-
Do CAA, CT, and DANE Interlink in Certificate Deployments? A Web PKI Measurement Study
Authors:
Pouyan Fotouhi Tehrani,
Raphael Hiesgen,
Teresa Lübeck,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Integrity and trust on the web build on X.509 certificates. Misuse or misissuance of these certificates threaten the Web PKI security model, which led to the development of several guarding techniques. In this paper, we study the DNS/DNSSEC records CAA and TLSA as well as CT logs from the perspective of the certificates in use. Our measurements comprise 4 million popular domains, for which we expl…
▽ More
Integrity and trust on the web build on X.509 certificates. Misuse or misissuance of these certificates threaten the Web PKI security model, which led to the development of several guarding techniques. In this paper, we study the DNS/DNSSEC records CAA and TLSA as well as CT logs from the perspective of the certificates in use. Our measurements comprise 4 million popular domains, for which we explore the existence and consistency of the different extensions. Our findings indicate that CAA is almost exclusively deployed in the absence of DNSSEC, while DNSSEC protected service names tend to not use the DNS for guarding certificates. Even though mainly deployed in a formally correct way, CAA CA-strings tend to not selectively separate CAs, and numerous domains hold certificates beyond the CAA semantic. TLSA records are repeatedly poorly maintained and occasionally occur without DNSSEC.
△ Less
Submitted 2 July, 2024;
originally announced July 2024.
-
Understanding IoT Domain Names: Analysis and Classification Using Machine Learning
Authors:
Ibrahim Ayoub,
Martine S. Lenders,
Benoît Ampeau,
Sandoche Balakrichenan,
Kinda Khawam,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we investigate the domain names of servers on the Internet that are accessed by IoT devices performing machine-to-machine communications. Using machine learning, we classify between them and domain names of servers contacted by other types of devices. By surveying past studies that used testbeds with real-world devices and using lists of top visited websites, we construct lists of d…
▽ More
In this paper, we investigate the domain names of servers on the Internet that are accessed by IoT devices performing machine-to-machine communications. Using machine learning, we classify between them and domain names of servers contacted by other types of devices. By surveying past studies that used testbeds with real-world devices and using lists of top visited websites, we construct lists of domain names of both types of servers. We study the statistical properties of the domain name lists and train six machine learning models to perform the classification. The word embedding technique we use to get the real-value representation of the domain names is Word2vec. Among the models we train, Random Forest achieves the highest performance in classifying the domain names, yielding the highest accuracy, precision, recall, and F1 score. Our work offers novel insights to IoT, potentially informing protocol design and aiding in network security and performance monitoring.
△ Less
Submitted 23 April, 2024;
originally announced April 2024.
-
From Files to Streams: Revisiting Web History and Exploring Potentials for Future Prospects
Authors:
Lucas Vogel,
Thomas Springer,
Matthias Wählisch
Abstract:
Over the last 30 years, the World Wide Web has changed significantly. In this paper, we argue that common practices to prepare web pages for delivery conflict with many efforts to present content with minimal latency, one fundamental goal that pushed changes in the WWW. To bolster our arguments, we revisit reasons that led to changes of HTTP and compare them systematically with techniques to prepa…
▽ More
Over the last 30 years, the World Wide Web has changed significantly. In this paper, we argue that common practices to prepare web pages for delivery conflict with many efforts to present content with minimal latency, one fundamental goal that pushed changes in the WWW. To bolster our arguments, we revisit reasons that led to changes of HTTP and compare them systematically with techniques to prepare web pages. We found that the structure of many web pages leverages features of HTTP/1.1 but hinders the use of recent HTTP features to present content quickly. To improve the situation in the future, we propose fine-grained content segmentation. This would allow to exploit streaming capabilities of recent HTTP versions and to render content as quickly as possible without changing underlying protocols or web browsers.
△ Less
Submitted 23 March, 2024; v1 submitted 12 March, 2024;
originally announced March 2024.
-
How to Measure TLS, X.509 Certificates, and Web PKI: A Tutorial and Brief Survey
Authors:
Pouyan Fotouhi Tehrani,
Eric Osterweil,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Transport Layer Security (TLS) is the base for many Internet applications and services to achieve end-to-end security. In this paper, we provide guidance on how to measure TLS deployments, including X.509 certificates and Web PKI. We introduce common data sources and tools, and systematically describe necessary steps to conduct sound measurements and data analysis. By surveying prior TLS measureme…
▽ More
Transport Layer Security (TLS) is the base for many Internet applications and services to achieve end-to-end security. In this paper, we provide guidance on how to measure TLS deployments, including X.509 certificates and Web PKI. We introduce common data sources and tools, and systematically describe necessary steps to conduct sound measurements and data analysis. By surveying prior TLS measurement studies we find that diverging results are rather rooted in different setups instead of different deployments. To improve the situation, we identify common pitfalls and introduce a framework to describe TLS and Web PKI measurements. Where necessary, our insights are bolstered by a data-driven approach, in which we complement arguments by additional measurements.
△ Less
Submitted 31 January, 2024;
originally announced January 2024.
-
6LoRa: Full Stack IPv6 Networking with DSME-LoRa on Low Power IoT Nodes
Authors:
José Álamos,
Thomas Schmidt,
Matthias Waehlisch
Abstract:
Long range wireless transmission techniques such as LoRa are preferential candidates for a substantial class of IoT applications, as they avoid the complexity of multi-hop wireless forwarding. The existing network solutions for LoRa, however, are not suitable for peer-to-peer communication, which is a key requirement for many IoT applications. In this work, we propose a networking system - 6LoRa,…
▽ More
Long range wireless transmission techniques such as LoRa are preferential candidates for a substantial class of IoT applications, as they avoid the complexity of multi-hop wireless forwarding. The existing network solutions for LoRa, however, are not suitable for peer-to-peer communication, which is a key requirement for many IoT applications. In this work, we propose a networking system - 6LoRa, that enables IPv6 communication over LoRa. We present a full stack system implementation on RIOT OS and evaluate the system on a real testbed using realistic application scenarios with CoAP. Our findings confirm that our approach outperforms existing solutions in terms of transmission delay and packet reception ratio at comparable energy consumption.
△ Less
Submitted 17 July, 2023; v1 submitted 7 July, 2023;
originally announced July 2023.
