobile station nodes (STANs). As RONs also act as a station in infrastructure networks of other RONs, MA-Fi achieves multi-hop communication between RON and STAN devices in the overall network. We show the creation and operation of mobile ad-hoc networks using MA-Fi. We focus on mobility of RONs and STANs as well as topology control in the overall network.}, url = {fileadmin/papers/2011/2011-wirtz-wintech.pdf}, misc = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization (WiNTECH 2011), Las Vegas, NV, USA}, event_place = {Las Vegas, Nevada, USA}, event_name = {The Sixth ACM International Workshop on Wireless Network Testbeds, Experimental evaluation and Characterization}, event_date = {2011-09-19}, language = {en}, ISBN = {978-1-4503-0867-0}, DOI = {10.1145/2030718.2030737}, reviewed = {1}, author = {Wirtz, Hanno and Backhaus, Robert and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2011-hummen-pisa-demo, title = {PISA-SA - Security and Mobility in a Collaborative Muni-Fi (Demo Abstract)}, year = {2011}, month = {6}, day = {15}, volume = {15}, pages = {35--36}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-hummen-wisec-pisa-sa-demo.pdf}, misc2 = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the fourth ACM Conference on Wireless Network Security, Hamburg, Germany}, event_place = {Hamburg, Germany}, event_name = {Wireless Network Security 2011 (WiSec 2011)}, language = {en}, ISSN = {1559-1662}, DOI = {10.1145/2073290.2073297}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Viol, Nicolai and Heer, Tobias and Wehrle, Klaus} } @Miscellaneous { 2011-hummen-adaptationlayer, title = {A Security Protocol Adaptation Layer for the IP-based Internet of Things (Position Paper)}, year = {2011}, month = {3}, day = {25}, tags = {iotsec}, url = {fileadmin/papers/2011/2011-hummen-smartobjects-adaptationlayer.pdf}, misc2 = {Online}, howpublished = {Interconnecting Smart Objects with the Internet Workshop}, language = {en}, reviewed = {1}, author = {Hummen, Ren{\'e} and Heer, Tobias and Wehrle, Klaus} } @Inproceedings { 2010-heer-pisa-sa, title = {PiSA-SA: Municipal Wi-Fi Based on Wi-Fi Sharing}, year = {2010}, month = {8}, day = {2}, volume = {1}, pages = {588-593}, abstract = {With the goal of providing ubiquitous wireless services (e.g., tourist guides, environmental information, pedestrian navigation), municipal wireless networks are currently being established all around the world. For municipalities, it is often challenging to achieve the bandwidth and coverage that is necessary for many of the envisioned network services. At the same time, Wi-Fi-sharing communities achieve high bandwidth and good coverage at a very low cost by capitalizing on the dense deployment of private access points in urban areas. However, from a technical, conceptual, and security perspective, Wi-Fi sharing community networks resemble a patchwork of heterogeneous networks instead of one well-planned city-wide network. This patchwork character stands in stark contrast to a uniform, secure platform for public and commercial services desirable for the economic success of such a network. Hence, despite its cost-efficiency, the community-based approach cannot be adopted by municipalities easily. In this paper, we show how to realize municipal wireless services on top of a Wi-Fi-sharing infrastructure in a technically sound and economically attractive fashion. In particular, we focus on how to securely provide services to mobile clients with and without client-side software support. Our solution cleanly separates the roles of controlling and administering the network from providing bandwidth and wireless access. With this separation, commercial ISPs and citizens with their private Wi-Fi can contribute to the network infrastructure. This allows municipalities in turn to focus their resources on municipal wireless services.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-icc-pisa-sa.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {International Conference on Computer Communication Networks, ICCCN 2010, Zurich}, event_place = {Zurich, Switzerland}, event_name = {International Conference on Computer Communication Networks, ICCCN 2010}, language = {en}, ISBN = {978-1-4244-7114-0}, DOI = {10.1109/ICCCN.2010.5560103}, reviewed = {1}, author = {Heer, Tobias and Jansen, Thomas and Hummen, Ren{\'e} and Wirtz, Hanno and G{\"o}tz, Stefan and Weingaertner, Elias and Wehrle, Klaus} } @Inproceedings { 2010-percomws-heer-munifi, title = {Collaborative Municipal Wi-Fi Networks - Challenges and Opportunities}, journal = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), IEEE.}, year = {2010}, month = {4}, day = {2}, volume = {1}, pages = {588 - 593}, abstract = {Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-percomws-collaborative-municipal-wi-fi.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), Mannheim, Germany.}, event_place = {Mannheim, Germany}, event_name = {Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010)}, event_date = {April 02, 2010}, language = {en}, ISBN = {978-1-4244-6605-4}, DOI = {10.1109/PERCOMW.2010.5470505}, author = {Heer, Tobias and Hummen, Ren{\'e} and Viol, Nicolai and Wirtz, Hanno and G{\"o}tz, Stefan and Wehrle, Klaus} } @Inproceedings { 2009-icc-heer-middleboxes, title = {End-host Authentication and Authorization for Middleboxes based on a Cryptographic Namespace}, year = {2009}, volume = {1}, pages = {791-796}, abstract = {Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf}, misc2 = {Print}, publisher = {Piscataway, NJ, USA}, address = {Dresden, Germany}, booktitle = {Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany}, organization = {IEEE}, event_place = {Dresden, Germany}, event_name = {IEEE International Conference on Communications 2009 (ICC 2009)}, language = {en}, ISBN = {978-1-4244-3435-0}, ISSN = {1938-1883}, DOI = {10.1109/ICC.2009.5198984}, reviewed = {1}, author = {Heer, Tobias and Hummen, Ren{\'e} and Komu, Miika and G{\"o}tz, Stefan and Wehrle, Klaus} }