This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2024-07-04
Creation time: 07-17-54
--- Number of references
34
incollection
2024_pennekamp_blockchain-industry
Blockchain Technology Accelerating Industry 4.0
2024
3
7
105
531-564
Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations.
internet-of-production
Springer
Advances in Information Security
17
Blockchains – A Handbook on Fundamentals, Platforms and Applications
978-3-031-32145-0
10.1007/978-3-031-32146-7_17
1
JanPennekamp
LennartBader
EricWagner
JensHiller
RomanMatzutt
KlausWehrle
article
2022-henze-tii-prada
Complying with Data Handling Requirements in Cloud Storage Systems
IEEE Transactions on Cloud Computing
2022
9
10
3
1661-1674
In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today’s cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present Prada , a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, Prada introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement Prada on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-henze-tii-prada.pdf
Online
en
2168-7161
10.1109/TCC.2020.3000336
1
MartinHenze
RomanMatzutt
JensHiller
ErikMühmer
Jan HenrikZiegeldorf
Johannesvan der Giet
KlausWehrle
inproceedings
2021_reuter_demo
Demo: Traffic Splitting for Tor — A Defense against Fingerprinting Attacks
2021
9
14
Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis.
Electronic Communications of the EASST, Volume 080
Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf
TU Berlin
Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, Lübeck, Germany
Lübeck, Germany
September 13-16, 2021
1863-2122
10.14279/tuj.eceasst.80.1151
1
SebastianReuter
JensHiller
JanPennekamp
AndriyPanchenko
KlausWehrle
article
2021_pennekamp_accountable_manufacturing
The Road to Accountable and Dependable Manufacturing
Automation
2021
9
13
2
3
202-219
The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust.
blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf
MDPI
2673-4052
10.3390/automation2030013
1
JanPennekamp
RomanMatzutt
Salil S.Kanhere
JensHiller
KlausWehrle
article
2021-wehrle-energy
A Novel Receiver Design for Energy Packet‐Based Dispatching
Energy Technology
2021
9
2
10.1002/ente.202000937
1
FriedirchWiegel
EdoardoDe Din
AntonelloMonti
KlausWehrle
MarcHiller
MartinaZitterbart
VeitHagenmeyer
inproceedings
2020_delacadena_trafficsliver
TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting
2020
11
12
1971-1985
Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only.
To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network.
Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf
https://github.com/TrafficSliver
ACM
Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA
Virtual Event, USA
November 9-13, 2020
978-1-4503-7089-9/20/11
10.1145/3372297.3423351
1
WladimirDe la Cadena
AsyaMitseva
JensHiller
JanPennekamp
SebastianReuter
JulianFilter
KlausWehrle
ThomasEngel
AndriyPanchenko
inproceedings
2020-hiller-ccs-crosssigning
The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures
2020
11
11
1289-1306
PKI; X.509; SSL; TLS; cross-signing; cross certification
https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-hiller-ccs-cross_signing.pdf
https://github.com/pki-xs-analysis
ACM
New York, NY, USA
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.
Orlando, FL, USA
November 9-13, 2020
10.1145/3372297.3423345
1
JensHiller
JohannaAmann
OliverHohlfeld
article
2020-holz-ccr-tls13
Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization
ACM SIGCOMM Computer Communications Review (CCR)
2020
7
50
3
3-15
Selected for the 'Best of CCR' session at SIGCOMM 2021.
https://ccronline.sigcomm.org/wp-content/uploads/2020/08/sigcomm-ccr-paper430-with-open-review.pdf
Association for Computing Machinery
New York, NY, USA
10.1145/3411740.3411742
1
RalphHolz
JensHiller
JohannaAmann
AbbasRazaghpanah
ThomasJost
NarseoVallina-Rodriguez
OliverHohlfeld
inproceedings
2019_delacadena_countermeasure
POSTER: Traffic Splitting to Counter Website Fingerprinting
2019
11
12
2533-2535
Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95% to less than 35% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic.