-
SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots
Authors:
Marcin Nawrocki,
John Kristoff,
Raphael Hiesgen,
Chris Kanich,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we revisit the use of honeypots for detecting reflective amplification attacks. These measurement tools require careful design of both data collection and data analysis including cautious threshold inference. We survey common amplification honeypot platforms as well as the underlying methods to infer attack detection thresholds and to extract knowledge from the data. By systematical…
▽ More
In this paper, we revisit the use of honeypots for detecting reflective amplification attacks. These measurement tools require careful design of both data collection and data analysis including cautious threshold inference. We survey common amplification honeypot platforms as well as the underlying methods to infer attack detection thresholds and to extract knowledge from the data. By systematically exploring the threshold space, we find most honeypot platforms produce comparable results despite their different configurations. Moreover, by applying data from a large-scale honeypot deployment, network telescopes, and a real-world baseline obtained from a leading DDoS mitigation provider, we question the fundamental assumption of honeypot research that convergence of observations can imply their completeness. Conclusively we derive guidance on precise, reproducible honeypot research, and present open challenges.
△ Less
Submitted 24 April, 2023; v1 submitted 9 February, 2023;
originally announced February 2023.
-
PUF for the Commons: Enhancing Embedded Security on the OS Level
Authors:
Peter Kietzmann,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT…
▽ More
Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.
△ Less
Submitted 1 August, 2023; v1 submitted 17 January, 2023;
originally announced January 2023.
-
A Review of Techniques for Ageing Detection and Monitoring on Embedded Systems
Authors:
Leandro Lanzieri,
Gianluca Martino,
Goerschwin Fey,
Holger Schlarb,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Embedded digital devices, such as Field-Programmable Gate Arrays (FPGAs) and Systems on Chip (SoCs), are increasingly used in dependable or safety-critical systems. These commodity devices are subject to notable hardware ageing, which makes failures likely when used for an extended time. It is of vital importance to understand ageing processes and to detect hardware degradations early. In this sur…
▽ More
Embedded digital devices, such as Field-Programmable Gate Arrays (FPGAs) and Systems on Chip (SoCs), are increasingly used in dependable or safety-critical systems. These commodity devices are subject to notable hardware ageing, which makes failures likely when used for an extended time. It is of vital importance to understand ageing processes and to detect hardware degradations early. In this survey, we describe the fundamental ageing mechanisms and review the main techniques for detecting ageing in FPGAs, microcontrollers, SoCs, and power supplies. The main goal of this work is to facilitate future research efforts in this field by presenting all main approaches in an organized way.
△ Less
Submitted 17 January, 2023;
originally announced January 2023.
-
Lisan: Yemeni, Iraqi, Libyan, and Sudanese Arabic Dialect Copora with Morphological Annotations
Authors:
Mustafa Jarrar,
Fadi A Zaraket,
Tymaa Hammouda,
Daanish Masood Alavi,
Martin Waahlisch
Abstract:
This article presents morphologically-annotated Yemeni, Sudanese, Iraqi, and Libyan Arabic dialects Lisan corpora. Lisan features around 1.2 million tokens. We collected the content of the corpora from several social media platforms. The Yemeni corpus (~ 1.05M tokens) was collected automatically from Twitter. The corpora of the other three dialects (~ 50K tokens each) came manually from Facebook a…
▽ More
This article presents morphologically-annotated Yemeni, Sudanese, Iraqi, and Libyan Arabic dialects Lisan corpora. Lisan features around 1.2 million tokens. We collected the content of the corpora from several social media platforms. The Yemeni corpus (~ 1.05M tokens) was collected automatically from Twitter. The corpora of the other three dialects (~ 50K tokens each) came manually from Facebook and YouTube posts and comments.
Thirty five (35) annotators who are native speakers of the target dialects carried out the annotations. The annotators segemented all words in the four corpora into prefixes, stems and suffixes and labeled each with different morphological features such as part of speech, lemma, and a gloss in English. An Arabic Dialect Annotation Toolkit ADAT was developped for the purpose of the annation. The annotators were trained on a set of guidelines and on how to use ADAT. We developed ADAT to assist the annotators and to ensure compatibility with SAMA and Curras tagsets. The tool is open source, and the four corpora are also available online.
△ Less
Submitted 17 December, 2022; v1 submitted 13 December, 2022;
originally announced December 2022.
-
On the Interplay between TLS Certificates and QUIC Performance
Authors:
Marcin Nawrocki,
Pouyan Fotouhi Tehrani,
Raphael Hiesgen,
Jonas Mücke,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup sinc…
▽ More
In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35% of server certificates exceed the amplification limit. Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios. We present guidance for all involved stakeholders to improve the situation.
△ Less
Submitted 4 November, 2022;
originally announced November 2022.
-
IPv6 over Bluetooth Advertisements: An alternative approach to IP over BLE
Authors:
Hauke Petersen,
János Brodbeck,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
The IPv6 over Bluetooth Low Energy (BLE) standard defines the transfer of IP data via BLE connections. This connection-oriented approach provides high reliability but increases packet delays and requires substantial overhead to manage BLE connections. To overcome these drawbacks we present the design and implementation of IPv6 over BLE advertisements, a standard-compliant connection-less approach.…
▽ More
The IPv6 over Bluetooth Low Energy (BLE) standard defines the transfer of IP data via BLE connections. This connection-oriented approach provides high reliability but increases packet delays and requires substantial overhead to manage BLE connections. To overcome these drawbacks we present the design and implementation of IPv6 over BLE advertisements, a standard-compliant connection-less approach. We deploy our proposal on low-power IoT hardware and comparatively measure key network performance metrics in a public testbed. Our results show that IP over BLE advertisements offers network performance characteristics complementary to IP over connection-based BLE, trading lower reliability for shorter~latency.
△ Less
Submitted 12 October, 2022;
originally announced October 2022.
-
Waiting for QUIC: On the Opportunities of Passive Measurements to Understand QUIC Deployments
Authors:
Jonas Mücke,
Marcin Nawrocki,
Raphael Hiesgen,
Patrick Sattler,
Johannes Zirngibl,
Georg Carle,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we study the potentials of passive measurements to gain advanced knowledge about QUIC deployments. By analyzing one month backscatter traffic of the /9 CAIDA network telescope, we are able to make the following observations. First, we can identify different off-net deployments of hypergiants, using packet features such as QUIC source connection IDs (SCID), packet coalescence, and pa…
▽ More
In this paper, we study the potentials of passive measurements to gain advanced knowledge about QUIC deployments. By analyzing one month backscatter traffic of the /9 CAIDA network telescope, we are able to make the following observations. First, we can identify different off-net deployments of hypergiants, using packet features such as QUIC source connection IDs (SCID), packet coalescence, and packet lengths. Second, Facebook and Google configure significantly different retransmission timeouts and maximum number of retransmissions. Third, SCIDs allow further insights into load balancer deployments such as number of servers per load balancer. We bolster our results by active measurements.
