This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-07-04 Creation time: 07-17-54 --- Number of references 34 incollection 2024_pennekamp_blockchain-industry 2024 3 7 105 531-564 Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations. internet-of-production Springer Advances in Information Security 17 Blockchains – A Handbook on Fundamentals, Platforms and Applications 978-3-031-32145-0 10.1007/978-3-031-32146-7_17 1 JanPennekamp LennartBader EricWagner JensHiller RomanMatzutt KlausWehrle article 2022-henze-tii-prada IEEE Transactions on Cloud Computing 2022 9 10 3 1661-1674 In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today’s cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present Prada , a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, Prada introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement Prada on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage. https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-henze-tii-prada.pdf Online en 2168-7161 10.1109/TCC.2020.3000336 1 MartinHenze RomanMatzutt JensHiller ErikMühmer Jan HenrikZiegeldorf Johannesvan der Giet KlausWehrle inproceedings 2021_reuter_demo 2021 9 14 Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis. Electronic Communications of the EASST, Volume 080 Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf TU Berlin Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, Lübeck, Germany Lübeck, Germany September 13-16, 2021 1863-2122 10.14279/tuj.eceasst.80.1151 1 SebastianReuter JensHiller JanPennekamp AndriyPanchenko KlausWehrle article 2021_pennekamp_accountable_manufacturing Automation 2021 9 13 2 3 202-219 The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust. blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf MDPI 2673-4052 10.3390/automation2030013 1 JanPennekamp RomanMatzutt Salil S.Kanhere JensHiller KlausWehrle article 2021-wehrle-energy Energy Technology 2021 9 2 10.1002/ente.202000937 1 FriedirchWiegel EdoardoDe Din AntonelloMonti KlausWehrle MarcHiller MartinaZitterbart VeitHagenmeyer inproceedings 2020_delacadena_trafficsliver 2020 11 12 1971-1985 Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only. To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network. Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf https://github.com/TrafficSliver ACM Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA Virtual Event, USA November 9-13, 2020 978-1-4503-7089-9/20/11 10.1145/3372297.3423351 1 WladimirDe la Cadena AsyaMitseva JensHiller JanPennekamp SebastianReuter JulianFilter KlausWehrle ThomasEngel AndriyPanchenko inproceedings 2020-hiller-ccs-crosssigning 2020 11 11 1289-1306 PKI; X.509; SSL; TLS; cross-signing; cross certification https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-hiller-ccs-cross_signing.pdf https://github.com/pki-xs-analysis ACM

New York, NY, USA

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA. Orlando, FL, USA November 9-13, 2020 10.1145/3372297.3423345 1 JensHiller JohannaAmann OliverHohlfeld article 2020-holz-ccr-tls13 ACM SIGCOMM Computer Communications Review (CCR) 2020 7 50 3 3-15 Selected for the 'Best of CCR' session at SIGCOMM 2021. https://ccronline.sigcomm.org/wp-content/uploads/2020/08/sigcomm-ccr-paper430-with-open-review.pdf Association for Computing Machinery

New York, NY, USA