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf
ACM
Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom
London, United Kingdom
November 11-15, 2019
978-1-4503-6747-9/19/11
10.1145/3319535.3363249
1
WladimirDe la Cadena
AsyaMitseva
JanPennekamp
JensHiller
FabianLanze
ThomasEngel
KlausWehrle
AndriyPanchenko
inproceedings
2019-hiller-lcn-sessionsharing
The Case for Session Sharing: Relieving Clients from TLS Handshake Overheads
2019
10
14
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-lcn-case_for_tls_session_sharing.pdf
IEEE
IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), Osnabrück, Germany
Osnabrück, Germany
44th IEEE Conference on Local Computer Networks (LCN)
October 14-17, 2019
en
978-1-7281-2561-9
10.1109/LCNSymposium47956.2019.9000667
1
JensHiller
MartinHenze
TorstenZimmermann
OliverHohlfeld
KlausWehrle
inproceedings
2019-hiller-icnp-tailoringOR
Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments
2019
10
10
An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.
internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888033
1
JensHiller
JanPennekamp
MarkusDahlmanns
MartinHenze
AndriyPanchenko
KlausWehrle
inproceedings
2019-dahlmanns-icnp-knowledgeSystem
Privacy-Preserving Remote Knowledge System
2019
10
7
More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.
Poster Session
private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer
kimusin; internet-of-production
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888121
1
MarkusDahlmanns
ChrisDax
RomanMatzutt
JanPennekamp
JensHiller
KlausWehrle
inproceedings
2019_pennekamp_multipath
Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing
2019
10
7
Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.
Poster Session
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf
IEEE
Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA
Chicago, IL, USA
27th IEEE International Conference on Network Protocols (ICNP 2019)
7-10. Oct. 2019
978-1-7281-2700-2
2643-3303
10.1109/ICNP.2019.8888029
1
JanPennekamp
JensHiller
SebastianReuter
WladimirDe la Cadena
AsyaMitseva
MartinHenze
ThomasEngel
KlausWehrle
AndriyPanchenko
inproceedings
2019-hiller-aeit-regaining
Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids
2019
9
Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.
ECSEL; European Union (EU); Horizon 2020; CONNECT Innovative smart components, modules and appliances for a truly connected, efficient and secure smart grid; Grant Agreement No 737434
connect
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-aeit-regaining.pdf
IEEE
Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy
Firenze, Italy
AEIT International Annual Conference
September 18-20, 2019
978-8-8872-3745-0
10.23919/AEIT.2019.8893406
1
JensHiller
KarstenKomanns
MarkusDahlmanns
KlausWehrle
techreport
2019-hohlfeld-santa-tr
Application-Agnostic Offloading of Packet Processing
2019
4
1
arXiv:1904.00671 [cs.NI]
1--14
maki
https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-santatr.pdf
https://arxiv.org/abs/1904.00671
Online
COMSYS, RWTH Aachen University
Ahornstr. 55, 52074 Aachen, Germany
COMSYS, RWTH Aachen University
Technical Report
en
OliverHohlfeld
HelgeReelfs
JanRüth
FlorianSchmidt
TorstenZimmermann
JensHiller
KlausWehrle
inproceedings
2018-hiller-lcn-lowlatencyiiot
Secure Low Latency Communication for Constrained Industrial IoT Scenarios
2018
10
connect,iop,nerd-nrw
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-lcn-secure_low_latency_communication_iiot.pdf
IEEE
43rd IEEE Conference on Local Computer Networks (LCN), Chicago, USA
Chicago, USA
43nd IEEE Conference on Local Computer Networks (LCN)
October 1-4, 2018
en
978-1-5386-4413-3
10.1109/LCN.2018.8638027
1
JensHiller
MartinHenze
MartinSerror
EricWagner
Jan NiklasRichter
KlausWehrle
inproceedings
2018-hohlfeld-santa
Application-Agnostic Offloading of Datagram Processing
2018
9
3
maki,ssiclops,reflexes
https://ieeexplore.ieee.org/document/8493053
IEEE
Proceedings of the 2018 30th International Teletraffic Congress (ITC 30), Vienna, Austria
Vienna, Austria
International Teletraffic Congress ITC 30
03.09.2018 - 07-09.2018
en
10.1109/ITC30.2018.00015
1
OliverHohlfeld
Jens HelgeReelfs
JanRüth
FlorianSchmidt
TorstenZimmermann
JensHiller
KlausWehrle
inproceedings
2018-hiller-ic2e-cpplintegration
Giving Customers Control over Their Data: Integrating a Policy Language into the Cloud
2018
4
19
241-249
ssiclops,iop
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-ic2e-policy-aware-cloud.pdf
https://ieeexplore.ieee.org/document/8360335
IEEE
Proceedings of the 2018 IEEE International Conference on Cloud Engineering (IC2E 2018), Orlando, Florida, USA
Orlando, Florida, USA
2018 IEEE International Conference on Cloud Engineering (IC2E 2018)
2018-04-19
978-1-5386-5008-0
10.1109/IC2E.2018.00050
1
JensHiller
MaelKimmerlin
MaxPlauth
SeppoHeikkila
StefanKlauck
VilleLindfors
FelixEberhardt
DariuszBursztynowski
Jesus LlorenteSantos
OliverHohlfeld
KlausWehrle
inproceedings
2018-matzutt-bitcoin-content-countermeasures
Thwarting Unwanted Blockchain Content Insertion
2018
4
17
364-370
Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain.