△ Less
Submitted 2 September, 2022;
originally announced September 2022.
-
Delay-Tolerant ICN and Its Application to LoRa
Authors:
Peter Kietzmann,
Jose Alamos,
Dirk Kutscher,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Connecting long-range wireless networks to the Internet imposes challenges due to vastly longer round-trip-times (RTTs). In this paper, we present an ICN protocol framework that enables robust and efficient delay-tolerant communication to edge networks. Our approach provides ICN-idiomatic communication between networks with vastly different RTTs. We applied this framework to LoRa, enabling end-to-…
▽ More
Connecting long-range wireless networks to the Internet imposes challenges due to vastly longer round-trip-times (RTTs). In this paper, we present an ICN protocol framework that enables robust and efficient delay-tolerant communication to edge networks. Our approach provides ICN-idiomatic communication between networks with vastly different RTTs. We applied this framework to LoRa, enabling end-to-end consumer-to-LoRa-producer interaction over an ICN-Internet and asynchronous data production in the LoRa edge. Instead of using LoRaWAN, we implemented an IEEE 802.15.4e DSME MAC layer on top of the LoRa PHY and ICN protocol mechanisms in RIOT OS. Executed on off-the-shelf IoT hardware, we provide a comparative evaluation for basic NDN-style ICN [60], RICE [31]-like pulling, and reflexive forwarding [46]. This is the first practical evaluation of ICN over LoRa using a reliable MAC. Our results show that periodic polling in NDN works inefficiently when facing long and differing RTTs. RICE reduces polling overhead and exploits gateway knowledge, without violating ICN principles. Reflexive forwarding reflects sporadic data generation naturally. Combined with a local data push, it operates efficiently and enables lifetimes of >1 year for battery powered LoRa-ICN nodes.
△ Less
Submitted 2 September, 2022;
originally announced September 2022.
-
Usable Security for an IoT OS: Integrating the Zoo of Embedded Crypto Components Below a Common API
Authors:
Lena Boeckmann,
Peter Kietzmann,
Leandro Lanzieri,
Thomas Schmidt,
Matthias Wählisch
Abstract:
IoT devices differ widely in crypto-supporting hardware, ranging from no hardware support to powerful accelerators supporting numerous of operations including protected key storage. An operating system should provide uniform access to these heterogeneous hardware features, which is a particular challenge in the resource constrained IoT. Effective security is tied to the usability of cryptographic…
▽ More
IoT devices differ widely in crypto-supporting hardware, ranging from no hardware support to powerful accelerators supporting numerous of operations including protected key storage. An operating system should provide uniform access to these heterogeneous hardware features, which is a particular challenge in the resource constrained IoT. Effective security is tied to the usability of cryptographic interfaces. A thoughtful API design is challenging, and it is beneficial to re-use such an interface and to share the knowledge of programming embedded security widely.
In this paper, we integrate an emerging cryptographic interface into usable system-level calls for the IoT operating system RIOT, which runs on more than 240 platforms. This interface supports ID-based key handling to access key material in protected storage without exposing it to anyone. Our design foresees hardware acceleration on all available variants; our implementation integrates diverse cryptographic hardware and software backends via the uniform interface. Our performance measurements show that the overhead of the uniform API with integrated key management is negligible compared to the individual crypto operation. Our approach enhances the usability, portability, and flexibility of cryptographic support in the IoT.
△ Less
Submitted 24 August, 2022; v1 submitted 19 August, 2022;
originally announced August 2022.
-
Securing name resolution in the IoT: DNS over CoAP
Authors:
Martine S. Lenders,
Christian Amsüss,
Cenk Gündogan,
Marcin Nawrocki,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP and DNS over DTLS, and validate our protocol desi…
▽ More
In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP and DNS over DTLS, and validate our protocol design based on empirical DNS IoT data. Our findings indicate that plain DoC is on par with common DNS solutions for the constrained IoT but significantly outperforms when additional standard features of CoAP are used such as caching. With OSCORE, we can save more than 10 kBytes of code memory compared to DTLS, when a CoAP application is already present, and retain the end-to-end trust chain with intermediate proxies, while leveraging features such as group communication or encrypted en-route caching. We also discuss a compression scheme for very restricted links that reduces data by up to 70%.
△ Less
Submitted 27 July, 2023; v1 submitted 15 July, 2022;
originally announced July 2022.
-
DSME-LoRa: Seamless Long Range Communication Between Arbitrary Nodes in the Constrained IoT
Authors:
José Álamos,
Peter Kietzmann,
Thomas Schmidt,
Matthias Wählisch
Abstract:
Long range radio communication is preferred in many IoT deployments as it avoids the complexity of multi-hop wireless networks. LoRa is a popular, energy-efficient wireless modulation but its networking substrate LoRaWAN introduces severe limitations to its users. In this paper, we present and thoroughly analyze DSME-LoRa, a system design of LoRa with IEEE 802.15.4 DSME as a MAC layer. DSME-LoRa o…
▽ More
Long range radio communication is preferred in many IoT deployments as it avoids the complexity of multi-hop wireless networks. LoRa is a popular, energy-efficient wireless modulation but its networking substrate LoRaWAN introduces severe limitations to its users. In this paper, we present and thoroughly analyze DSME-LoRa, a system design of LoRa with IEEE 802.15.4 DSME as a MAC layer. DSME-LoRa offers the advantage of seamless client-to-client communication beyond the pure gateway-centric transmission of LoRaWAN. We evaluate its feasibility via a full-stack implementation on the popular RIOT operating system, assess its steady-state packet flows in an analytical stochastic Markov model, and quantify its scalability in massive communication scenarios using large scale network simulations. Our findings indicate that DSME-LoRa is indeed a powerful approach that opens LoRa to standard network layers and outperforms LoRaWAN in many dimensions.
△ Less
Submitted 26 August, 2022; v1 submitted 28 June, 2022;
originally announced June 2022.
-
The Race to the Vulnerable: Measuring the Log4j Shell Incident
Authors:
Raphael Hiesgen,
Marcin Nawrocki,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable.
In this paper, we measure the rush of scanners during the two months after the disclosure. We use several vantag…
▽ More
The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable.
In this paper, we measure the rush of scanners during the two months after the disclosure. We use several vantage points to observe both researchers and attackers. For this purpose, we collect and analyze payloads sent by benign and malicious communication parties, their origins, and churn. We find that the initial rush of scanners quickly ebbed. Especially non-malicious scanners were only interested in the days after the disclosure. In contrast, malicious scanners continue targeting the vulnerability.
△ Less
Submitted 7 June, 2022; v1 submitted 5 May, 2022;
originally announced May 2022.
