% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-07-04 % Creation time: 07-22-38 % --- Number of references % 34 % @Incollection { 2024_pennekamp_blockchain-industry, title = {Blockchain Technology Accelerating Industry 4.0}, year = {2024}, month = {3}, day = {7}, volume = {105}, pages = {531-564}, abstract = {Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations.}, tags = {internet-of-production}, publisher = {Springer}, series = {Advances in Information Security}, chapter = {17}, booktitle = {Blockchains – A Handbook on Fundamentals, Platforms and Applications}, ISBN = {978-3-031-32145-0}, DOI = {10.1007/978-3-031-32146-7_17}, reviewed = {1}, author = {Pennekamp, Jan and Bader, Lennart and Wagner, Eric and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Article { 2022-henze-tii-prada, title = {Complying with Data Handling Requirements in Cloud Storage Systems}, journal = {IEEE Transactions on Cloud Computing}, year = {2022}, month = {9}, volume = {10}, number = {3}, pages = {1661-1674}, abstract = {In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today’s cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present Prada , a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, Prada introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement Prada on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-henze-tii-prada.pdf}, misc2 = {Online}, language = {en}, ISSN = {2168-7161}, DOI = {10.1109/TCC.2020.3000336}, reviewed = {1}, author = {Henze, Martin and Matzutt, Roman and Hiller, Jens and M{\"u}hmer, Erik and Ziegeldorf, Jan Henrik and van der Giet, Johannes and Wehrle, Klaus} } @Inproceedings { 2021_reuter_demo, title = {Demo: Traffic Splitting for Tor — A Defense against Fingerprinting Attacks}, year = {2021}, month = {9}, day = {14}, abstract = {Website fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis.}, note = {Electronic Communications of the EASST, Volume 080}, keywords = {Onion Routing; Website Fingerprinting; Multipath Traffic; Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-reuter-splitting-demo.pdf}, publisher = {TU Berlin}, booktitle = {Proceedings of the 2021 International Conference on Networked Systems (NetSys '21), September 13-16, 2021, L{\"u}beck, Germany}, event_place = {L{\"u}beck, Germany}, event_date = {September 13-16, 2021}, ISSN = {1863-2122}, DOI = {10.14279/tuj.eceasst.80.1151}, reviewed = {1}, author = {Reuter, Sebastian and Hiller, Jens and Pennekamp, Jan and Panchenko, Andriy and Wehrle, Klaus} } @Article { 2021_pennekamp_accountable_manufacturing, title = {The Road to Accountable and Dependable Manufacturing}, journal = {Automation}, year = {2021}, month = {9}, day = {13}, volume = {2}, number = {3}, pages = {202-219}, abstract = {The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad hoc collaborations, realizing highly dynamic business relationships for sustainable exploitation of production resources and capacities. However, the sharing and use of business data across manufacturers and with end customers add requirements on data accountability, verifiability, and reliability and needs to consider security and privacy demands. While research has already identified blockchain technology as a key technology to address these challenges, current solutions mainly evolve around logistics or focus on established business relationships instead of automated but highly dynamic collaborations that cannot draw upon long-term trust relationships. We identify three open research areas on the road to such a truly accountable and dependable manufacturing enabled by blockchain technology: blockchain-inherent challenges, scenario-driven challenges, and socio-economic challenges. Especially tackling the scenario-driven challenges, we discuss requirements and options for realizing a blockchain-based trustworthy information store and outline its use for automation to achieve a reliable sharing of product information, efficient and dependable collaboration, and dynamic distributed markets without requiring established long-term trust.