A5063048519- Network Security and Intrusion Detection
- Smart Grid Security and Resilience
- Cloud Data Security Solutions
- Blockchain Technology Applications and Security
- IoT and Edge/Fog Computing
- Advanced Malware Detection Techniques
- Internet Traffic Analysis and Secure E-voting
- Anomaly Detection Techniques and Applications
- Privacy-Preserving Technologies in Data
- Cryptography and Data Security
- Caching and Content Delivery
- Information and Cyber Security
- Physical Unclonable Functions (PUFs) and Hardware Security
- Security and Verification in Computing
- Software-Defined Networks and 5G
- Privacy, Security, and Data Protection
- Advanced Steganography and Watermarking Techniques
- Security in Wireless Sensor Networks
- Cloud Computing and Resource Management
- Digital Transformation in Industry
- Cryptographic Implementations and Security
- Cooperative Communication and Network Coding
- Digital and Cyber Forensics
- Advanced Authentication Protocols Security
- Superconducting Materials and Applications
Fraunhofer Institute for Communication, Information Processing and Ergonomics
2019-2024
RWTH Aachen University
2015-2024
University of British Columbia
2023
University of North Carolina at Chapel Hill
2023
Boston University
2023
Bauer Research Foundation
2023
Technical University of Darmstadt
2023
Fraunhofer Society
2021
Battery Park
2021
The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by client) of encrypted and anonymized connections observing patterns data flows such as packet size direction.This can be performed local passive eavesdropper -one weakest adversaries in attacker model anonymization networks Tor.In this paper, we present novel attack.Based on simple comprehensible idea, our approach outperforms all state-of-the-art methods terms classification accuracy while being...
Given the tremendous success of Internet Things in interconnecting consumer devices, we observe a natural trend to likewise interconnect devices industrial settings, referred as or Industry 4.0. While this coupling components provides many benefits, it also introduces serious security challenges. Although sharing similarities with Things, securing its own challenges but opportunities, mainly resulting from longer lifetime and larger scale networks. In article, identify unique goals which,...
Increasing volatilities within power transmission and distribution force grid operators to amplify their use of communication infrastructure monitor control grid. The resulting increase in creates a larger attack surface for malicious actors. Indeed, cyber attacks on grids have already succeeded causing temporary, large-scale blackouts the recent past. In this paper, we analyze derive fundamental challenges with respect cybersecurity. Based these challenges, identify broad set vectors...
6LoWPAN is an IPv6 adaptation layer that defines mechanisms to make IP connectivity viable for tightly resource-constrained devices communicate over low power, lossy links such as IEEE 802.15.4. It expected be used in a variety of scenarios ranging from home automation industrial control systems. To support the transmission packets exceeding maximum frame size link layer, packet fragmentation mechanism. However, best effort semantics fragment transmissions, lack authentication at and scarce...
New levels of cross-domain collaboration between manufacturing companies throughout the supply chain are anticipated to bring benefits both suppliers and consumers products. Enabling a fine-grained sharing analysis data among different stakeholders in an automated manner, such vision Internet Production (IoP) introduces demanding challenges communication, storage, computation infrastructure production environments. In this work, we present three example cases that would benefit from IoP (a...
Bitcoin is a digital currency that uses anonymous cryptographic identities to achieve financial privacy. However, Bitcoin's promise of anonymity broken as recent work shows how blockchain exposes users reidentification and linking attacks. In consequence, different mixing services have emerged which randomly mix user's Bitcoins with other users' coins provide based on the unlinkability mixing. proposed approaches suffer either from weak security guarantees single points failure, or small...
The Internet of Production (IoP) envisions the interconnection previously isolated CPS in area manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality well reduced development costs time market. This will lead a plethora new dataflows, especially between (partially) distrusting entities. In this paper, we identify illustrate these envisioned inter-organizational dataflows participating entities alongside two real-world use cases...
The increasing interconnection of industrial networks exposes them to an ever-growing risk cyber attacks. To reveal such attacks early and prevent any damage, intrusion detection searches for anomalies in otherwise predictable communication or process behavior. However, current efforts mostly focus on specific domains protocols, leading a research landscape broken up into isolated silos. Thus, existing approaches cannot be applied other industries that would equally benefit from powerful...