-
Long-Range ICN for the IoT: Exploring a LoRa System Design
Authors:
Peter Kietzmann,
Jose Alamos,
Dirk Kutscher,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
This paper presents LoRa-ICN, a comprehensive IoT networking system based on a common long-range communication layer (LoRa) combined with Information-Centric Networking (ICN) principles. We have replaced the LoRaWAN MAC layer with an IEEE 802.15.4 Deterministic and Synchronous Multi-Channel Extension (DSME). This multifaceted MAC layer allows for different map**s of ICN message semantics, which…
▽ More
This paper presents LoRa-ICN, a comprehensive IoT networking system based on a common long-range communication layer (LoRa) combined with Information-Centric Networking (ICN) principles. We have replaced the LoRaWAN MAC layer with an IEEE 802.15.4 Deterministic and Synchronous Multi-Channel Extension (DSME). This multifaceted MAC layer allows for different map**s of ICN message semantics, which we explore to enable new LoRa cenarios.
We designed LoRa-ICN from the ground-up to improve reliability and to reduce dependency on centralized components in LoRa IoT scenarios. We have implemented a feature-complete prototype in a common network simulator to validate our approach. Our results show design trade-offs of different map** alternatives in terms of robustness and efficiency.
△ Less
Submitted 23 April, 2022;
originally announced April 2022.
-
Secure and Authorized Client-to-Client Communication for LwM2M
Authors:
Leandro Lanzieri,
Peter Kietzmann,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Constrained devices on the Internet of Things (IoT) continuously produce and consume data. LwM2M manages millions of these devices in a server-centric architecture, which challenges edge networks with expensive uplinks and time-sensitive use cases. In this paper, we contribute two LwM2M extensions to enable client-to-client (C2C) communication: (i) an authorization mechanism for clients, and (ii)…
▽ More
Constrained devices on the Internet of Things (IoT) continuously produce and consume data. LwM2M manages millions of these devices in a server-centric architecture, which challenges edge networks with expensive uplinks and time-sensitive use cases. In this paper, we contribute two LwM2M extensions to enable client-to-client (C2C) communication: (i) an authorization mechanism for clients, and (ii) an extended management interface to allow secure C2C access to resources. We analyse the security properties of the proposed extensions and show that they are compliant with LwM2M security requirements. Our performance evaluation on off-the-shelf IoT hardware shows that C2C communication outperforms server-centric deployments. First, LwM2M deployments with edge C2C communication yield a ~90% faster notification delivery and ~8x greater throughput compared to common server-centric scenarios, while kee** a small memory overhead of ~8%. Second, in server-centric communication, the delivery rate degrades when resource update intervals drop below 100 ms.
△ Less
Submitted 7 March, 2022;
originally announced March 2022.
-
WIP: Exploring DSME MAC for LoRa -- A System Integration and First Evaluation
Authors:
José Álamos,
Peter Kietzmann,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
LoRa is a popular wireless technology that enables low-throughput (bytes) long-range communication (km) at low energy consumption (mW). Its transmission, though, is on one side prone to interference during long on-air times, and on the other side subject to duty cycle restrictions. LoRaWAN defines a MAC and a vertical stack on top of LoRa. LoRaWAN circumvents the above limitations by imposing a ce…
▽ More
LoRa is a popular wireless technology that enables low-throughput (bytes) long-range communication (km) at low energy consumption (mW). Its transmission, though, is on one side prone to interference during long on-air times, and on the other side subject to duty cycle restrictions. LoRaWAN defines a MAC and a vertical stack on top of LoRa. LoRaWAN circumvents the above limitations by imposing a centralized network architecture, which heavily reduces downlink capacity and prevents peer-to-peer communication. This makes it unusable for many deployments. The Deterministic and Synchronous Multichannel Extension (DSME) of IEEE 802.15.4e benefits of time-slotted communication and peer-to-peer communication and has the potential to overcome LoRaWAN limitations. In this work, we implement DSME on top of LoRa in the open source IoT OS RIOT and open the field for first evaluation experiments on real hardware. Initial results indicate that DSME-LoRa not only enables reliable peer-to-peer communication for constrained IoT devices, but also scales with an increasing number of nodes.
△ Less
Submitted 22 April, 2022; v1 submitted 17 December, 2021;
originally announced December 2021.
-
Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope
Authors:
Raphael Hiesgen,
Marcin Nawrocki,
Alistair King,
Alberto Dainotti,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Large-scale Internet scans are a common method to identify victims of a specific attack. Stateless scanning like in ZMap has been established as an efficient approach to probing at Internet scale. Stateless scans, however, need a second phase to perform the attack, which remains invisible to network telescopes that only capture the first incoming packet and is not observed as a related event by ho…
▽ More
Large-scale Internet scans are a common method to identify victims of a specific attack. Stateless scanning like in ZMap has been established as an efficient approach to probing at Internet scale. Stateless scans, however, need a second phase to perform the attack, which remains invisible to network telescopes that only capture the first incoming packet and is not observed as a related event by honeypots. In this work, we examine Internet-wide scan traffic through Spoki, a reactive network telescope operating in real-time that we design and implement. Spoki responds to asynchronous TCP SYN packets and engages in TCP handshakes initiated in the second phase of two-phase scans. Because it is extremely lightweight it scales to large prefixes where it has the unique opportunity to record the first data sequence submitted within the TCP handshake ACK. We analyze two-phase scanners during a three months period using globally deployed Spoki reactive telescopes as well as flow data sets from IXPs and ISPs. We find that a predominant fraction of TCP SYNs on the Internet has irregular characteristics. Our findings also provide a clear signature of today's scans as: (i) highly targeted, (ii) scanning activities notably vary between regional vantage points, and (iii) a significant share originates from malicious sources.
△ Less
Submitted 11 October, 2021;
originally announced October 2021.
-
Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure
Authors:
Marcin Nawrocki,
Maynard Koch,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we revisit the open DNS (ODNS) infrastructure and, for the first time, systematically measure and analyze transparent forwarders, DNS components that transparently relay between stub resolvers and recursive resolvers. Our key findings include four takeaways. First, transparent forwarders contribute 26% (563k) to the current ODNS infrastructure. Unfortunately, common periodic scannin…
▽ More
In this paper, we revisit the open DNS (ODNS) infrastructure and, for the first time, systematically measure and analyze transparent forwarders, DNS components that transparently relay between stub resolvers and recursive resolvers. Our key findings include four takeaways. First, transparent forwarders contribute 26% (563k) to the current ODNS infrastructure. Unfortunately, common periodic scanning campaigns such as Shadowserver do not capture transparent forwarders and thus underestimate the current threat potential of the ODNS. Second, we find an increased deployment of transparent forwarders in Asia and South America. In India alone, the ODNS consists of 80% transparent forwarders. Third, many transparent forwarders relay to a few selected public resolvers such as Google and Cloudflare, which confirms a consolidation trend of DNS stakeholders. Finally, we introduce DNSRoute++, a new traceroute approach to understand the network infrastructure connecting transparent forwarders and resolvers.
