Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things

Dahlmanns, Markus; Lohmöller, Johannes; Pennekamp, Jan; Bodenhausen, Jörn; Wehrle, Klaus; Henze, Martin; Pennekamp, Jan; Buchholz, Erik; Lockner, Yannik; Dahlmanns, Markus; Xi, Tiandong; Fey, Marcel; Brecher, Christian; Hopmann, Christian; Wehrle, Klaus; Hiller, Jens; Amann, Johanna; Hohlfeld, Oliver; Dahlmanns, Markus; Lohmöller, Johannes; Fink, Ina Berenice; Pennekamp, Jan; Wehrle, Klaus; Henze, Martin; Hiller, Jens; Pennekamp, Jan; Dahlmanns, Markus; Henze, Martin; Panchenko, Andriy; Wehrle, Klaus; Matzutt, Roman; Hiller, Jens; Henze, Martin; Ziegeldorf, Jan Henrik; Müllmann, Dirk; Hohlfeld, Oliver; Wehrle, Klaus; Ziegeldorf, Jan Henrik; Metzke, Jan; Rüth, Jan; Henze, Martin; Wehrle, Klaus; Henze, Martin; Hiller, Jens; Schmerling, Sascha; Ziegeldorf, Jan Henrik; Wehrle, Klaus; Panchenko, Andriy; Lanze, Fabian; Zinnen, Andreas; Henze, Martin; Pennekamp, Jan; Wehrle, Klaus; Engel, Thomas

doi:10.1145/3488932.3497762

Security and Privacy Group

The research vision of the Security and Privacy Group at COMSYS is the analysis, design, and evaluation of secure and privacy-preserving communication systems.

To realize this vision, we most notably craft novel security and privacy architectures, paradigms, and mechanisms as well as improve upon existing approaches to security and privacy. We consider all types of systems and networks, e.g. ranging from highly resource-constrained IoT networks to distributed (peer-to-peer) applications and networks and large-scale Cloud deployments.

Our used and developed technologies range from soft privacy solutions such as semantic annotations and behavioral nudges to applied cryptography for strong and provable security and privacy guarantees.

The close cooperation with the other research groups at COMSYS allows us to work closely with domain experts from various types of communication systems.

Currently, we pursue this research vision by tackling the following research topics:

Security and Privacy in the Industrial Internet of Things (IIoT)
- Enabling privacy-sensitive dataflows between different (mistrusting) stakeholders
- Protocol design with existing building blocks (e.g., Bloom filter, HE, PSI, OT, ...) to offer novel use cases
- Detecting, analyzing, and restricting network flows in the IIoT to improve the network security
- Secure integration of legacy industrial devices into communication over the Internet
Network Security for the IP-based Internet of Things
- Secure end-to-end communication of highly resource-constrained devices
- Delegation of security tasks to less resource-constrained gateways
Privacy Enhancing Techniques (PETs)
- Studying and improving popular anonymization networks (e.g., Website Fingerprinting in Tor)
- Quantitative modeling of privacy protection and risk (e.g., Differential Privacy)
- Privacy in distributed scenarios (e.g., Participatory Sensing)
- Reconciling PETs and user perception of privacy (e.g., empirical user studies)
- Application of Secure Two-Party and Multi-Party Computation
Blockchain Technology
- Analysis of the applicability and usability of blockchain systems
- Improving existing blockchain systems (e.g., Bitcoin security and privacy, scalability)
- Resolving trust issues in real-world use cases using public or private blockchains
- Novel privacy-enhancing technologies backed by blockchains
Security and Privacy in Cloud-based Systems
- Alternatives to traditional cloud computing
- Awareness of the usage of cloud services
- Cloud operations that respect data handling requirements
- Scalable and secure infrastructures for cloud operations
- Secure and privacy-preserving outsourcing of sensitive data to the cloud

Projects

Current Projects

IoP: Internet of Prodution for enabling a new level of cross-domain collaboration for production (DFG EXC, 2019-2025+)
VeN²uS: VerNetzte NetzschUtzSysteme / Networked Grid Protection Systems – Adaptive and Networked (BMWK, 2021-2024)

Selected Past Projects

CONSENT: Conformance-driven and Auto-configured Security for Home and Industrial Networks (NERD.NRW, 2018-2021)
CONNECT: Innovative Smart Components, Modules and Appliances for a Truly Connected, Efficient and Secure Smart Grid (ECSEL Joint Undertaking, 2017-2021)
Digital Campus (BMBF, DAAD, 2020-2021)
IPACS: Intelligent Privacy-aware Cloud-based Services (DFG EI, 2013-2016)
Mobile ACcess: Mobility and City-wide Communication Environment for Secure Internet Services (IKT.NRW, 2009-2012)
myneData: Self-determined Utilization of Personal Data with Inherent Protection of Privacy and Data (BMBF, 2016-2019)
PREserv: Privacy Enhanced Sensing, Encoding, Relaying & Visualization (IKT.NRW, 2013-2016)
SensorCloud: Trustworthy Management and Analysis of Sensor Data in a Cloud Infrastructure (BMWi, 2012-2014)
SSICLOPS: Scalable and Secure Infrastructures for Cloud Operations (EU H2020, 2015-2018)
TRINICS: Transparent Information on the Individual Usage of Cloud Services (BMBF, 2016-2018)

