-
Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication
Authors:
Eric Wagner,
David Heye,
Martin Serror,
Ike Kunze,
Klaus Wehrle,
Martin Henze
Abstract:
Industrial control systems increasingly rely on middlebox functionality such as intrusion detection or in-network processing. However, traditional end-to-end security protocols interfere with the necessary access to in-flight data. While recent work on middlebox-aware end-to-end security protocols for the traditional Internet promises to address the dilemma between end-to-end security guarantees a…
▽ More
Industrial control systems increasingly rely on middlebox functionality such as intrusion detection or in-network processing. However, traditional end-to-end security protocols interfere with the necessary access to in-flight data. While recent work on middlebox-aware end-to-end security protocols for the traditional Internet promises to address the dilemma between end-to-end security guarantees and middleboxes, the current state-of-the-art lacks critical features for industrial communication. Most importantly, industrial settings require fine-grained access control for middleboxes to truly operate in a least-privilege mode. Likewise, advanced applications even require that middleboxes can inject specific messages (e.g., emergency shutdowns). Meanwhile, industrial scenarios often expose tight latency and bandwidth constraints not found in the traditional Internet. As the current state-of-the-art misses critical features, we propose Middlebox-aware DTLS (Madtls), a middlebox-aware end-to-end security protocol specifically tailored to the needs of industrial networks. Madtls provides bit-level read and write access control of middleboxes to communicated data with minimal bandwidth and processing overhead, even on constrained hardware.
△ Less
Submitted 15 December, 2023;
originally announced December 2023.
-
Does It Spin? On the Adoption and Use of QUIC's Spin Bit
Authors:
Ike Kunze,
Constantin Sander,
Klaus Wehrle
Abstract:
Encrypted QUIC traffic complicates network management as traditional transport layer semantics can no longer be used for RTT or packet loss measurements. Addressing this challenge, QUIC includes an optional, carefully designed mechanism: the spin bit. While its capabilities have already been studied in test settings, its real-world usefulness and adoption are unknown. In this paper, we thus invest…
▽ More
Encrypted QUIC traffic complicates network management as traditional transport layer semantics can no longer be used for RTT or packet loss measurements. Addressing this challenge, QUIC includes an optional, carefully designed mechanism: the spin bit. While its capabilities have already been studied in test settings, its real-world usefulness and adoption are unknown. In this paper, we thus investigate the spin bit's deployment and utility on the web.
Analyzing our long-term measurements of more than 200M domains, we find that the spin bit is enabled on ~10% of those with QUIC support and for ~50% / 60% of the underlying IPv4 / IPv6 hosts. The support is mainly driven by medium-sized cloud providers while most hyperscalers do not implement it. Assessing the utility of spin bit RTT measurements, the theoretical issue of reordering does not significantly manifest in our study and the spin bit provides accurate estimates for around 30.5% of connections using the mechanism, but drastically overestimates the RTT for another 51.7%. Overall, we conclude that the spin bit, even though an optional feature, indeed sees use in the wild and is able to provide reasonable RTT estimates for a solid share of QUIC connections, but requires solutions for making its measurements more robust.
△ Less
Submitted 4 October, 2023;
originally announced October 2023.