Bitcoin,blockchain,security,objectionable content,countermeasure
mynedata,iop
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-matzutt-blockchain-contents-countermeasures.pdf
https://ieeexplore.ieee.org/document/8360355
IEEE
Proceedings of the First IEEE Workshop on Blockchain Technologies and Applications (BTA), co-located with the IEEE International Conference on Cloud Engineering 2018 (IC2E 2018)
Orlando, Florida, USA
First IEEE Workshop on Blockchain Technologies and Applications (BTA)
2018-04-17
English
978-1-5386-5008-0
10.1109/IC2E.2018.00070
1
RomanMatzutt
MartinHenze
Jan HenrikZiegeldorf
JensHiller
KlausWehrle
article
2018-scheitle-ccr-caa
A First Look at Certification Authority Authorization (CAA)
ACM SIGCOMM Computer Communications Review (CCR)
2018
4
48
10-23
https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/caa17.pdf
internet-measurements
https://ccronline.sigcomm.org/wp-content/uploads/2018/05/sigcomm-ccr-final163.pdf
https://ccronline.sigcomm.org/2018/a-first-look-at-certification-authority-authorization-caa/
2018-06-05
10.1145/3213232.3213235
1
QuirinScheitle
TaejoongChung
JensHiller
OliverGasser
JohannesNaab
Rolandvan Rijswijk-Deij
OliverHohlfeld
RalphHolz
DaveChoffnes
AlanMislove
GeorgCarle
inproceedings
2018-matzutt-bitcoin-content
A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin
2018
2
26
Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin's blockchain. Although most data originates from benign extensions to Bitcoin's protocol, our analysis reveals more than 1600 files on the blockchain, over 99% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly.
mynedata
https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018_matzutt_bitcoin-contents_preproceedings-version.pdf
2018-01-07
Online
Springer
Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curaçao
Nieuwpoort, Curaçao
Financial Cryptography and Data Security 2018
en
10.1007/978-3-662-58387-6_23
1
RomanMatzutt
JensHiller
MartinHenze
Jan HenrikZiegeldorf
DirkMüllmann
OliverHohlfeld
KlausWehrle
inproceedings
2018-tzimmermann-split
SPLIT: Smart Protocol Loading for the IoT
2018
2
14
iop
https://jenshiller.com/publication/2018-zimmermann-ewsn-split/2018-zimmermann-ewsn-split.pdf
https://dl.acm.org/citation.cfm?id=3234847.3234854
ACM
Proceedings of the 15th European Conference on Wireless Sensor Networks (EWSN 2018), Madrid, Spain
Madrid, Spain
European Conference on Wireless Sensor Networks (EWSN 2018)
14.2.2018 - 16.2.2018
en
978-0-9949886-2-1
1
TorstenZimmermann
JensHiller
Jens HelgeReelfs
PascalHein
KlausWehrle
incollection
2017-cps-henze-network
Network Security and Privacy for Cyber-Physical Systems
2017
11
13
25-56
sensorcloud,ipacs
Song, Houbing and Fink, Glenn A. and Jeschke, Sabina
Wiley-IEEE Press
First
2
Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications
en
978-1-119-22604-8
10.1002/9781119226079.ch2
1
MartinHenze
JensHiller
RenéHummen
RomanMatzutt
KlausWehrle
Jan HenrikZiegeldorf
article
2017-ziegeldorf-bmcmedgenomics-bloom
BLOOM: BLoom filter based Oblivious Outsourced Matchings
BMC Medical Genomics
2017
7
26
10
Suppl 2
29-42
Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.