10.1145/3411740.3411742 1 RalphHolz JensHiller JohannaAmann AbbasRazaghpanah ThomasJost NarseoVallina-Rodriguez OliverHohlfeld inproceedings 2019_delacadena_countermeasure 2019 11 12 2533-2535 Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95% to less than 35% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf ACM Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom London, United Kingdom November 11-15, 2019 978-1-4503-6747-9/19/11 10.1145/3319535.3363249 1 WladimirDe la Cadena AsyaMitseva JanPennekamp JensHiller FabianLanze ThomasEngel KlausWehrle AndriyPanchenko inproceedings 2019-hiller-lcn-sessionsharing 2019 10 14 internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-lcn-case_for_tls_session_sharing.pdf IEEE IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), Osnabrück, Germany Osnabrück, Germany 44th IEEE Conference on Local Computer Networks (LCN) October 14-17, 2019 en 978-1-7281-2561-9 10.1109/LCNSymposium47956.2019.9000667 1 JensHiller MartinHenze TorstenZimmermann OliverHohlfeld KlausWehrle inproceedings 2019-hiller-icnp-tailoringOR 2019 10 10 An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888033 1 JensHiller JanPennekamp MarkusDahlmanns MartinHenze AndriyPanchenko KlausWehrle inproceedings 2019-dahlmanns-icnp-knowledgeSystem 2019 10 7 More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only. Poster Session private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer kimusin; internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888121 1 MarkusDahlmanns ChrisDax RomanMatzutt JanPennekamp JensHiller KlausWehrle inproceedings 2019_pennekamp_multipath 2019 10 7 Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation. Poster Session https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf IEEE Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Chicago, IL, USA 27th IEEE International Conference on Network Protocols (ICNP 2019) 7-10. Oct. 2019 978-1-7281-2700-2 2643-3303 10.1109/ICNP.2019.8888029 1 JanPennekamp JensHiller SebastianReuter WladimirDe la Cadena AsyaMitseva MartinHenze ThomasEngel KlausWehrle AndriyPanchenko inproceedings 2019-hiller-aeit-regaining 2019 9 Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure. ECSEL; European Union (EU); Horizon 2020; CONNECT Innovative smart components, modules and appliances for a truly connected, efficient and secure smart grid; Grant Agreement No 737434 connect https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-aeit-regaining.pdf IEEE Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy Firenze, Italy AEIT International Annual Conference September 18-20, 2019 978-8-8872-3745-0 10.23919/AEIT.2019.8893406 1 JensHiller KarstenKomanns MarkusDahlmanns KlausWehrle techreport 2019-hohlfeld-santa-tr 2019 4 1 arXiv:1904.00671 [cs.NI] 1--14 maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-santatr.pdf https://arxiv.org/abs/1904.00671 Online COMSYS, RWTH Aachen University

Ahornstr. 55, 52074 Aachen, Germany

COMSYS, RWTH Aachen University Technical Report en OliverHohlfeld HelgeReelfs JanRüth FlorianSchmidt TorstenZimmermann JensHiller KlausWehrle inproceedings 2018-hiller-lcn-lowlatencyiiot 2018 10 connect,iop,nerd-nrw https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-lcn-secure_low_latency_communication_iiot.pdf IEEE 43rd IEEE Conference on Local Computer Networks (LCN), Chicago, USA Chicago, USA 43nd IEEE Conference on Local Computer Networks (LCN) October 1-4, 2018 en 978-1-5386-4413-3 10.1109/LCN.2018.8638027 1 JensHiller MartinHenze MartinSerror EricWagner Jan NiklasRichter KlausWehrle inproceedings 2018-hohlfeld-santa 2018 9 3 maki,ssiclops,reflexes https://ieeexplore.ieee.org/document/8493053 IEEE Proceedings of the 2018 30th International Teletraffic Congress (ITC 30), Vienna, Austria Vienna, Austria International Teletraffic Congress ITC 30 03.09.2018 - 07-09.2018 en 10.1109/ITC30.2018.00015 1 OliverHohlfeld Jens HelgeReelfs JanRüth FlorianSchmidt TorstenZimmermann JensHiller KlausWehrle inproceedings 2018-hiller-ic2e-cpplintegration 2018 4 19 241-249 ssiclops,iop https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-ic2e-policy-aware-cloud.pdf https://ieeexplore.ieee.org/document/8360335 IEEE Proceedings of the 2018 IEEE