}, keywords = {blockchain; supply chain management; Industry 4.0; manufacturing; secure industrial collaboration; scalability; Industrial Internet of Things; Internet of Production}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-manufacturing.pdf}, publisher = {MDPI}, ISSN = {2673-4052}, DOI = {10.3390/automation2030013}, reviewed = {1}, author = {Pennekamp, Jan and Matzutt, Roman and Kanhere, Salil S. and Hiller, Jens and Wehrle, Klaus} } @Article { 2021-wehrle-energy, title = {A Novel Receiver Design for Energy Packetā€Based Dispatching}, journal = {Energy Technology}, year = {2021}, volume = {9}, number = {2}, DOI = {10.1002/ente.202000937}, reviewed = {1}, author = {Wiegel, Friedirch and De Din, Edoardo and Monti, Antonello and Wehrle, Klaus and Hiller, Marc and Zitterbart, Martina and Hagenmeyer, Veit} } @Inproceedings { 2020_delacadena_trafficsliver, title = {TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting}, year = {2020}, month = {11}, day = {12}, pages = {1971-1985}, abstract = {Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node — one of the weakest adversaries in the attacker model of Tor — a passive eavesdropper can leverage the captured meta-data to reveal the websites visited by a Tor user. As recently shown, WFP is significantly more effective and realistic than assumed. Concurrently, former WFP defenses are either infeasible for deployment in real-world settings or defend against specific WFP attacks only. To limit the exposure of Tor users to WFP, we propose novel lightweight WFP defenses, TrafficSliver, which successfully counter today’s WFP classifiers with reasonable bandwidth and latency overheads and, thus, make them attractive candidates for adoption in Tor. Through user-controlled splitting of traffic over multiple Tor entry nodes, TrafficSliver limits the data a single entry node can observe and distorts repeatable traffic patterns exploited by WFP attacks. We first propose a network-layer defense, in which we apply the concept of multipathing entirely within the Tor network. We show that our network-layer defense reduces the accuracy from more than 98\% to less than 16\% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. We further suggest an elegant client-side application-layer defense, which is independent of the underlying anonymization network. By sending single HTTP requests for different web objects over distinct Tor entry nodes, our application-layer defense reduces the detection rate of WFP classifiers by almost 50 percentage points. Although it offers lower protection than our network-layer defense, it provides a security boost at the cost of a very low implementation overhead and is fully compatible with today’s Tor network.}, keywords = {Traffic Analysis; Website Fingerprinting; Privacy; Anonymous Communication; Onion Routing; Web Privacy}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-delacadena-trafficsliver.pdf}, web_url = {https://github.com/TrafficSliver}, publisher = {ACM}, booktitle = {Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS '20), November 9-13, 2020, Orlando, FL, USA}, event_place = {Virtual Event, USA}, event_date = {November 9-13, 2020}, ISBN = {978-1-4503-7089-9/20/11}, DOI = {10.1145/3372297.3423351}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Hiller, Jens and Pennekamp, Jan and Reuter, Sebastian and Filter, Julian and Wehrle, Klaus and Engel, Thomas and Panchenko, Andriy} } @Inproceedings { 2020-hiller-ccs-crosssigning, title = {The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures}, year = {2020}, month = {11}, day = {11}, pages = {1289-1306}, keywords = {PKI; X.509; SSL; TLS; cross-signing; cross certification}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-hiller-ccs-cross_signing.pdf}, web_url = {https://github.com/pki-xs-analysis}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA.}, event_place = {Orlando, FL, USA}, event_date = {November 9-13, 2020}, DOI = {10.1145/3372297.3423345}, reviewed = {1}, author = {Hiller, Jens and Amann, Johanna and Hohlfeld, Oliver} } @Article { 2020-holz-ccr-tls13, title = {Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization}, journal = {ACM SIGCOMM Computer Communications Review (CCR)}, year = {2020}, month = {7}, volume = {50}, number = {3}, pages = {3-15}, note = {Selected for the 'Best of CCR' session at SIGCOMM 2021.