△ Less
Submitted 4 November, 2021; v1 submitted 5 October, 2021;
originally announced October 2021.
-
From the Beginning: Key Transitions in the First 15 Years of DNSSEC
Authors:
Eric Osterweil,
Pouyan Fotouhi Tehrani,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, it started a first-of-its-kind trial: increasing complexity of a core Internet protocol in favor of better security for the overall Internet. The necessary cryptographic key management is made particularly challenging by DNS' loosely-federated delegation substrate and unprecedented cryptographic scale. Though fundamenta…
▽ More
When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, it started a first-of-its-kind trial: increasing complexity of a core Internet protocol in favor of better security for the overall Internet. The necessary cryptographic key management is made particularly challenging by DNS' loosely-federated delegation substrate and unprecedented cryptographic scale. Though fundamental for current and future operational success, our community lacks a clear notion of how to empirically evaluate the process of securely changing (or transitioning) keys.
In this paper, we propose two building blocks to fundamentally understand and assess key transitions. First, the anatomy of key transitions: measurable and well-defined properties of key changes; and second a novel classification model based on this anatomy to describe key transitions practices in abstract terms. Our anatomy enables the evaluation of cryptographic keys' life cycles in general, and comparison of operational practices with prescribed key management processes, e.g., RFC key rollover guidelines. The fine-grained transition anatomy is then abstracted through our classification model to characterize transitions in abstract terms which rather describe a transition's behavior than its specific features.
The applicability and utility of our proposed transition anatomy and transition classes are exemplified for the global DNSSEC deployment. Specifically, we use measurements from the first 15 years of the DNSSEC rollout to detect and measure which key rollover/transitions have been used, to what degree, and what their rates of errors and warnings have been. Our results show measurable gaps between prescribed key management processes and key transitions in the wild. We also find evidence that such noncompliant transitions are inevitable in the wild.
△ Less
Submitted 17 September, 2021;
originally announced September 2021.
-
QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events
Authors:
Marcin Nawrocki,
Raphael Hiesgen,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue that although QUIC has been carefully designed to…
▽ More
In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue that although QUIC has been carefully designed to restrict reflective amplification attacks, the QUIC handshake is prone to resource exhaustion attacks, similar to TCP SYN floods. We confirm this conjecture by showing how this attack vector is already exploited in multi-vector attacks: On average, the Internet is exposed to four QUIC floods per hour and half of these attacks occur concurrently with other common attack types such as TCP/ICMP floods.
△ Less
Submitted 5 October, 2021; v1 submitted 2 September, 2021;
originally announced September 2021.
-
The Far Side of DNS Amplification: Tracing the DDoS Attack Ecosystem from the Internet Core
Authors:
Marcin Nawrocki,
Mattijs Jonker,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we shed new light on the DNS amplification ecosystem, by studying complementary data sources, bolstered by orthogonal methodologies. First, we introduce a passive attack detection method for the Internet core, i.e., at Internet eXchange Points (IXPs). Surprisingly, IXPs and honeypots observe mostly disjoint sets of attacks: 96% of IXP-inferred attacks were invisible to a sizable hon…
▽ More
In this paper, we shed new light on the DNS amplification ecosystem, by studying complementary data sources, bolstered by orthogonal methodologies. First, we introduce a passive attack detection method for the Internet core, i.e., at Internet eXchange Points (IXPs). Surprisingly, IXPs and honeypots observe mostly disjoint sets of attacks: 96% of IXP-inferred attacks were invisible to a sizable honeypot platform. Second, we assess the effectiveness of observed DNS attacks by studying IXP traces jointly with diverse data from independent measurement infrastructures. We find that attackers efficiently detect new reflectors and purposefully rotate between them. At the same time, we reveal that attackers are a small step away from bringing about significantly higher amplification factors (14x). Third, we identify and fingerprint a major attack entity by studying patterns in attack traces. We show that this entity dominates the DNS amplification ecosystem by carrying out 59% of the attacks, and provide an in-depth analysis of its behavior over time. Finally, our results reveal that operators of various .gov names do not adhere to DNSSEC key rollover best practices, which exacerbates amplification potential. We can verifiably connect this operational behavior to misuses and attacker decision-making.
△ Less
Submitted 6 October, 2021; v1 submitted 2 September, 2021;
originally announced September 2021.
-
Reliable Firmware Updates for the Information-Centric Internet of Things
Authors:
Cenk Gündoğan,
Christian Amsüss,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Security in the Internet of Things (IoT) requires ways to regularly update firmware in the field. These demands ever increase with new, agile concepts such as security as code and should be considered a regular operation. Hosting massive firmware roll-outs present a crucial challenge for the constrained wireless environment. In this paper, we explore how information-centric networking can ease rel…
▽ More
Security in the Internet of Things (IoT) requires ways to regularly update firmware in the field. These demands ever increase with new, agile concepts such as security as code and should be considered a regular operation. Hosting massive firmware roll-outs present a crucial challenge for the constrained wireless environment. In this paper, we explore how information-centric networking can ease reliable firmware updates. We start from the recent standards developed by the IETF SUIT working group and contribute a system that allows for a timely discovery of new firmware versions by using cryptographically protected manifest files. Our design enables a cascading firmware roll-out from a gateway towards leaf nodes in a low-power multi-hop network. While a chunking mechanism prepares firmware images for typically low-sized maximum transmission units (MTUs), an early Denial-of-Service (DoS) detection prevents the distribution of tampered or malformed chunks. In experimental evaluations on a real-world IoT testbed, we demonstrate feasible strategies with adaptive bandwidth consumption and a high resilience to connectivity loss when replicating firmware images into the IoT edge.
△ Less
Submitted 21 August, 2021;
originally announced August 2021.