Proceedings of the 5th iDASH Privacy and Security Workshop 2016
Secure outsourcing; Homomorphic encryption; Bloom filters
sscilops; mynedata; rfc
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf
Online
BioMed Central
Chicago, IL, USA
November 11, 2016
en
1755-8794
10.1186/s12920-017-0277-y
1
Jan HenrikZiegeldorf
JanPennekamp
DavidHellmanns
FelixSchwinger
IkeKunze
MartinHenze
JensHiller
RomanMatzutt
KlausWehrle
inproceedings
2017-henze-ic2e-prada
Practical Data Compliance for Cloud Storage
2017
4
4
252-258
ssiclops, ipacs
https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-ic2e-prada.pdf
Online
IEEE
Proceedings of the 2017 IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, BC, Canada
en
978-1-5090-5817-4
10.1109/IC2E.2017.32
1
MartinHenze
RomanMatzutt
JensHiller
ErikMühmer
Jan HenrikZiegeldorf
Johannesvan der Giet
KlausWehrle
inproceedings
2016-henze-cloudcom-trinics
Towards Transparent Information on Individual Cloud Service Usage
2016
12
12
366-370
trinics
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-cloudcom-trinics.pdf
Online
IEEE
Proceedings of the 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Luxembourg, Luxembourg
en
978-1-5090-1445-3
10.1109/CloudCom.2016.0064
1
MartinHenze
DanielKerpen
JensHiller
MichaelEggert
DavidHellmanns
ErikMühmer
OussamaRenuli
HenningMaier
ChristianStüble
RogerHäußling
KlausWehrle
inproceedings
2016-henze-wpes-cppl
CPPL: Compact Privacy Policy Language
2016
10
24
99-110
ssiclops
https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-wpes-cppl.pdf
Online
ACM
Proceedings of the 15th Workshop on Privacy in the Electronic Society (WPES), co-located with the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria
en
978-1-4503-4569-9
10.1145/2994620.2994627
1
MartinHenze
JensHiller
SaschaSchmerling
Jan HenrikZiegeldorf
KlausWehrle
inproceedings
2016-henze-claw-dpc
Moving Privacy-Sensitive Services from Public Clouds to Decentralized Private Clouds
2016
4
8
130-135
ssiclops
/fileadmin/papers/2016/2016-henze-claw-dpc.pdf
Online
IEEE
Proceedings of the Second International Workshop on
Legal and Technical Issues in Cloud Computing and Cloud-Supported Internet of Things (CLaw 2016), co-located with the 2016 IEEE International Conference on Cloud Engineering (IC2E 2016), Berlin, Germany
en
978-1-5090-3684-4
10.1109/IC2EW.2016.24
1
MartinHenze
JensHiller
OliverHohlfeld
KlausWehrle
inproceedings
2015-ziegeldorf-cans-boma
Bandwidth-optimized Secure Two-Party Computation of Minima
2015
12
8
9476
197-213
/fileadmin/papers/2015/2015-ziegeldorf-cans-boma.pdf
Online
Springer
Lecture Notes in Computer Science
14th International Conference on Cryptology and Network Security (CANS 2015), Marrakesh, Morocco
en
978-3-319-26822-4
10.1007/978-3-319-26823-1_14
1
Jan HenrikZiegeldorf
JensHiller
MartinHenze
HannoWirtz
KlausWehrle
inproceedings
2013-hummen-slimfit
Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things
2013
10
7
259-266
iotsec
https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf
Online
IEEE
Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on
Lyon, France
IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013)
en
978-1-4577-2014-7
2160-4886
10.1109/WiMOB.2013.6673370
1
RenéHummen
JensHiller
MartinHenze
KlausWehrle
inproceedings
2013-icnp-hummen-tailoring
Tailoring End-to-End IP Security Protocols to the Internet of Things
2013
10
7
1-10
iotsec
https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf
Online
IEEE
In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), Göttingen, Germany
Göttingen, Germany
21st IEEE International Conference on Network Protocols (ICNP 2013)
7-10 Oct. 2013
en
978-1-4799-1270-4
10.1109/ICNP.2013.6733571
1
RenéHummen
HannoWirtz
Jan HenrikZiegeldorf
JensHiller
KlausWehrle
inproceedings
2013-hummen-6lowpan
6LoWPAN Fragmentation Attacks and Mitigation Mechanisms
2013
4
17
iotsec; sensorcloud
fileadmin/papers/2013/2013-hummen-6lowpan.pdf
ACM
Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)
Budapest, Hungary
6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)
en
978-1-4503-1998-0
10.1145/2462096.2462107
1
RenéHummen
JensHiller
HannoWirtz
MartinHenze
HosseinShafagh
KlausWehrle
techreport
2013-draft-hummen-hip-middle-puzzle-01
HIP Middlebox Puzzle Offloading and End-host Notification
2013
1
9
draft-hummen-hip-middle-puzzle-01
The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity.
Work in progress
iotsec; ietf
http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01
Online
Internet Engineering Task Force
Internet-Draft
en
RenéHummen
MartinHenze
JensHiller
article
2013-pik-hiller-e2e-security-smart
End-to-End Security for Internet-Connected Smart Objects
Praxis der Informationsverarbeitung und Kommunikation
2013
36
1
23-29
en
1865-8342
10.1515/pik-2012-0141
JensHiller