International Conference on Cloud Engineering (IC2E 2018), Orlando, Florida, USA Orlando, Florida, USA 2018 IEEE International Conference on Cloud Engineering (IC2E 2018) 2018-04-19 978-1-5386-5008-0 10.1109/IC2E.2018.00050 1 JensHiller MaelKimmerlin MaxPlauth SeppoHeikkila StefanKlauck VilleLindfors FelixEberhardt DariuszBursztynowski Jesus LlorenteSantos OliverHohlfeld KlausWehrle inproceedings 2018-matzutt-bitcoin-content-countermeasures 2018 4 17 364-370 Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain. Bitcoin,blockchain,security,objectionable content,countermeasure mynedata,iop https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-matzutt-blockchain-contents-countermeasures.pdf https://ieeexplore.ieee.org/document/8360355 IEEE Proceedings of the First IEEE Workshop on Blockchain Technologies and Applications (BTA), co-located with the IEEE International Conference on Cloud Engineering 2018 (IC2E 2018) Orlando, Florida, USA First IEEE Workshop on Blockchain Technologies and Applications (BTA) 2018-04-17 English 978-1-5386-5008-0 10.1109/IC2E.2018.00070 1 RomanMatzutt MartinHenze Jan HenrikZiegeldorf JensHiller KlausWehrle article 2018-scheitle-ccr-caa ACM SIGCOMM Computer Communications Review (CCR) 2018 4 48 10-23 https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/caa17.pdf internet-measurements https://ccronline.sigcomm.org/wp-content/uploads/2018/05/sigcomm-ccr-final163.pdf https://ccronline.sigcomm.org/2018/a-first-look-at-certification-authority-authorization-caa/ 2018-06-05 10.1145/3213232.3213235 1 QuirinScheitle TaejoongChung JensHiller OliverGasser JohannesNaab Rolandvan Rijswijk-Deij OliverHohlfeld RalphHolz DaveChoffnes AlanMislove GeorgCarle inproceedings 2018-matzutt-bitcoin-content 2018 2 26 Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin's blockchain. Although most data originates from benign extensions to Bitcoin's protocol, our analysis reveals more than 1600 files on the blockchain, over 99% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly. mynedata https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018_matzutt_bitcoin-contents_preproceedings-version.pdf 2018-01-07 Online Springer Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curaçao Nieuwpoort, Curaçao Financial Cryptography and Data Security 2018 en 10.1007/978-3-662-58387-6_23 1 RomanMatzutt JensHiller MartinHenze Jan HenrikZiegeldorf DirkMüllmann OliverHohlfeld KlausWehrle inproceedings 2018-tzimmermann-split 2018 2 14 iop https://jenshiller.com/publication/2018-zimmermann-ewsn-split/2018-zimmermann-ewsn-split.pdf https://dl.acm.org/citation.cfm?id=3234847.3234854 ACM Proceedings of the 15th European Conference on Wireless Sensor Networks (EWSN 2018), Madrid, Spain Madrid, Spain European Conference on Wireless Sensor Networks (EWSN 2018) 14.2.2018 - 16.2.2018 en 978-0-9949886-2-1 1 TorstenZimmermann JensHiller Jens HelgeReelfs PascalHein KlausWehrle incollection 2017-cps-henze-network 2017 11 13 25-56 sensorcloud,ipacs Song, Houbing and Fink, Glenn A. and Jeschke, Sabina Wiley-IEEE Press First 2 Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications en 978-1-119-22604-8 10.1002/9781119226079.ch2 1 MartinHenze JensHiller RenéHummen RomanMatzutt KlausWehrle Jan HenrikZiegeldorf article 2017-ziegeldorf-bmcmedgenomics-bloom BMC Medical Genomics 2017 7 26 10 Suppl 2 29-42 Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude. Proceedings of the 5th iDASH Privacy and Security Workshop 2016 Secure outsourcing; Homomorphic encryption; Bloom filters sscilops; mynedata; rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf Online BioMed Central Chicago, IL, USA November 11, 2016 en 1755-8794 10.1186/s12920-017-0277-y 1 Jan HenrikZiegeldorf JanPennekamp DavidHellmanns FelixSchwinger IkeKunze MartinHenze