}, url = {https://ccronline.sigcomm.org/wp-content/uploads/2020/08/sigcomm-ccr-paper430-with-open-review.pdf}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, DOI = {10.1145/3411740.3411742}, reviewed = {1}, author = {Holz, Ralph and Hiller, Jens and Amann, Johanna and Razaghpanah, Abbas and Jost, Thomas and Vallina-Rodriguez, Narseo and Hohlfeld, Oliver} } @Inproceedings { 2019_delacadena_countermeasure, title = {POSTER: Traffic Splitting to Counter Website Fingerprinting}, year = {2019}, month = {11}, day = {12}, pages = {2533-2535}, abstract = {Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense that splits traffic over multiple entry nodes to limit the data a single malicious entry can use. Here, we explore several traffic-splitting strategies to distribute user traffic. We establish that our weighted random strategy dramatically reduces the accuracy from nearly 95\% to less than 35\% for four state-of-the-art WFP attacks without adding any artificial delays or dummy traffic.}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-delacadena-splitting-defense.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdom}, event_place = {London, United Kingdom}, event_date = {November 11-15, 2019}, ISBN = {978-1-4503-6747-9/19/11}, DOI = {10.1145/3319535.3363249}, reviewed = {1}, author = {De la Cadena, Wladimir and Mitseva, Asya and Pennekamp, Jan and Hiller, Jens and Lanze, Fabian and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019-hiller-lcn-sessionsharing, title = {The Case for Session Sharing: Relieving Clients from TLS Handshake Overheads}, year = {2019}, month = {10}, day = {14}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-lcn-case_for_tls_session_sharing.pdf}, publisher = {IEEE}, booktitle = {IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), Osnabr{\"u}ck, Germany}, event_place = {Osnabr{\"u}ck, Germany}, event_name = {44th IEEE Conference on Local Computer Networks (LCN)}, event_date = {October 14-17, 2019}, language = {en}, ISBN = {978-1-7281-2561-9}, DOI = {10.1109/LCNSymposium47956.2019.9000667}, reviewed = {1}, author = {Hiller, Jens and Henze, Martin and Zimmermann, Torsten and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2019-hiller-icnp-tailoringOR, title = {Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments}, year = {2019}, month = {10}, day = {10}, abstract = {An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-tailoring.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888033}, reviewed = {1}, author = {Hiller, Jens and Pennekamp, Jan and Dahlmanns, Markus and Henze, Martin and Panchenko, Andriy and Wehrle, Klaus} } @Inproceedings { 2019-dahlmanns-icnp-knowledgeSystem, title = {Privacy-Preserving Remote Knowledge System}, year = {2019}, month = {10}, day = {7}, abstract = {More and more traditional services, such as malware detectors or collaboration services in industrial scenarios, move to the cloud. However, this behavior poses a risk for the privacy of clients since these services are able to generate profiles containing very sensitive information, e.g., vulnerability information or collaboration partners. Hence, a rising need for protocols that enable clients to obtain knowledge without revealing their requests exists. To address this issue, we propose a protocol that enables clients (i) to query large cloud-based knowledge systems in a privacy-preserving manner using Private Set Intersection and (ii) to subsequently obtain individual knowledge items without leaking the client’s requests via few Oblivious Transfers. With our preliminary design, we allow clients to save a significant amount of time in comparison to performing Oblivious Transfers only.}, note = {Poster Session}, keywords = {private query protocol; knowledge system; remote knowledge; private set intersection; oblivious transfer}, tags = {kimusin; internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-dahlmanns-knowledge-system.