-
PHiLIP on the HiL: Automated Multi-platform OS Testing with External Reference Devices
Authors:
Kevin Weiss,
Michel Rottleuthner,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Develo** an operating system (OS) for low-end embedded devices requires continuous adaptation to new hardware architectures and components, while serviceability of features needs to be assured for each individual platform under tight resource constraints. It is challenging to design a versatile and accurate heterogeneous test environment that is agile enough to cover a continuous evolution of th…
▽ More
Develo** an operating system (OS) for low-end embedded devices requires continuous adaptation to new hardware architectures and components, while serviceability of features needs to be assured for each individual platform under tight resource constraints. It is challenging to design a versatile and accurate heterogeneous test environment that is agile enough to cover a continuous evolution of the code base and platforms. This mission is even morehallenging when organized in an agile open-source community process with many contributors such as for the RIOT OS. Hardware in the Loop (HiL) testing and Continuous Integration (CI) are automatable approaches to verify functionality, prevent regressions, and improve the overall quality at development speed in large community projects. In this paper, we present PHiLIP (Primitive Hardware in the Loop Integration Product), an open-source external reference device together with tools that validate the system software while it controls hardware and interprets physical signals. Instead of focusing on a specific test setting, PHiLIP takes the approach of a tool-assisted agile HiL test process, designed for continuous evolution and deployment cycles. We explain its design, describe how it supports HiL tests, evaluate performance metrics, and report on practical experiences of employing PHiLIP in an automated CI test infrastructure. Our initial deployment comprises 22 unique platforms, each of which executes 98 peripheral tests every night. PHiLIP allows for easy extension of low-cost, adaptive testing infrastructures but serves testing techniques and tools to a much wider range of applications.
△ Less
Submitted 15 July, 2021;
originally announced July 2021.
-
Networking Group Content: RESTful Multiparty Access to a Data-centric Web of Things
Authors:
Cenk Gündoğan,
Christian Amsüss,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Content replication to many destinations is a common use case in the Internet of Things (IoT). The deployment of IP multicast has proven inefficient, though, due to its lack of layer-2 support by common IoT radio technologies and its synchronous end-to-end transmission, which is highly susceptible to interference. Information-centric networking (ICN) introduced hop-wise multi-party dissemination o…
▽ More
Content replication to many destinations is a common use case in the Internet of Things (IoT). The deployment of IP multicast has proven inefficient, though, due to its lack of layer-2 support by common IoT radio technologies and its synchronous end-to-end transmission, which is highly susceptible to interference. Information-centric networking (ICN) introduced hop-wise multi-party dissemination of cacheable content, which has proven valuable in particular for low-power lossy networking regimes. Even NDN, however, the most prominent ICN protocol, suffers from a lack of deployment.
In this paper, we explore how multiparty content distribution in an information-centric Web of Things (WoT) can be built on CoAP. We augment the CoAP proxy by request aggregation and response replication functions, which together with proxy caches enable asynchronous group communication. In a further step, we integrate content object security with OSCORE into the CoAP multicast proxy system, which enables ubiquitous caching of certified authentic content. In our evaluation, we compare NDN with different deployment models of CoAP, including our data-centric approach in realistic testbed experiments. Our findings indicate that multiparty content distribution based on CoAP proxies performs equally well as NDN, while remaining fully compatible with the established IoT protocol world of CoAP on the Internet.
△ Less
Submitted 4 April, 2021;
originally announced April 2021.
-
Dynamic Clock Reconfiguration for the Constrained IoT and its Application to Energy-efficient Networking
Authors:
Michel Rottleuthner,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Clock configuration takes a key role in tuning constrained general-purpose microcontrollers for performance, timing accuracy, and energy efficiency. Configuring the underlying clock tree, however, involves a large parameter space with complex dependencies and dynamic constraints. We argue for clock configuration as a generic operating system module that bridges the gap between highly configurable…
▽ More
Clock configuration takes a key role in tuning constrained general-purpose microcontrollers for performance, timing accuracy, and energy efficiency. Configuring the underlying clock tree, however, involves a large parameter space with complex dependencies and dynamic constraints. We argue for clock configuration as a generic operating system module that bridges the gap between highly configurable but complex embedded hardware and easy application development. In this paper, we propose a method and a runtime subsystem for dynamic clock reconfiguration on constrained Internet of Things (IoT) devices named ScaleClock. ScaleClock derives measures to dynamically optimize clock configurations by abstracting the hardware-specific clock trees. The ScaleClock system service grants portable access to the optimization potential of dynamic clock scaling for applications. We implement the approach on the popular IoT operating system RIOT for two target platforms of different manufacturers and evaluate its performance in static and dynamic scenarios on real devices. We demonstrate the potential of ScaleClock by designing a platform-independent dynamic voltage and frequency scaling (DVFS) mechanism that enables RIOT to autonomously adapt the hardware performance to requirements of the software currently executed. In a use case study, we manage to boost energy efficiency of constrained network communication by reducing the MCU consumption by 40 % at negligible performance impact.
△ Less
Submitted 3 August, 2022; v1 submitted 20 February, 2021;
originally announced February 2021.
-
Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI
Authors:
Pouyan Fotouhi Tehrani,
Eric Osterweil,
Jochen H. Schiller,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
During disasters, crisis, and emergencies the public relies on online services provided by official authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their online services. This includes catering to secure identification of service, secure resolution of name to network service, an…
▽ More
During disasters, crisis, and emergencies the public relies on online services provided by official authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their online services. This includes catering to secure identification of service, secure resolution of name to network service, and content security and privacy as a minimum base for trustworthy communication.
In this paper, we take a first look at Alerting Authorities (AA) in the US and investigate security measures related to trustworthy and secure communication. We study the domain namespace structure, DNSSEC penetration, and web certificates. We introduce an integrative threat model to better understand whether and how the online presence and services of AAs are harmed. As an illustrative example, we investigate 1,388 Alerting Authorities. We observe partial heightened security relative to the global Internet trends, yet find cause for concern as about 78% of service providers fail to deploy measures of trustworthy service provision. Our analysis shows two major shortcomings. First, how the DNS ecosystem is leveraged: about 50% of organizations do not own their dedicated domain names and are dependent on others, 55% opt for unrestricted-use namespaces, which simplifies phishing, and less than 4% of unique AA domain names are secured by DNSSEC, which can lead to DNS poisoning and possibly to certificate misissuance. Second, how Web PKI certificates are utilized: 15% of all hosts provide none or invalid certificates, thus cannot cater to confidentiality and data integrity, 64% of the hosts provide domain validation certification that lack any identity information, and shared certificates have gained on popularity, which leads to fate-sharing and can be a cause for instability.
△ Less
Submitted 13 April, 2021; v1 submitted 24 August, 2020;
originally announced August 2020.
-
A Guideline on Pseudorandom Number Generation (PRNG) in the IoT
Authors:
Peter Kietzmann,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resou…
▽ More
Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resources, deterministic real-time operations, and frequent lack of a user interface.
In this paper, we revisit the generation of randomness from the perspective of an IoT operating system (OS) that needs to support general purpose or crypto-secure random numbers. We analyse the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experiments for measuring performance give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use.
