This file was created by the TYPO3 extension bib --- Timezone: UTC Creation date: 2024-11-21 Creation time: 15-51-51 --- Number of references 18 inproceedings 2024-fink-cired 2024 11 7 Resilient communication is essential for reliably exchanging parameters and measurements in distribution systems. Thus, deploying redundant hardware for both local and wide area communication, along with protocols that leverage these redundancies for automatic and timely failovers, is fundamental. This paper presents a comprehensive overview of key protocols (PRP/HSR, MPLS-TP, and MPTCP) which offer robust recovery mechanisms. Additionally, it provides a specific concept and topology that effectively combine the presented protocols to ensure resilient communication from the control center to substation devices. ven2us Proceedings of the CIRED Chicago Workshop 2024 on Resilience of Electric Distribution Systems, November 7-8, 2024, Chicago, USA Chicago CIRED Chicago Workshop 2024 on Resilience of Electric Distribution Systems November 7-8, 2024 accepted 1 Ina BereniceFink MarkusDahlmanns GerritErichsen KlausWehrle inproceedings 2024-dahlmanns-cired 2024 6 19 The increasing demands on the power grid require intelligent and flexible solutions that ensure the grid's stability. Many of these measures involve sophisticated communication between the control center and the stations that is not efficiently realizable using traditional protocols, e.g., IEC 60870-5-104. To this end, IEC 61850 introduces data models which allow flexible communication. Still, the specification leaves open how DSOs should interconnect their stations to realize resilient communication between the control center and station devices. However, DSOs require such communication to adapt modern solutions increasing the grid's capacity, e.g., adaptive protection systems. In this paper, we present our envisioned network and communication concept for future DSO's ICT infrastructures that enables the control center to resiliently and flexibly communicate with station devices. For resilience, we suggest interconnecting each station with two distinct communication paths to the control center, use MPLS-TP and MPTCP for fast failovers when a single link fails, and mTLS to protect the communication possibilities against misuse. Additionally, in accordance with IEC 61850, we envision the control center to communicate with the station devices using MMS by using the station RTU as a proxy. ven2us Proceedings of the CIRED workshop on Increasing Distribution Network Hosting Capacity 2024, June 19-20, 2024, Vienna, Austria Vienna CIRED workshop on Increasing Distribution Network Hosting Capacity 2024 June 19-20, 2024 10.1049/icp.2024.2096 1 MarkusDahlmanns Ina BereniceFink GerritErichsen GuosongLin ThomasHammer BurkhardBorkenhagen SebastianSchneider ChristofMaahsen KlausWehrle poster 2024-fink-sul 2024 3 5 19 ven2us VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik, March 05-06, 2024, Leipzig, Germany Leipzig, Germany VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik March 05-06, 2024 1 Ina BereniceFink MarkusDahlmanns KlausWehrle inproceedings 2023_pennekamp_benchmarking_comparison 2023 6 15 13901 489-505 Benchmarking is an essential tool for industrial organizations to identify potentials that allows them to improve their competitive position through operational and strategic means. However, the handling of sensitive information, in terms of (i) internal company data and (ii) the underlying algorithm to compute the benchmark, demands strict (technical) confidentiality guarantees—an aspect that existing approaches fail to address adequately. Still, advances in private computing provide us with building blocks to reliably secure even complex computations and their inputs, as present in industry benchmarks. In this paper, we thus compare two promising and fundamentally different concepts (hardware- and software-based) to realize privacy-preserving benchmarks. Thereby, we provide detailed insights into the concept-specific benefits. Our evaluation of two real-world use cases from different industries underlines that realizing and deploying secure information systems for industry benchmarking is possible with today's building blocks from private computing. Lecture Notes in Computer Science (LNCS), Volume 13901 real-world computing; trusted execution environments; homomorphic encryption; key performance indicators; benchmarking internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-industry-benchmarking.pdf Springer Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain Zaragoza, Spain 35th International Conference on Advanced Information Systems Engineering (CAiSE '23) June 12-16, 2023 978-3-031-34559-3 0302-9743 10.1007/978-3-031-34560-9_29 1 JanPennekamp JohannesLohmöller EduardVlad JoschaLoos NiklasRodemann PatrickSapel Ina BereniceFink SethSchmitz ChristianHopmann MatthiasJarke GüntherSchuh KlausWehrle