-
ECN with QUIC: Challenges in the Wild
Authors:
Constantin Sander,
Ike Kunze,
Leo Blöcher,
Mike Kosek,
Klaus Wehrle
Abstract:
TCP and QUIC can both leverage ECN to avoid congestion loss and its retransmission overhead. However, both protocols require support of their remote endpoints and it took two decades since the initial standardization of ECN for TCP to reach 80% ECN support and more in the wild. In contrast, the QUIC standard mandates ECN support, but there are notable ambiguities that make it unclear if and how EC…
▽ More
TCP and QUIC can both leverage ECN to avoid congestion loss and its retransmission overhead. However, both protocols require support of their remote endpoints and it took two decades since the initial standardization of ECN for TCP to reach 80% ECN support and more in the wild. In contrast, the QUIC standard mandates ECN support, but there are notable ambiguities that make it unclear if and how ECN can actually be used with QUIC on the Internet. Hence, in this paper, we analyze ECN support with QUIC in the wild: We conduct repeated measurements on more than 180M domains to identify HTTP/3 websites and analyze the underlying QUIC connections w.r.t. ECN support. We only find 20% of QUIC hosts, providing 6% of HTTP/3 websites, to mirror client ECN codepoints. Yet, mirroring ECN is only half of what is required for ECN with QUIC, as QUIC validates mirrored ECN codepoints to detect network impairments: We observe that less than 2% of QUIC hosts, providing less than 0.3% of HTTP/3 websites, pass this validation. We identify possible root causes in content providers not supporting ECN via QUIC and network impairments hindering ECN. We thus also characterize ECN with QUIC distributedly to traverse other paths and discuss our results w.r.t. QUIC and ECN innovations beyond QUIC.
△ Less
Submitted 25 September, 2023;
originally announced September 2023.
-
Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead
Authors:
Jan Pennekamp,
Anastasiia Belova,
Thomas Bergs,
Matthias Bodenbenner,
Andreas Bührig-Polaczek,
Markus Dahlmanns,
Ike Kunze,
Moritz Kröger,
Sandra Geisler,
Martin Henze,
Daniel Lütticke,
Benjamin Montavon,
Philipp Niemietz,
Lucia Ortjohann,
Maximilian Rudack,
Robert H. Schmitt,
Uwe Vroomen,
Klaus Wehrle,
Michael Zeng
Abstract:
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today's production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspec…
▽ More
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today's production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today's production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.
△ Less
Submitted 17 May, 2023;
originally announced May 2023.
-
Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use
Authors:
Jan Pennekamp,
Erik Buchholz,
Markus Dahlmanns,
Ike Kunze,
Stefan Braun,
Eric Wagner,
Matthias Brockmann,
Klaus Wehrle,
Martin Henze
Abstract:
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative resear…
▽ More
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research.
△ Less
Submitted 21 December, 2021;
originally announced December 2021.
-
Tracking the QUIC Spin Bit on Tofino
Authors:
Ike Kunze,
Constantin Sander,
Klaus Wehrle,
Jan Rüth
Abstract:
QUIC offers security and privacy for modern web traffic by closely integrating encryption into its transport functionality. In this process, it hides transport layer information often used for network monitoring, thus obsoleting traditional measurement concepts. To still enable passive RTT estimations, QUIC introduces a dedicated measurement bit - the spin bit. While simple in its design, tracking…
▽ More
QUIC offers security and privacy for modern web traffic by closely integrating encryption into its transport functionality. In this process, it hides transport layer information often used for network monitoring, thus obsoleting traditional measurement concepts. To still enable passive RTT estimations, QUIC introduces a dedicated measurement bit - the spin bit. While simple in its design, tracking the spin bit at line-rate can become challenging for software-based solutions. Dedicated hardware trackers are also unsuitable as the spin bit is not invariant and can change in the future. Thus, this paper investigates whether P4-programmable hardware, such as the Intel Tofino, can effectively track the spin bit at line-rate. We find that the core functionality of the spin bit can be realized easily, and our prototype has an accuracy close to software-based trackers. Our prototype further protects against faulty measurements caused by reordering and prepares the data according to the needs of network operators, e.g., by classifying samples into pre-defined RTT classes. Still, distinct concepts in QUIC, such as its connection ID, are challenging with current hardware capabilities.
△ Less
Submitted 6 December, 2021;
originally announced December 2021.