JensHiller RomanMatzutt KlausWehrle inproceedings 2017-henze-ic2e-prada 2017 4 4 252-258 ssiclops, ipacs https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-ic2e-prada.pdf Online IEEE Proceedings of the 2017 IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, BC, Canada en 978-1-5090-5817-4 10.1109/IC2E.2017.32 1 MartinHenze RomanMatzutt JensHiller ErikMühmer Jan HenrikZiegeldorf Johannesvan der Giet KlausWehrle inproceedings 2016-henze-cloudcom-trinics 2016 12 12 366-370 trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-cloudcom-trinics.pdf Online IEEE Proceedings of the 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Luxembourg, Luxembourg en 978-1-5090-1445-3 10.1109/CloudCom.2016.0064 1 MartinHenze DanielKerpen JensHiller MichaelEggert DavidHellmanns ErikMühmer OussamaRenuli HenningMaier ChristianStüble RogerHäußling KlausWehrle inproceedings 2016-henze-wpes-cppl 2016 10 24 99-110 ssiclops https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-wpes-cppl.pdf Online ACM Proceedings of the 15th Workshop on Privacy in the Electronic Society (WPES), co-located with the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria en 978-1-4503-4569-9 10.1145/2994620.2994627 1 MartinHenze JensHiller SaschaSchmerling Jan HenrikZiegeldorf KlausWehrle inproceedings 2016-henze-claw-dpc 2016 4 8 130-135 ssiclops /fileadmin/papers/2016/2016-henze-claw-dpc.pdf Online IEEE Proceedings of the Second International Workshop on Legal and Technical Issues in Cloud Computing and Cloud-Supported Internet of Things (CLaw 2016), co-located with the 2016 IEEE International Conference on Cloud Engineering (IC2E 2016), Berlin, Germany en 978-1-5090-3684-4 10.1109/IC2EW.2016.24 1 MartinHenze JensHiller OliverHohlfeld KlausWehrle inproceedings 2015-ziegeldorf-cans-boma 2015 12 8 9476 197-213 /fileadmin/papers/2015/2015-ziegeldorf-cans-boma.pdf Online Springer Lecture Notes in Computer Science 14th International Conference on Cryptology and Network Security (CANS 2015), Marrakesh, Morocco en 978-3-319-26822-4 10.1007/978-3-319-26823-1_14 1 Jan HenrikZiegeldorf JensHiller MartinHenze HannoWirtz KlausWehrle inproceedings 2013-hummen-slimfit 2013 10 7 259-266 iotsec https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf Online IEEE Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on Lyon, France IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013) en 978-1-4577-2014-7 2160-4886 10.1109/WiMOB.2013.6673370 1 RenéHummen JensHiller MartinHenze KlausWehrle inproceedings 2013-icnp-hummen-tailoring 2013 10 7 1-10 iotsec https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf Online IEEE In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), Göttingen, Germany Göttingen, Germany 21st IEEE International Conference on Network Protocols (ICNP 2013) 7-10 Oct. 2013 en 978-1-4799-1270-4 10.1109/ICNP.2013.6733571 1 RenéHummen HannoWirtz Jan HenrikZiegeldorf JensHiller KlausWehrle inproceedings 2013-hummen-6lowpan 2013 4 17 iotsec; sensorcloud fileadmin/papers/2013/2013-hummen-6lowpan.pdf ACM Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13) Budapest, Hungary 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13) en 978-1-4503-1998-0 10.1145/2462096.2462107 1 RenéHummen JensHiller HannoWirtz MartinHenze HosseinShafagh KlausWehrle techreport 2013-draft-hummen-hip-middle-puzzle-01 2013 1 9 draft-hummen-hip-middle-puzzle-01 The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity. Work in progress iotsec; ietf http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01 Online Internet Engineering Task Force Internet-Draft en RenéHummen MartinHenze JensHiller article 2013-pik-hiller-e2e-security-smart Praxis der Informationsverarbeitung und Kommunikation 2013 36 1 23-29 en 1865-8342 10.1515/pik-2012-0141 JensHiller