△ Less
Submitted 14 July, 2021; v1 submitted 23 July, 2020;
originally announced July 2020.
-
IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison
Authors:
Cenk Gündoğan,
Christian Amsüss,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
The emerging Internet of Things (IoT) challenges the end-to-end transport of the Internet by low power lossy links and gateways that perform protocol translations. Protocols such as CoAP or MQTT-SN are degraded by the overhead of DTLS sessions, which in common deployment protect content transfer only up to the gateway. To preserve content security end-to-end via gateways and proxies, the IETF rece…
▽ More
The emerging Internet of Things (IoT) challenges the end-to-end transport of the Internet by low power lossy links and gateways that perform protocol translations. Protocols such as CoAP or MQTT-SN are degraded by the overhead of DTLS sessions, which in common deployment protect content transfer only up to the gateway. To preserve content security end-to-end via gateways and proxies, the IETF recently developed Object Security for Constrained RESTful Environments (OSCORE), which extends CoAP with content object security features commonly known from Information Centric Networks (ICN).
This paper presents a comparative analysis of protocol stacks that protect request-response transactions. We measure protocol performances of CoAP over DTLS, OSCORE, and the information-centric Named Data Networking (NDN) protocol on a large-scale IoT testbed in single- and multi-hop scenarios. Our findings indicate that (a) OSCORE improves on CoAP over DTLS in error-prone wireless regimes due to omitting the overhead of maintaining security sessions at endpoints, and (b) NDN attains superior robustness and reliability due to its intrinsic network caches and hop-wise retransmissions.
△ Less
Submitted 16 June, 2020; v1 submitted 22 January, 2020;
originally announced January 2020.
-
A Reproducibility Study of "IP Spoofing Detection in Inter-Domain Traffic"
Authors:
Jasper Eumann,
Raphael Hiesgen,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the attacker's network, but very challenging at Internet eXchange Points (IXPs) or in transit networks. In this reproducibility study, we revisit the paper \textit{Detect…
▽ More
IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the attacker's network, but very challenging at Internet eXchange Points (IXPs) or in transit networks. In this reproducibility study, we revisit the paper \textit{Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses} published at ACM IMC 2017. Using data from a different IXP and from a different time, we were not able to reproduce the results. Unfortunately, our further analysis reveals structural problems of the state of the art methodology, which are not easy to overcome.
△ Less
Submitted 1 October, 2021; v1 submitted 12 November, 2019;
originally announced November 2019.
-
Eco: A Hardware-Software Co-Design for In Situ Power Measurement on Low-end IoT Systems
Authors:
Michel Rottleuthner,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Energy-constrained sensor nodes can adaptively optimize their energy consumption if a continuous measurement exists. This is of particular importance in scenarios of high dynamics such as energy harvesting or adaptive task scheduling. However, self-measuring of power consumption at reasonable cost and complexity is unavailable as a generic system service. In this paper, we present Eco, a hardware-…
▽ More
Energy-constrained sensor nodes can adaptively optimize their energy consumption if a continuous measurement exists. This is of particular importance in scenarios of high dynamics such as energy harvesting or adaptive task scheduling. However, self-measuring of power consumption at reasonable cost and complexity is unavailable as a generic system service. In this paper, we present Eco, a hardware-software co-design enabling generic energy management on IoT nodes. Eco is tailored to devices with limited resources and thus targets most of the upcoming IoT scenarios. The proposed measurement module combines commodity components with a common system interfaces to achieve easy, flexible integration with various hardware platforms and the RIOT IoT operating system. We thoroughly evaluate and compare accuracy and overhead. Our findings indicate that our commodity design competes well with highly optimized solutions, while being significantly more versatile. We employ Eco for energy management on RIOT and validate its readiness for deployment in a five-week field trial integrated with energy harvesting.
△ Less
Submitted 23 September, 2019;
originally announced September 2019.
-
Bluetooth Mesh under the Microscope: How much ICN is Inside?
Authors:
Hauke Petersen,
Peter Kietzmann,
Cenk Gündoğan,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Bluetooth (BT) mesh is a new mode of BT operation for low-energy devices that offers group-based publish-subscribe as a network service with additional caching capabilities. These features resemble concepts of information-centric networking (ICN), and the analogy to ICN has been repeatedly drawn in the BT community. In this paper, we compare BT mesh with ICN both conceptually and in real-world exp…
▽ More
Bluetooth (BT) mesh is a new mode of BT operation for low-energy devices that offers group-based publish-subscribe as a network service with additional caching capabilities. These features resemble concepts of information-centric networking (ICN), and the analogy to ICN has been repeatedly drawn in the BT community. In this paper, we compare BT mesh with ICN both conceptually and in real-world experiments. We contrast both architectures and their design decisions in detail. Experiments are performed on an IoT testbed using NDN/CCNx and BT mesh on constrained RIOT nodes. Our findings indicate significant differences both in concepts and in real-world performance. Supported by new insights, we identify synergies and sketch a design of a BT-ICN that benefits from both worlds.
△ Less
Submitted 26 August, 2019;
originally announced August 2019.
-
Gain More for Less: The Surprising Benefits of QoS Management in Constrained NDN Networks
Authors:
Cenk Gündoğan,
Jakob Pfender,
Michael Frey,
Thomas C. Schmidt,
Felix Shzu-Juraschek,
Matthias Wählisch
Abstract:
Quality of Service (QoS) in the IP world mainly manages forwarding resources, i.e., link capacities and buffer spaces. In addition, Information Centric Networking (ICN) offers resource dimensions such as in-network caches and forwarding state. In constrained wireless networks, these resources are scarce with a potentially high impact due to lossy radio transmission. In this paper, we explore the t…
▽ More
Quality of Service (QoS) in the IP world mainly manages forwarding resources, i.e., link capacities and buffer spaces. In addition, Information Centric Networking (ICN) offers resource dimensions such as in-network caches and forwarding state. In constrained wireless networks, these resources are scarce with a potentially high impact due to lossy radio transmission. In this paper, we explore the two basic service qualities (i) prompt and (ii) reliable traffic forwarding for the case of NDN. The resources we take into account are forwarding and queuing priorities, as well as the utilization of caches and of forwarding state space. We treat QoS resources not only in isolation, but correlate their use on local nodes and between network members. Network-wide coordination is based on simple, predefined QoS code points. Our findings indicate that coordinated QoS management in ICN is more than the sum of its parts and exceeds the impact QoS can have in the IP world.
△ Less
Submitted 20 August, 2019;
originally announced August 2019.
