% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-07-03 % Creation time: 05-29-54 % --- Number of references % 6 % @Inproceedings { 2024-wagner-madtls, title = {Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication}, year = {2024}, month = {7}, day = {1}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf}, publisher = {ACM}, booktitle = {19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur}, event_place = {Singapur}, event_name = {ACM ASIA Conference on Computer and Communications Security (AsiaCCS)}, event_date = {July 1-5, 2024}, DOI = {10.1145/3634737.3637640}, reviewed = {1}, author = {Wagner, Eric and Heye, David and Serror, Martin and Kunze, Ike and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2024_dahlmanns_ipv6-deployments, title = {Unconsidered Installations: Discovering IoT Deployments in the IPv6 Internet}, year = {2024}, month = {5}, day = {10}, abstract = {Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39\% of deployments have access control in place and only 6.2\% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.}, keywords = {Internet of Things, security, Internet measurements, IPv6, address generators}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-ipv6.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24), May 6-10, 2024, Seoul, Korea}, event_place = {Seoul, Korea}, event_name = {2024 IEEE Network Operations and Management Symposium}, event_date = {May 6-10, 2024}, state = {accepted}, reviewed = {1}, author = {Dahlmanns, Markus and Heidenreich, Felix and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Wehrle, Klaus and Henze, Martin} } @Incollection { 2024_matzutt_blockchain-content, title = {Illicit Blockchain Content – Its Different Shapes, Consequences, and Remedies}, year = {2024}, month = {3}, day = {7}, volume = {105}, pages = {301-336}, abstract = {Augmenting public blockchains with arbitrary, nonfinancial content fuels novel applications that facilitate the interactions between mutually distrusting parties. However, new risks emerge at the same time when illegal content is added. This chapter thus provides a holistic overview of the risks of content insertion as well as proposed countermeasures. We first establish a simple framework for how content is added to the blockchain and subsequently distributed across the blockchain’s underlying peer-to-peer network. We then discuss technical as well as legal implications of this form of content distribution and give a systematic overview of basic methods and high-level services for inserting arbitrary blockchain content. Afterward, we assess to which extent these methods and services have been used in the past on the blockchains of Bitcoin Core, Bitcoin Cash, and Bitcoin SV, respectively. Based on this assessment of the current state of (unwanted) blockchain content, we discuss (a) countermeasures to mitigate its insertion, (b) how pruning blockchains relates to this issue, and (c) how strategically weakening the otherwise desired immutability of a blockchain allows for redacting objectionable content. We conclude this chapter by identifying future research directions in the domain of blockchain content insertion.}, keywords = {Blockchain content insertion; Illicit content; Pruning; Redaction}, publisher = {Springer}, series = {Advances in Information Security}, chapter = {10}, booktitle = {Blockchains – A Handbook on Fundamentals, Platforms and Applications}, ISBN = {978-3-031-32145-0}, DOI = {10.1007/978-3-031-32146-7_10}, reviewed = {1}, author = {Matzutt, Roman and Henze, Martin and M{\"u}llmann, Dirk and Wehrle, Klaus} } @Incollection { 2024_pennekamp_blockchain-industry, title = {Blockchain Technology Accelerating Industry 4.0}, year = {2024}, month = {3}, day = {7}, volume = {105}, pages = {531-564}, abstract = {Competitive industrial environments impose significant requirements on data sharing as well as the accountability and verifiability of related processes. Here, blockchain technology emerges as a possible driver that satisfies demands even in settings with mutually distrustful stakeholders. We identify significant benefits achieved by blockchain technology for Industry 4.0 but also point out challenges and corresponding design options when applying blockchain technology in the industrial domain. Furthermore, we survey diverse industrial sectors to shed light on the current intersection between blockchain technology and industry, which provides the foundation for ongoing as well as upcoming research. As industrial blockchain applications are still in their infancy, we expect that new designs and concepts will develop gradually, creating both supporting tools and groundbreaking innovations.}, tags = {internet-of-production}, publisher = {Springer}, series = {Advances in Information Security}, chapter = {17}, booktitle = {Blockchains – A Handbook on Fundamentals, Platforms and Applications}, ISBN = {978-3-031-32145-0}, DOI = {10.1007/978-3-031-32146-7_17}, reviewed = {1}, author = {Pennekamp, Jan and Bader, Lennart and Wagner, Eric and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2024-wagner-acns-aggregate, title = {When and How to Aggregate Message Authentication Codes on Lossy Channels?}, year = {2024}, month = {3}, day = {5}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-mac-aggregation.pdf}, booktitle = {22nd International Conference on Applied Cryptography and Network Security (ACNS '24), Abu Dhabi, UAE}, event_place = {Abu Dhabi, UAE}, event_name = {International Conference on Applied Cryptography and Network Security (ACNS)}, event_date = {March 5-9, 2024}, state = {accepted}, reviewed = {1}, author = {Wagner, Eric and Serror, Martin and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2024-dahlmanns-cired, title = {Reliable and Secure Control Center to Station Device Communication}, year = {2024}, abstract = {The increasing demands on the power grid require intelligent and flexible solutions that ensure the grid's stability. Many of these measures involve sophisticated communication between the control center and the stations that is not efficiently realizable using traditional protocols, e.g., IEC 60870-5-104. To this end, IEC 61850 introduces data models which allow flexible communication. Still, the specification leaves open how DSOs should interconnect their stations to realize resilient communication between the control center and station devices. However, DSOs require such communication to adapt modern solutions increasing the grid's capacity, e.g., adaptive protection systems. In this paper, we present our envisioned network and communication concept for future DSO's ICT infrastructures that enables the control center to resiliently and flexibly communicate with station devices. For resilience, we suggest interconnecting each station with two distinct communication paths to the control center, use MPLS-TP and MPTCP for fast failovers when a single link fails, and mTLS to protect the communication possibilities against misuse. Additionally, in accordance with IEC 61850, we envision the control center to communicate with the station devices using MMS by using the station RTU as a proxy.}, tags = {ven2us}, booktitle = {Proceedings of the CIRED workshop on Increasing Distribution Network Hosting Capacity 2024, June 19-20, 2024, Vienna, Austria}, event_place = {Vienna}, event_name = {CIRED workshop on Increasing Distribution Network Hosting Capacity 2024}, event_date = {June 19-20, 2024}, reviewed = {1}, author = {Dahlmanns, Markus and Fink, Ina Berenice and Erichsen, Gerrit and Lin, Guosong and Hammer, Thomas and Borkenhagen, Burkhard and Schneider, Sebastian and Maahsen, Christof and Wehrle, Klaus} }