Ubiquitous sensing environments such as sensor networks collect large amounts of data. This data volume is destined to grow even further with the vision Internet Things. Cloud computing promises elastically store and process As an additional benefit, storage processing in enables efficient aggregation analysis information from different sources. However, often contains privacy-relevant or otherwise sensitive information. For current platforms, owner looses control over her once it enters...
Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, smart contracts. However, recent studies show that can be (mis) used to store arbitrary content. This has already been arguably objectionable content on Bitcoin's blockchain. Already single instances clearly or even illegal...
The emerging Internet of Things (IoT) promises value-added services for private and business applications. However, especially the industrial IoT often faces tough communication latency boundaries, e.g., to react production errors, realize human-robot interaction, or counter fluctuations in smart grids. Simultaneously, devices must apply security measures such as encryption integrity protection guard secrets prevent sabotage. As processing requires significant time, goals secure low...
The proliferation of the Internet Things (IoT) in context smart homes entails new security risks threatening privacy and safety end users. In this paper, we explore design space in-network for home networks, which automatically complements existing mechanisms with a rule-based approach, i. e., every IoT device provides specification required communication to fulfill desired services. our router as central network component then enforces these rules traffic filtering anomaly detection...
Large-scale cyber-physical systems such as manufacturing lines generate vast amounts of data to guarantee precise control their machinery. Visions the Industrial Internet Things aim at making this available also computation outside increase productivity and product quality. However, rising complexities decisions push existing infrastructure for transmission, storage, processing its limits. In paper, we exemplarily study a fine blanking line which can produce up 6.2 Gbit/s worth showcase...
An increasing number of IoT scenarios involve mobile, resource-constrained devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information device owners, e.g., daily routines or secret supply chain procedures, when sniffing communication and linking owner. Furthermore, do not provide with any protection against attacks from the Internet. Anonymous using onion routing provides a well-proven mechanism to keep...
The ongoing trend to move industrial appliances from previously isolated networks the Internet requires fundamental changes in security uphold secure and safe operation. Consequently, ensure end-to-end communication authentication, (i) traditional protocols, e.g., Modbus, are retrofitted with TLS support, (ii) modern MQTT, directly designed use TLS. To understand whether these indeed lead Industrial of Things deployments, i.e., using TLS-based which configured according best practices, we...
Internet of Things devices are envisioned to penetrate essentially all aspects life, including homes and urban spaces, in use cases such as health care, assisted living, smart cities. One often proposed solution for dealing with the massive amount data collected by these offering services on top them is federation cloud computing. However, user acceptance systems a critical factor that hinders adoption this promising approach due severe privacy concerns. We present UPECSI, an user-driven...
Network-based deployments within the Internet of Things increasingly rely on cloud-controlled federation individual networks to configure, authorize, and manage devices across network borders. While this approach allows convenient reliable interconnection networks, it raises severe security safety concerns. These concerns range from a curious cloud provider accessing confidential data malicious being able physically control safety-critical devices. To overcome these concerns, we present...
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer the Internet, mandating secure communication. However, securely setting up OPC UA, prime candidate communication, is challenging due a large variety of insecure options. To study whether Internet-facing UA appliances are configured securely, we actively scan IPv4 address space publicly reachable systems assess security their configurations. We observe problematic...
The ongoing digitization of industrial manufacturing leads to a decisive change in communication paradigms. Moving from traditional one-to-one many-to-many communication, publish/subscribe systems promise more dynamic and efficient exchange data. However, the resulting significantly complex relationships render end-to-end security futile for sufficiently protecting sensitive safety-critical data transmitted systems. Most notably, central message brokers inherent introduce designated weak...
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations. As manually creating these behavioral models is tedious error-prone, research focuses machine learning train them automatically, achieving rates upwards of 99%. However, approaches are typically trained not only benign traffic but also then evaluated against the same type attack used training....
The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase susceptibility to cyberattacks, potentially leading blackouts physical damage. Understanding involved risks, interplay assets, effects cyberattacks are paramount for uninterrupted operation this critical infrastructure. However, as impact cannot be researched in real-world grids, current efforts tend focus on analyzing isolated aspects at small scales, often covering only...