MartinHenze inproceedings 2023-lorz-cired 2023 3286-3290 ven2us 27th International Conference on Electricity Distribution (CIRED 2023), Rome, Italy, June 12-15, 2023 Rome, Italy International Conference & Exhibition on Electricity Distribution (CIRED) June 12-15, 2023 10.1049/icp.2023.0864 1 TobiasLorz JohannJaeger AntigonaSelimaj ImmanuelHacker AndreasUlbig Jan-PeterHeckel ChristianBecker MarkusDahlmanns Ina BereniceFink KlausWehrle GerritErichsen MichaelSchindler RainerLuxenburger GuosongLin proceedings 2022-wolsing-radarsec 2022 9 rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-wolsing-radar.pdf IEEE Edmonton, Canada 47th IEEE Conference on Local Computer Networks (LCN) September 26-29, 2022 10.1109/LCN53696.2022.9843801 1 KonradWolsing AntoineSaillard JanBauer EricWagner Christianvan Sloun Ina BereniceFink MariSchmidt KlausWehrle MartinHenze inproceedings 2022_kus_iids_generalizability 2022 5 30 73-84 Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99 %. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates dropping to between 3.2 % and 14.7 % for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks. anomaly detection; machine learning; industrial control system internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kus-iids-generalizability.pdf ACM Proceedings of the 8th ACM Cyber-Physical System Security Workshop (CPSS '22), co-located with the 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan 978-1-4503-9176-4/22/05 10.1145/3494107.3522773 1 DominikKus EricWagner JanPennekamp KonradWolsing Ina BereniceFink MarkusDahlmanns KlausWehrle MartinHenze inproceedings 2022-lorenz-ven2us 2022 Power grids are increasingly faced with the introduction of decentralized, highly volatile power supplies from renewable energies and high loads occurring from e-mobility. However, today’s static grid protection cannot manage all upcoming conditions while providing a high level of dependability and security. It forms a bottleneck of a future decarbonizing grid development. In our research project, we develop and verify an adaptive grid protection algorithm. It calculates situation dependent protection parameters for the event of power flow shifts and topology changes caused by volatile power supplies due to the increase of renewable generation and the rapid expansion of e-mobility. As a result the distribution grid can be operated with the optimally adapted protection parameters and functions for changing operating states. To safely adjust the values on protection hardware in the field, i.e., safe from hardware failures and cyberattacks, we research resilient and secure communication concepts for the adaptive and interconnected grid protection system. Finally, we validate our concept and system by demonstrations in the laboratory and field tests. ven2us Proceedings of the CIRED workshop on E-mobility and power distribution systems 2022, June 2-3, 2022, Porto, Portugal Porto CIRED workshop on E-mobility and power distribution systems 2022 June 2-3, 2022 10.1049/icp.2022.0768 1 MatthiasLorenz Tobias MarkusPletzer MalteSchuhmacher TorstenSowa MichaelDahms SimonStock DavoodBabazadeh ChristianBecker JohannJaeger TobiasLorz MarkusDahlmanns Ina BereniceFink KlausWehrle AndreasUlbig PhilippLinnartz AntigonaSelimaj ThomasOffergeld proceedings fink-lcn-demons-2021 2021 10 4 nerd-nrw https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-fink-lcn-demons.pdf IEEE online Edmonton, Canada 46th IEEE Conference on Local Computer Networks (LCN) October 4-7, 2021 10.1109/LCN52139.2021.9524879 1 Ina BereniceFink MartinSerror KlausWehrle inproceedings 2021_dahlmanns_entrust 2021 4 28 78–87 The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render traditional end-to-end security futile for sufficiently protecting the sensitive and safety-critical data transmitted in industrial systems. Most notably, the central message brokers inherent in publish/subscribe systems introduce a designated weak spot for security as they can access all communication messages. To address this issue, we propose ENTRUST, a novel solution for key server-based end-to-end security in publish/subscribe systems. ENTRUST transparently realizes confidentiality, integrity, and authentication for publish/subscribe systems without any modification of the underlying protocol. We exemplarily implement ENTRUST on top of MQTT, the de-facto standard for machine-to-machine communication, showing that ENTRUST can integrate seamlessly into existing publish/subscribe systems. cyber-physical system security; publish-subscribe security; end-to-end security internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-dahlmanns-entrust.pdf ACM Proceedings of the 1st ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS '21), co-located with the 11th ACM Conference on Data and Application Security and Privacy (CODASPY '21), April 26-28, 2021, Virtual Event, USA Virtual Event, USA ACM Workshop on