This file was created by the TYPO3 extension bib --- Timezone: UTC Creation date: 2024-12-22 Creation time: 01-22-46 --- Number of references 16 inproceedings 2024_lohmoeller_scematch 2024 12 17 2123-2132 Advances in single-cell RNA sequencing (scRNA-seq) have dramatically enhanced our understanding of cellular functions and disease mechanisms. Despite its potential, scRNA-seq faces significant challenges related to data privacy, cost, and Intellectual Property (IP) protection, which hinder the sharing and collaborative use of these sensitive datasets. In this paper, we introduce a novel method, scE(match), a privacy-preserving tool that facilitates the matching of single-cell clusters between different datasets by relying on scmap as an established projection tool, but without compromising data privacy or IP. scE(match) utilizes homomorphic encryption to ensure that data and unique cell clusters remain confidential while enabling the identification of overlapping cell types for further collaboration and downstream analysis. Our evaluation shows that scE(match) performantly matches cell types across datasets with high precision, addressing both practical and ethical concerns in sharing scRNA-seq data. This approach not only supports secure data collaboration but also fosters advances in biomedical research by reliably protecting sensitive information and IP rights. confidentiality; scmap; privacy-preserving computations; offloading; healthcare rfc;health https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-lohmoeller-scEmatch.pdf IEEE Proceedings of the 23rd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '24), December 17-21, 2024, Sanya, China Sanya, China TrustCom 2024 December 17-21, 2024 accepted en 979-8-3315-0620-9 2324-9013 10.1109/TrustCom63139.2024.00294 1 JohannesLohmöller JannisScheiber RafaelKramann KlausWehrle SikanderHayat JanPennekamp article 2023_lamberts_metrics-sok Journal of Systems Research 2023 10 31 3 1 Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward. internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-lamberts-metrics-sok.pdf eScholarship Publishing 2770-5501 10.5070/SR33162445 1 OlavLamberts KonradWolsing EricWagner JanPennekamp JanBauer KlausWehrle MartinHenze inproceedings 2023_wolsing_ensemble 2023 9 25 14345 102-122 Industrial Intrusion Detection Systems (IIDSs) play a critical role in safeguarding Industrial Control Systems (ICSs) against targeted cyberattacks. Unsupervised anomaly detectors, capable of learning the expected behavior of physical processes, have proven effective in detecting even novel cyberattacks. While offering decent attack detection, these systems, however, still suffer from too many False-Positive Alarms (FPAs) that operators need to investigate, eventually leading to alarm fatigue. To address this issue, in this paper, we challenge the notion of relying on a single IIDS and explore the benefits of combining multiple IIDSs. To this end, we examine the concept of ensemble learning, where a collection of classifiers (IIDSs in our case) are combined to optimize attack detection and reduce FPAs. While training ensembles for supervised classifiers is relatively straightforward, retaining the unsupervised nature of IIDSs proves challenging. In that regard, novel time-aware ensemble methods that incorporate temporal correlations between alerts and transfer-learning to best utilize the scarce training data constitute viable solutions. By combining diverse IIDSs, the detection performance can be improved beyond the individual approaches with close to no FPAs, resulting in a promising path for strengthening ICS cybersecurity. Lecture Notes in Computer Science (LNCS), Volume 14345 Intrusion Detection; Ensemble Learning; ICS internet-of-production, rfc https://jpennekamp.de/wp-content/papercite-data/pdf/wkw+23.pdf Springer Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS '23), September 25-29, 2023, The Hague, The Netherlands The Hague, The Netherlands 28th European Symposium on Research in Computer Security (ESORICS '23) September 25-29, 2023 978-3-031-51475-3 0302-9743 10.1007/978-3-031-51476-0_6 1 KonradWolsing DominikKus EricWagner JanPennekamp KlausWehrle MartinHenze inproceedings 2022_kus_ensemble 2022 12 8 RWTH-2022-10809 Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor different parts of the system, e.g., the network or the physical process. Combining multiple such systems promises to leverage their joint strengths, allowing the detection of a wider range of attacks due to their diverse specializations and reducing false positives. We study this concept's feasibility with initial results of various methods to combine detectors. rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-ensemble-poster.pdf RWTH Aachen University 38th Annual Computer Security Applications Conference (ACSAC '22), December 5-9, 2022, Austin, TX, USA RWTH Aachen University Austin, TX, USA 38th Annual Computer Security Applications Conference (ACSAC '22) December 5-9, 2022 10.18154/RWTH-2022-10809 1 DominikKus KonradWolsing JanPennekamp EricWagner MartinHenze KlausWehrle proceedings 2022-wolsing-radarsec 2022 9 rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-radar.pdf IEEE Edmonton, Canada 47th IEEE Conference on Local Computer Networks (LCN) September 26-29, 2022 10.1109/LCN53696.2022.9843801 1 KonradWolsing AntoineSaillard JanBauer EricWagner Christianvan Sloun Ina BereniceFink MariSchmidt KlausWehrle MartinHenze inproceedings 2022_dahlmanns_tlsiiot 2022 5 31 252-266 The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space. Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security. industrial communication; network security; security configuration internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-dahlmanns-asiaccs.pdf ACM Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan Nagasaki, Japan ASIACCS '22 May 30-June 3, 2022 978-1-4503-9140-5/22/05 10.1145/3488932.3497762 1 MarkusDahlmanns JohannesLohmöller JanPennekamp JörnBodenhausen KlausWehrle MartinHenze inproceedings 2022_kus_iids_generalizability 2022 5 30 73-84 Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks. anomaly detection; machine learning; industrial control system internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf ACM Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan 978-1-4503-9176-4/22/05 10.1145/3494107.3522773 1 DominikKus EricWagner JanPennekamp KonradWolsing Ina BereniceFink MarkusDahlmanns KlausWehrle MartinHenze inproceedings 2021_dahlmanns_entrust 2021 4 28 78–87 The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems. cyber-physical system security; publish-subscribe security; end-to-end security internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf ACM Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA Virtual Event, USA ACM Workshop on Secure and Trustworthy Cyber-Physical Systems April 28, 2021 978-1-4503-8319-6/21/04 10.1145/3445969.3450423 1 MarkusDahlmanns JanPennekamp Ina BereniceFink BerndSchoolmann KlausWehrle MartinHenze inproceedings 2020-dahlmanns-imc-opcua 2020 10 27 101-110 Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols. industrial communication; network security; security configuration internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf ACM Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA Pittsburgh, PA, USA ACM Internet Measurement Conference 2020 October 27-29, 2020 978-1-4503-8138-3/20/10 10.1145/3419394.3423666 1 MarkusDahlmanns JohannesLohmöller Ina BereniceFink JanPennekamp KlausWehrle MartinHenze inproceedings 2020_roepert_opcua 2020 4 2 To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors. internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf en University of Tübingen Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany Tübingen, Germany April 2-3, 2020 10.15496/publikation-41813 1 LinusRoepert MarkusDahlmanns Ina BereniceFink JanPennekamp MartinHenze inproceedings 2019_wagner_dispute_resolution 2019 5 Blockchain systems promise to mediate interactions of mutually distrusting parties without a trusted third party. However, protocols with full smart contract-based security are either limited in functionality or complex, with high costs for secured interactions. This observation leads to the development of protocol-specific schemes to avoid costly dispute resolution in case all participants remain honest. In this paper, we introduce SmartJudge, an extensible generalization of this trend for smart contract-based two-party protocols. SmartJudge relies on a protocol-independent mediator smart contract that moderates two-party interactions and only consults protocol-specific verifier smart contracts in case of a dispute. This way, SmartJudge avoids verification costs in absence of disputes and sustains interaction confidentiality among honest parties. We implement verifier smart contracts for cross-blockchain trades and exchanging digital goods and show that SmartJudge can reduce costs by 46-50% and 22% over current state of the art, respectively. Ethereum,Bitcoin,smart contracts,two-party protocols,dispute resolution,cross-blockchain trades mynedata, impact-digital, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-wagner-dispute.pdf IEEE IEEE International Conference on Blockchain and Cryptocurrency 2019 (ICBC 2019) Seoul, South Korea IEEE International Conference on Blockchain and Cryptocurrency 2019 English 10.1109/BLOC.2019.8751312 1 EricWagner AchimVölker FrederikFuhrmann RomanMatzutt KlausWehrle inproceedings 2018-bader-ethereum-car-insurance 2018 12 9 mynedata, internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-bader-ethereum-car-insurance.pdf https://ieeexplore.ieee.org/document/8644136 IEEE 2018 IEEE Globecom Workshops (GC Wkshps) Abu Dhabi, United Arab Emirates 1st International Workshop on Blockchain in IoT, co-located with IEEE Globecom 2018 2018-12-09 10.1109/GLOCOMW.2018.8644136 1 LennartBader Jens ChristophBürger RomanMatzutt KlausWehrle article 2016-fgcs-ziegeldorf-bitcoin Future Generation Computer Systems 2018 3 80 448-466 Pseudonymity, anonymity, and untraceability rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-ziegeldorf-fgcs-bitcoin.pdf Online Elsevier en 0167-739X 10.1016/j.future.2016.05.018 1 Jan HenrikZiegeldorf RomanMatzutt MartinHenze FredGrossmann KlausWehrle article 2017-ziegeldorf-bmcmedgenomics-bloom BMC Medical Genomics 2017 7 26 10 Suppl 2 29-42 Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude. Proceedings of the 5th iDASH Privacy and Security Workshop 2016 Secure outsourcing; Homomorphic encryption; Bloom filters sscilops;mynedata;rfc;health https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf Online BioMed Central Chicago, IL, USA November 11, 2016 en 1755-8794 10.1186/s12920-017-0277-y 1 Jan HenrikZiegeldorf JanPennekamp DavidHellmanns FelixSchwinger IkeKunze MartinHenze JensHiller RomanMatzutt KlausWehrle inproceedings 2014-ziegeldorf-codaspy-coinparty 2015 3 2 rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2015/2015-ziegeldorf-codaspy-coinparty.pdf Online ACM The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY 2015), San Antonio, TX, USA San Antonio, TX, USA The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY 2015) en 978-1-4503-3191-3 10.1145/2699026.2699100 1 Jan HenrikZiegeldorf FredGrossmann MartinHenze NicolasInden KlausWehrle poster 2014-wisec-ziegeldorf-ipin 2014 7 23 rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2014/2014-ziegeldorf-poster-wisec.pdf 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '14) (Poster) en 10.13140/2.1.2847.4886 1 Jan HenrikZiegeldorf NicolaiViol MartinHenze KlausWehrle