-
Video Conferencing and Flow-Rate Fairness: A First Look at Zoom and the Impact of Flow-Queuing AQM
Authors:
Constantin Sander,
Ike Kunze,
Klaus Wehrle,
Jan Rüth
Abstract:
Congestion control is essential for the stability of the Internet and the corresponding algorithms are commonly evaluated for interoperability based on flow-rate fairness. In contrast, video conferencing software such as Zoom uses custom congestion control algorithms whose fairness behavior is mostly unknown. Aggravatingly, video conferencing has recently seen a drastic increase in use - partly ca…
▽ More
Congestion control is essential for the stability of the Internet and the corresponding algorithms are commonly evaluated for interoperability based on flow-rate fairness. In contrast, video conferencing software such as Zoom uses custom congestion control algorithms whose fairness behavior is mostly unknown. Aggravatingly, video conferencing has recently seen a drastic increase in use - partly caused by the COVID-19 pandemic - and could hence negatively affect how available Internet resources are shared. In this paper, we thus investigate the flow-rate fairness of video conferencing congestion control at the example of Zoom and influences of deploying AQM. We find that Zoom is slow to react to bandwidth changes and uses two to three times the bandwidth of TCP in low-bandwidth scenarios. Moreover, also when competing with delay aware congestion control such as BBR, we see high queuing delays. AQM reduces these queuing delays and can equalize the bandwidth use when used with flow-queuing. However, it then introduces high packet loss for Zoom, leaving the question how delay and loss affect Zoom's QoE. We hence show a preliminary user study in the appendix which indicates that the QoE is at least not improved and should be studied further.
△ Less
Submitted 2 July, 2021;
originally announced July 2021.
-
L, Q, R, and T -- Which Spin Bit Cousin Is Here to Stay?
Authors:
Ike Kunze,
Klaus Wehrle,
Jan Rüth
Abstract:
Network operators utilize traffic monitoring to locate and fix faults or performance bottlenecks. This often relies on intrinsic protocol semantics, e.g., sequence numbers, that many protocols share implicitly through their packet headers. The arrival of (almost) fully encrypted transport protocols, such as QUIC, significantly complicates this monitoring as header data is no longer visible to pass…
▽ More
Network operators utilize traffic monitoring to locate and fix faults or performance bottlenecks. This often relies on intrinsic protocol semantics, e.g., sequence numbers, that many protocols share implicitly through their packet headers. The arrival of (almost) fully encrypted transport protocols, such as QUIC, significantly complicates this monitoring as header data is no longer visible to passive observers. Recognizing this challenge, QUIC offers explicit measurement semantics by exposing the spin bit to measure a flow's RTT. Ongoing efforts in the IETF IPPM working group argue to expose further information and enable the passive quantification of packet loss. This work implements and evaluates four currently proposed measurement techniques (L-, Q-, R-, and T-bit). We find that all techniques generally provide accurate loss estimations, but that longer algorithmic intervals for Q and R, yet foremost for T, complicate detecting very small loss rates or loss on short connections. Deployment combinations of Q & R as well as Q & L, thus, have the best potential for accurately gras** the loss in networks.
△ Less
Submitted 25 June, 2021;
originally announced June 2021.
-
An Empirical View on Content Provider Fairness
Authors:
Jan Rüth,
Ike Kunze,
Oliver Hohlfeld
Abstract:
Congestion control is an indispensable component of transport protocols to prevent congestion collapse. As such, it distributes the available bandwidth among all competing flows, ideally in a fair manner. However, there exists a constantly evolving set of congestion control algorithms, each addressing different performance needs and providing the potential for custom parametrizations. In particula…
▽ More
Congestion control is an indispensable component of transport protocols to prevent congestion collapse. As such, it distributes the available bandwidth among all competing flows, ideally in a fair manner. However, there exists a constantly evolving set of congestion control algorithms, each addressing different performance needs and providing the potential for custom parametrizations. In particular, content providers such as CDNs are known to tune TCP stacks for performance gains. In this paper, we thus empirically investigate if current Internet traffic generated by content providers still adheres to the conventional understanding of fairness. Our study compares fairness properties of testbed hosts to actual traffic of six major content providers subject to different bandwidths, RTTs, queue sizes, and queueing disciplines in a home-user setting. We find that some employed congestion control algorithms lead to significantly asymmetric bandwidth shares, however, AQMs such as FQ_CoDel are able to alleviate such unfairness.
△ Less
Submitted 17 May, 2019;
originally announced May 2019.