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888121}, reviewed = {1}, author = {Dahlmanns, Markus and Dax, Chris and Matzutt, Roman and Pennekamp, Jan and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2019_pennekamp_multipath, title = {Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing}, year = {2019}, month = {10}, day = {7}, abstract = {Users of an onion routing network, such as Tor, depend on its anonymity properties. However, especially malicious entry nodes, which know the client’s identity, can also observe the whole communication on their link to the client and, thus, conduct several de-anonymization attacks. To limit this exposure and to impede corresponding attacks, we propose to multipath traffic between the client and the middle node to reduce the information an attacker can obtain at a single vantage point. To facilitate the deployment, only clients and selected middle nodes need to implement our approach, which works transparently for the remaining legacy nodes. Furthermore, we let clients control the splitting strategy to prevent any external manipulation.}, note = {Poster Session}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-multipathing.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA}, event_place = {Chicago, IL, USA}, event_name = {27th IEEE International Conference on Network Protocols (ICNP 2019)}, event_date = {7-10. Oct. 2019}, ISBN = {978-1-7281-2700-2}, ISSN = {2643-3303}, DOI = {10.1109/ICNP.2019.8888029}, reviewed = {1}, author = {Pennekamp, Jan and Hiller, Jens and Reuter, Sebastian and De la Cadena, Wladimir and Mitseva, Asya and Henze, Martin and Engel, Thomas and Wehrle, Klaus and Panchenko, Andriy} } @Inproceedings { 2019-hiller-aeit-regaining, title = {Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids}, year = {2019}, month = {9}, abstract = {Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.}, note = {ECSEL; European Union (EU); Horizon 2020; CONNECT Innovative smart components, modules and appliances for a truly connected, efficient and secure smart grid; Grant Agreement No 737434}, tags = {connect}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hiller-aeit-regaining.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy}, event_place = {Firenze, Italy}, event_name = {AEIT International Annual Conference}, event_date = {September 18-20, 2019}, ISBN = {978-8-8872-3745-0}, DOI = {10.23919/AEIT.2019.8893406}, reviewed = {1}, author = {Hiller, Jens and Komanns, Karsten and Dahlmanns, Markus and Wehrle, Klaus} } @Techreport { 2019-hohlfeld-santa-tr, title = {Application-Agnostic Offloading of Packet Processing}, year = {2019}, month = {4}, day = {1}, number2 = {arXiv:1904.00671 [cs.NI]}, pages = {1--14}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-santatr.pdf}, web_url = {https://arxiv.org/abs/1904.00671}, misc2 = {Online}, publisher = {COMSYS, RWTH Aachen University}, address = {Ahornstr. 55, 52074 Aachen, Germany}, institution = {COMSYS, RWTH Aachen University}, type = {Technical Report}, language = {en}, author = {Hohlfeld, Oliver and Reelfs, Helge and R{\"u}th, Jan and Schmidt, Florian and Zimmermann, Torsten and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2018-hiller-lcn-lowlatencyiiot, title = {Secure Low Latency Communication for Constrained Industrial IoT Scenarios}, year = {2018}, month = {10}, tags = {connect,iop,nerd-nrw}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-lcn-secure_low_latency_communication_iiot.pdf}, publisher = {IEEE}, booktitle = {43rd IEEE Conference on Local Computer Networks (LCN), Chicago, USA}, event_place = {Chicago, USA}, event_name = {43nd IEEE Conference on Local Computer Networks (LCN)}, event_date = {October 1-4, 2018}, language = {en}, ISBN = {978-1-5386-4413-3}, DOI = {10.1109/LCN.2018.8638027}, reviewed = {1}, author = {Hiller, Jens and Henze, Martin and Serror, Martin and Wagner, Eric and Richter, Jan Niklas and Wehrle, Klaus} } @Inproceedings { 2018-hohlfeld-santa, title = {Application-Agnostic Offloading of Datagram Processing}, year = {2018}, month = {9}, day = {3}, tags = {maki,ssiclops,reflexes}, url = {https://ieeexplore.ieee.org/document/8493053}, publisher = {IEEE}, booktitle = {Proceedings of the 2018 30th International Teletraffic Congress (ITC 30), Vienna, Austria}, event_place = {Vienna, Austria}, event_name = {International Teletraffic Congress ITC 30}, event_date = {03.09.2018 - 07-09.2018}, language = {en}, DOI = {10.1109/ITC30.2018.00015}, reviewed = {1}, author = {Hohlfeld, Oliver and Reelfs, Jens Helge and R{\"u}th, Jan and Schmidt, Florian and Zimmermann, Torsten and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2018-hiller-ic2e-cpplintegration, title = {Giving Customers Control over Their Data: Integrating a Policy Language into the Cloud}, year = {2018}, month = {4}, day = {19}, pages = {241-249}, tags = {ssiclops,iop}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-hiller-ic2e-policy-aware-cloud.pdf}, web_url = {https://ieeexplore.ieee.org/document/8360335}, publisher = {IEEE}, booktitle = {Proceedings of the 2018 IEEE International Conference on Cloud Engineering (IC2E 2018), Orlando, Florida, USA}, event_place = {Orlando, Florida, USA}, event_name = {2018 IEEE International Conference on Cloud Engineering (IC2E 2018)}, event_date = {2018-04-19}, ISBN = {978-1-5386-5008-0}, DOI = {10.1109/IC2E.2018.00050}, reviewed = {1}, author = {Hiller, Jens and Kimmerlin, Mael and Plauth, Max and Heikkila, Seppo and Klauck, Stefan and Lindfors, Ville and Eberhardt, Felix and Bursztynowski, Dariusz and Santos, Jesus Llorente and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2018-matzutt-bitcoin-content-countermeasures, title = {Thwarting Unwanted Blockchain Content Insertion}, year = {2018}, month = {4}, day = {17}, pages = {364-370}, abstract = {Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain.}, keywords = {Bitcoin,blockchain,security,objectionable content,countermeasure}, tags = {mynedata,iop}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-matzutt-blockchain-contents-countermeasures.pdf}, web_url = {https://ieeexplore.ieee.org/document/8360355}, publisher = {IEEE}, booktitle = {Proceedings of the First IEEE Workshop on Blockchain Technologies and Applications (BTA), co-located with the IEEE International Conference on Cloud Engineering 2018 (IC2E 2018)}, event_place = {Orlando, Florida, USA}, event_name = {First IEEE Workshop on Blockchain Technologies and Applications (BTA)}, event_date = {2018-04-17}, language = {English}, ISBN = {978-1-5386-5008-0}, DOI = {10.1109/IC2E.2018.00070}, reviewed = {1}, author = {Matzutt, Roman and Henze, Martin and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Article { 2018-scheitle-ccr-caa, title = {A First Look at Certification Authority Authorization (CAA)}, journal = {ACM SIGCOMM Computer Communications Review (CCR)}, year = {2018}, month = {4}, volume = {48}, pages = {10-23}, note = {https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/caa17.pdf}, tags = {internet-measurements}, url = {https://ccronline.sigcomm.org/wp-content/uploads/2018/05/sigcomm-ccr-final163.pdf}, web_url = {https://ccronline.sigcomm.org/2018/a-first-look-at-certification-authority-authorization-caa/}, web_url_date = {2018-06-05}, DOI = {10.1145/3213232.3213235}, reviewed = {1}, author = {Scheitle, Quirin and Chung, Taejoong and Hiller, Jens and Gasser, Oliver and Naab, Johannes and van Rijswijk-Deij, Roland and Hohlfeld, Oliver and Holz, Ralph and Choffnes, Dave and Mislove, Alan and Carle, Georg} } @Inproceedings { 2018-matzutt-bitcoin-content, title = {A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin}, year = {2018}, month = {2}, day = {26}, abstract = {Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin's blockchain. Although most data originates from benign extensions to Bitcoin's protocol, our analysis reveals more than 1600 files on the blockchain, over 99\% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly.}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018_matzutt_bitcoin-contents_preproceedings-version.pdf}, web_url_date = {2018-01-07}, misc2 = {Online}, publisher = {Springer}, booktitle = {Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Cura\c{c}ao}, event_place = {Nieuwpoort, Cura\c{c}ao}, event_name = {Financial Cryptography and Data Security 2018}, language = {en}, DOI = {10.1007/978-3-662-58387-6_23}, reviewed = {1}, author = {Matzutt, Roman and Hiller, Jens and Henze, Martin and Ziegeldorf, Jan Henrik and M{\"u}llmann, Dirk and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2018-tzimmermann-split, title = {SPLIT: Smart Protocol Loading for the IoT}, year = {2018}, month = {2}, day = {14}, tags = {iop}, url = {https://jenshiller.com/publication/2018-zimmermann-ewsn-split/2018-zimmermann-ewsn-split.pdf}, web_url = {https://dl.acm.org/citation.cfm?id=3234847.3234854}, publisher = {ACM}, booktitle = {Proceedings of the 15th European