Secure and Trustworthy Cyber-Physical Systems April 28, 2021 978-1-4503-8319-6/21/04 10.1145/3445969.3450423 1 MarkusDahlmanns JanPennekamp Ina BereniceFink BerndSchoolmann KlausWehrle MartinHenze inproceedings 2020_pennekamp_benchmarking 2020 12 15 31-44 Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of companies using secure multi-party computation or homomorphic encryption. However, related work so far does not consider that also the benchmarking algorithm, used in today's applied real-world scenarios to compute all relevant statistics, itself contains significant intellectual property, and thus needs to be protected. Addressing this issue, we present PCB — a practical design for Privacy-preserving Company Benchmarking that utilizes homomorphic encryption and a privacy proxy — which is specifically tailored for realistic real-world applications in which we protect companies' sensitive input data and the valuable algorithms used to compute underlying key performance indicators. We evaluate PCB's performance using synthetic measurements and showcase its applicability alongside an actual company benchmarking performed in the domain of injection molding, covering 48 distinct key performance indicators calculated out of hundreds of different input values. By protecting the privacy of all participants, we enable them to fully profit from the benefits of company benchmarking. practical encrypted computing; homomorphic encryption; algorithm confidentiality; benchmarking; key performance indicators; industrial application; Internet of Production internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-pennekamp-company-benchmarking.pdf https://eprint.iacr.org/2020/1512 HomomorphicEncryption.org Proceedings of the 8th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC '20), December 15, 2020, Virtual Event Virtual Event December 15, 2020 978-3-00-067798-4 10.25835/0072999 1 JanPennekamp PatrickSapel Ina BereniceFink SimonWagner SebastianReuter ChristianHopmann KlausWehrle MartinHenze proceedings fink-lcn-demons-2020 2020 11 15 nerd-nrw https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-fink-lcn-mud-smartphone.pdf IEEE online Sydney, Australia 45th IEEE Conference on Local Computer Networks (LCN) November 16-19, 2020 10.1109/LCN48667.2020.9314782 1 Ina BereniceFink MartinSerror KlausWehrle inproceedings 2020-dahlmanns-imc-opcua 2020 10 27 101-110 Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols. industrial communication; network security; security configuration internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-dahlmanns-imc-opcua.pdf ACM Proceedings of the Internet Measurement Conference (IMC '20), October 27-29, 2020, Pittsburgh, PA, USA Pittsburgh, PA, USA ACM Internet Measurement Conference 2020 October 27-29, 2020 978-1-4503-8138-3/20/10 10.1145/3419394.3423666 1 MarkusDahlmanns JohannesLohmöller Ina BereniceFink JanPennekamp KlausWehrle MartinHenze inproceedings 2020_roepert_opcua 2020 4 2 To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors. internet-of-production, rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-roepert-opcua-security.pdf en University of Tübingen Proceedings of the 1st ITG Workshop on IT Security (ITSec '20), April 2-3, 2020, Tübingen, Germany Tübingen, Germany April 2-3, 2020 10.15496/publikation-41813 1 LinusRoepert MarkusDahlmanns Ina BereniceFink JanPennekamp MartinHenze article 2019-csf-date Scientific Reports 2019 4 17 9 1 6196. https://www.nature.com/articles/s41598-019-42549-4 06.09.2019 6196 https://doi.org/10.1038/s41598-019-42549-4 1 1 PriyaDate PascalAckermann CharutaFurey Ina BereniceFink StephanJonas Mustafa K.Khokha Kristophe T.Kahle EnginDeniz inproceedings 2017-henze-mobiquitous-comparison 2017 11 7 543-544 trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-comparison.pdf Online ACM Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous) - Poster Session, Melbourne, VIC, Australia en 978-1-4503-5368-7 10.1145/3144457.3144511 1 MartinHenze RitsumaInaba Ina BereniceFink Jan HenrikZiegeldorf conference 2017-fink-brainlab-gmds 2017 8 29 Best Abstract Award https://www.egms.de/static/en/meetings/gmds2017/17gmds137.shtml 06.09.19 German Medical Science GMS Publishing House (2017) 62. Jahrestagung der Deutschen Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS). Oldenburg GMDS 2017 17-21 September 2017 10.3205/17gmds137 1 Ina BereniceFink BerndHankammer ThomasStopinski YannicTitgemeyer RoannRamos EkaterinaKutafina Jó AgilaBitsch Stephan MichaelJonas conference 2017-fink-brainlab 2017 4 24 2 /fileadmin/papers/2017/2017-fink-brainlab.pdf http://informaticsforhealth.org/wp-content/uploads/2017/04/IFH2017-Digital-Programme.pdf 2017-05-09 Online Informatics for Health 2017, Manchester UK Manchester, UK Informatics for Health 2017, Manchester UK 24-26 April 2017 en 1 Ina BereniceFink BerndHankammer ThomasStopinsky RoannRamos EkaterinaKutafina Jó AgilaBitsch Link StephanJonas