Researchers

	Markus Dahlmanns, M.Sc. Researcher +49 241 80-21425 markus.dahlmanns(at)comsys.rwth-aachen.de		Ina Berenice Fink, M.Sc. Researcher +49 241 80-21419 ina.fink(at)comsys.rwth-aachen.de
	Johannes Lohmöller, M.Sc. Researcher +49 241 80-21421 johannes.lohmoeller@comsys.rwth-aachen.de		Dr. rer. nat. Jan Pennekamp Postdoctoral Researcher +49 241 80-21411 jan.pennekamp(at)comsys.rwth-aachen.de
	Christian van Sloun, M.Sc. Researcher +49 241 80-21414 christian.van.sloun(at)comsys.rwth-aachen.de

Available Theses

The Security and Privacy Group typically has thesis topics available for motivated and talented students. An excerpt of available theses can be seen from inside the RWTH University network. If you have specific interests, you may contact any group member individually.

Selected Recent Publications

9.	Markus Dahlmanns, Johannes Lohmöller, Jan Pennekamp, Jörn Bodenhausen, Klaus Wehrle, and Martin Henze Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan, page 252-266. Publisher: ACM, May 2022 DOI: 10.1145/3488932.3497762 ISBN: 978-1-4503-9140-5/22/05
8.	Jan Pennekamp, Erik Buchholz, Yannik Lockner, Markus Dahlmanns, Tiandong Xi, Marcel Fey, Christian Brecher, Christian Hopmann, and Klaus Wehrle Privacy-Preserving Production Process Parameter Exchange Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA, page 510-525. Publisher: ACM, December 2020 DOI: 10.1145/3427228.3427248 ISBN: 978-1-4503-8858-0/20/12
7.	Jens Hiller, Johanna Amann, and Oliver Hohlfeld The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), November 9–13, 2020, Virtual Event, USA., page 1289-1306. Publisher: ACM, New York, NY, USA November 2020 DOI: 10.1145/3372297.3423345 https://github.com/pki-xs-analysis
6.	Markus Dahlmanns, Johannes Lohmöller, Ina Berenice Fink, Jan Pennekamp, Klaus Wehrle, and Martin Henze Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA, page 101-110. Publisher: ACM, October 2020 DOI: 10.1145/3419394.3423666 ISBN: 978-1-4503-8138-3/20/10
5.	Jens Hiller, Jan Pennekamp, Markus Dahlmanns, Martin Henze, Andriy Panchenko, and Klaus Wehrle Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP '19), October 7-10, 2019, Chicago, IL, USA Publisher: IEEE, October 2019 DOI: 10.1109/ICNP.2019.8888033 ISBN: 978-1-7281-2700-2
4.	Roman Matzutt, Jens Hiller, Martin Henze, Jan Henrik Ziegeldorf, Dirk Müllmann, Oliver Hohlfeld, and Klaus Wehrle A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curaçao Publisher: Springer, February 2018 DOI: 10.1007/978-3-662-58387-6_23
3.	Jan Henrik Ziegeldorf, Jan Metzke, Jan Rüth, Martin Henze, and Klaus Wehrle Privacy-Preserving HMM Forward Computation Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY 2017), Scottsdale, AZ, USA, page 83-94. Publisher: ACM, March 2017 DOI: 10.1145/3029806.3029816 ISBN: 978-1-4503-4523-1
2.	Martin Henze, Jens Hiller, Sascha Schmerling, Jan Henrik Ziegeldorf, and Klaus Wehrle CPPL: Compact Privacy Policy Language Proceedings of the 15th Workshop on Privacy in the Electronic Society (WPES), co-located with the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, page 99-110. Publisher: ACM, October 2016 DOI: 10.1145/2994620.2994627 ISBN: 978-1-4503-4569-9
1.	Andriy Panchenko, Fabian Lanze, Andreas Zinnen, Martin Henze, Jan Pennekamp, Klaus Wehrle, and Thomas Engel Website Fingerprinting at Internet Scale Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS '16), February 21-24, 2016, San Diego, CA, USA Publisher: Internet Society, February 2016 DOI: 10.14722/ndss.2016.23477 ISBN: 978-1-891562-41-9 https://www.informatik.tu...e/~andriy/zwiebelfreunde/