Conference on Wireless Sensor Networks (EWSN 2018), Madrid, Spain}, event_place = {Madrid, Spain}, event_name = {European Conference on Wireless Sensor Networks (EWSN 2018)}, event_date = {14.2.2018 - 16.2.2018}, language = {en}, ISBN = {978-0-9949886-2-1}, reviewed = {1}, author = {Zimmermann, Torsten and Hiller, Jens and Reelfs, Jens Helge and Hein, Pascal and Wehrle, Klaus} } @Incollection { 2017-cps-henze-network, title = {Network Security and Privacy for Cyber-Physical Systems}, year = {2017}, month = {11}, day = {13}, pages = {25-56}, tags = {sensorcloud,ipacs}, editor = {Song, Houbing and Fink, Glenn A. and Jeschke, Sabina}, publisher = {Wiley-IEEE Press}, edition = {First}, chapter = {2}, booktitle = {Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications}, language = {en}, ISBN = {978-1-119-22604-8}, DOI = {10.1002/9781119226079.ch2}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Hummen, Ren{\'e} and Matzutt, Roman and Wehrle, Klaus and Ziegeldorf, Jan Henrik} } @Article { 2017-ziegeldorf-bmcmedgenomics-bloom, title = {BLOOM: BLoom filter based Oblivious Outsourced Matchings}, journal = {BMC Medical Genomics}, year = {2017}, month = {7}, day = {26}, volume = {10}, number = {Suppl 2}, pages = {29-42}, abstract = {Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (\(\sigma\)=8.73 s) with our first approach and a mere 0.07 s (\(\sigma\)=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.}, note = {Proceedings of the 5th iDASH Privacy and Security Workshop 2016}, keywords = {Secure outsourcing; Homomorphic encryption; Bloom filters}, tags = {sscilops; mynedata; rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf}, misc2 = {Online}, publisher = {BioMed Central}, event_place = {Chicago, IL, USA}, event_date = {November 11, 2016}, language = {en}, ISSN = {1755-8794}, DOI = {10.1186/s12920-017-0277-y}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Pennekamp, Jan and Hellmanns, David and Schwinger, Felix and Kunze, Ike and Henze, Martin and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2017-henze-ic2e-prada, title = {Practical Data Compliance for Cloud Storage}, year = {2017}, month = {4}, day = {4}, pages = {252-258}, tags = {ssiclops, ipacs}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-ic2e-prada.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2017 IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, BC, Canada}, language = {en}, ISBN = {978-1-5090-5817-4}, DOI = {10.1109/IC2E.2017.32}, reviewed = {1}, author = {Henze, Martin and Matzutt, Roman and Hiller, Jens and M{\"u}hmer, Erik and Ziegeldorf, Jan Henrik and van der Giet, Johannes and Wehrle, Klaus} } @Inproceedings { 2016-henze-cloudcom-trinics, title = {Towards Transparent Information on Individual Cloud Service Usage}, year = {2016}, month = {12}, day = {12}, pages = {366-370}, tags = {trinics}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-cloudcom-trinics.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Luxembourg, Luxembourg}, language = {en}, ISBN = {978-1-5090-1445-3}, DOI = {10.1109/CloudCom.2016.0064}, reviewed = {1}, author = {Henze, Martin and Kerpen, Daniel and Hiller, Jens and Eggert, Michael and Hellmanns, David and M{\"u}hmer, Erik and Renuli, Oussama and Maier, Henning and St{\"u}ble, Christian and H{\"a}u{\ss}ling, Roger and Wehrle, Klaus} } @Inproceedings { 2016-henze-wpes-cppl, title = {CPPL: Compact Privacy Policy Language}, year = {2016}, month = {10}, day = {24}, pages = {99-110}, tags = {ssiclops}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2016/2016-henze-wpes-cppl.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 15th Workshop on Privacy in the Electronic Society (WPES), co-located with the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria}, language = {en}, ISBN = {978-1-4503-4569-9}, DOI = {10.1145/2994620.2994627}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Schmerling, Sascha and Ziegeldorf, Jan Henrik and Wehrle, Klaus} } @Inproceedings { 2016-henze-claw-dpc, title = {Moving Privacy-Sensitive Services from Public Clouds to Decentralized Private Clouds}, year = {2016}, month = {4}, day = {8}, pages = {130-135}, tags = {ssiclops}, url = {/fileadmin/papers/2016/2016-henze-claw-dpc.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the Second International Workshop on Legal and Technical Issues in Cloud Computing and Cloud-Supported Internet of Things (CLaw 2016), co-located with the 2016 IEEE International Conference on Cloud Engineering (IC2E 2016), Berlin, Germany}, language = {en}, ISBN = {978-1-5090-3684-4}, DOI = {10.1109/IC2EW.2016.24}, reviewed = {1}, author = {Henze, Martin and Hiller, Jens and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2015-ziegeldorf-cans-boma, title = {Bandwidth-optimized Secure Two-Party Computation of Minima}, year = {2015}, month = {12}, day = {8}, volume = {9476}, pages = {197-213}, url = {/fileadmin/papers/2015/2015-ziegeldorf-cans-boma.pdf}, misc2 = {Online}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, booktitle = {14th International Conference on Cryptology and Network Security (CANS 2015), Marrakesh, Morocco}, language = {en}, ISBN = {978-3-319-26822-4}, DOI = {10.1007/978-3-319-26823-1_14}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Hiller, Jens and Henze, Martin and Wirtz, Hanno and Wehrle, Klaus} } @Inproceedings { 2013-hummen-slimfit, title = {Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {259-266}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-slimfit.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on}, event_place = {Lyon, France}, event_name = {IEEE WiMob 2013 Workshop on the Internet of Things Communications and Technologies (IoT 2013)}, language = {en}, ISBN = {978-1-4577-2014-7}, ISSN = {2160-4886}, DOI = {10.1109/WiMOB.2013.6673370}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2013-icnp-hummen-tailoring, title = {Tailoring End-to-End IP Security Protocols to the Internet of Things}, year = {2013}, month = {10}, day = {7}, pages = {1-10}, tags = {iotsec}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-hummen-tailoring.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {In Proceedings of the 21st IEEE International Conference on Network Protocols (ICNP 2013), G{\"o}ttingen, Germany}, event_place = {G{\"o}ttingen, Germany}, event_name = {21st IEEE International Conference on Network Protocols (ICNP 2013)}, event_date = {7-10 Oct. 2013}, language = {en}, ISBN = {978-1-4799-1270-4}, DOI = {10.1109/ICNP.2013.6733571}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2013-hummen-6lowpan, title = {6LoWPAN Fragmentation Attacks and Mitigation Mechanisms}, year = {2013}, month = {4}, day = {17}, tags = {iotsec; sensorcloud}, url = {fileadmin/papers/2013/2013-hummen-6lowpan.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, event_place = {Budapest, Hungary}, event_name = {6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13)}, language = {en}, ISBN = {978-1-4503-1998-0}, DOI = {10.1145/2462096.2462107}, reviewed = {1}, author = {Hummen, Ren{\'e} and Hiller, Jens and Wirtz, Hanno and Henze, Martin and Shafagh, Hossein and Wehrle, Klaus} } @Techreport { 2013-draft-hummen-hip-middle-puzzle-01, title = {HIP Middlebox Puzzle Offloading and End-host Notification}, year = {2013}, month = {1}, day = {9}, number = {draft-hummen-hip-middle-puzzle-01}, abstract = {The Host Identity Protocol [RFC5201] is a secure signaling protocol with a cryptographic namespace. It provides the communicating peers with a cryptographic puzzle mechanism to protect against Denial of Service (DoS) attacks exploiting the computation and memory overheads of the protocol exchange. This document specifies an extension of the protocol that enables an on-path network entity to assist in the choice of the puzzle difficulty in case of an attack. Furthermore, it defines a modification of the puzzle mechanism that enables a host to delegate puzzle solving to an on-path network entity.}, note = {Work in progress}, tags = {iotsec; ietf}, url = {http://tools.ietf.org/html/draft-hummen-hip-middle-puzzle-01}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Hummen, Ren{\'e} and Henze, Martin and Hiller, Jens} } @Article { 2013-pik-hiller-e2e-security-smart, title = {End-to-End Security for Internet-Connected Smart Objects}, journal = {Praxis der Informationsverarbeitung und Kommunikation}, year = {2013}, volume = {36}, number = {1}, pages = {23-29}, language = {en}, ISSN = {1865-8342}, DOI = {10.1515/pik-2012-0141}, author = {Hiller, Jens} }