-
A Lesson in Scaling 6LoWPAN -- Minimal Fragment Forwarding in Lossy Networks
Authors:
Martine S. Lenders,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
This paper evaluates two forwarding strategies for fragmented datagrams in the IoT: hop-wise reassembly and a minimal approach to directly forward fragments. Minimal fragment forwarding is challenged by the lack of forwarding information at subsequent fragments in 6LoWPAN and thus requires additional data at nodes. We compared the two approaches in extensive experiments evaluating reliability, end…
▽ More
This paper evaluates two forwarding strategies for fragmented datagrams in the IoT: hop-wise reassembly and a minimal approach to directly forward fragments. Minimal fragment forwarding is challenged by the lack of forwarding information at subsequent fragments in 6LoWPAN and thus requires additional data at nodes. We compared the two approaches in extensive experiments evaluating reliability, end-to-end latency, and memory consumption. In contrast to previous work and due to our alternate setup, we obtained different results and conclusions. Our findings indicate that direct fragment forwarding should be deployed only with care, since higher packet transmission rates on the link-layer can significantly reduce its reliability, which in turn can even further reduce end-to-end latency because of highly increased link-layer retransmissions.
△ Less
Submitted 28 August, 2019; v1 submitted 20 May, 2019;
originally announced May 2019.
-
The Dagstuhl Beginners Guide to Reproducibility for Experimental Networking Research
Authors:
Vaibhav Bajpai,
Anna Brunstrom,
Anja Feldmann,
Wolfgang Kellerer,
Aiko Pras,
Henning Schulzrinne,
Georgios Smaragdakis,
Matthias Wählisch,
Klaus Wehrle
Abstract:
Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.
Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.
△ Less
Submitted 12 January, 2019;
originally announced February 2019.
-
Uncovering Vulnerable Industrial Control Systems from the Internet Core
Authors:
Marcin Nawrocki,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.…
▽ More
Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., DRDoS~attacks).
In this paper, we uncover unprotected inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. This traffic analysis is correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We provide an in-depth view on Internet-wide ICS communication. Our results can be used i) to create precise filters for potentially harmful non-industrial ICS traffic, and ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdrop** and traffic manipulation attacks.
△ Less
Submitted 23 April, 2020; v1 submitted 14 January, 2019;
originally announced January 2019.
-
ICNLoWPAN -- Named-Data Networking for Low Power IoT Networks
Authors:
Cenk Gündoğan,
Peter Kietzmann,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Information Centric Networking is considered a promising communication technology for the constrained IoT, but NDN was designed only for standard network infrastructure.
In this paper, we design and evaluate an NDN convergence layer for low power lossy links that (1) augments the NDN stateful forwarding with a highly efficient name eliding, (2) devises stateless compression schemes for standard…
▽ More
Information Centric Networking is considered a promising communication technology for the constrained IoT, but NDN was designed only for standard network infrastructure.
In this paper, we design and evaluate an NDN convergence layer for low power lossy links that (1) augments the NDN stateful forwarding with a highly efficient name eliding, (2) devises stateless compression schemes for standard NDN use cases, (3) adapts NDN packets to the small MTU size of IEEE 802.15.4, and (4) generates compatibility with 6LoWPAN so that IPv6 and NDN can coexist on the same LoWPAN links. Our findings indicate that stateful compression can reduce the size of NDN data packets by more than 70% in realistic examples. Our experiments show that for common use cases ICNLoWPAN saves 33% of transmission resources over NDN, and about 20% over 6LoWPAN.
△ Less
Submitted 17 December, 2018;
originally announced December 2018.
-
Security for the Industrial IoT: The Case for Information-Centric Networking
Authors:
Michael Frey,
Cenk Gündoğan,
Peter Kietzmann,
Martine Lenders,
Hauke Petersen,
Thomas C. Schmidt,
Felix Shzu-Juraschek,
Matthias Wählisch
Abstract:
Industrial production plants traditionally include sensors for monitoring or documenting processes, and actuators for enabling corrective actions in cases of misconfigurations, failures, or dangerous events. With the advent of the IoT, embedded controllers link these `things' to local networks that often are of low power wireless kind, and are interconnected via gateways to some cloud from the glo…
▽ More
Industrial production plants traditionally include sensors for monitoring or documenting processes, and actuators for enabling corrective actions in cases of misconfigurations, failures, or dangerous events. With the advent of the IoT, embedded controllers link these `things' to local networks that often are of low power wireless kind, and are interconnected via gateways to some cloud from the global Internet. Inter-networked sensors and actuators in the industrial IoT form a critical subsystem while frequently operating under harsh conditions. It is currently under debate how to approach inter-networking of critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and robust networking solution for constrained controllers in industrial safety systems. We showcase hazardous gas sensing in widespread industrial environments, such as refineries, and compare with IP-based approaches such as CoAP and MQTT. Our findings indicate that the content-centric security model, as well as enhanced DoS resistance are important arguments for deploying Information Centric Networking in a safety-critical industrial IoT. Evaluation of the crypto efforts on the RIOT operating system for content security reveal its feasibility for common deployment scenarios.
△ Less
Submitted 5 March, 2019; v1 submitted 10 October, 2018;
originally announced October 2018.
-
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
Authors:
Quirin Scheitle,
Oliver Gasser,
Theodor Nolte,
Johanna Amann,
Lexi Brent,
Georg Carle,
Ralph Holz,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment o…
▽ More
In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.
△ Less
Submitted 21 September, 2018;
originally announced September 2018.
-
NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT
Authors:
Cenk Gündoğan,
Peter Kietzmann,
Martine Lenders,
Hauke Petersen,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze th…
▽ More
This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze the use cases of scheduled periodic and unscheduled traffic under varying loads. Our findings indicate that (a) NDN admits the most resource-friendly deployment on nodes, and (b) shows superior robustness and resilience in multi-hop scenarios, while (c) the IP protocols operate at less overhead and higher speed in single-hop deployments. Most strikingly we find that NDN-based protocols are in significantly better flow balance than the UDP-based IP protocols and require less corrective actions.
△ Less
Submitted 27 September, 2018; v1 submitted 4 June, 2018;
originally announced June 2018.
-
HoPP: Robust and Resilient Publish-Subscribe for an Information-Centric Internet of Things
Authors:
Cenk Gündoğan,
Peter Kietzmann,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
This paper revisits NDN deployment in the IoT with a special focus on the interaction of sensors and actuators. Such scenarios require high responsiveness and limited control state at the constrained nodes. We argue that the NDN request-response pattern which prevents data push is vital for IoT networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme for typical IoT scenarios…
▽ More
This paper revisits NDN deployment in the IoT with a special focus on the interaction of sensors and actuators. Such scenarios require high responsiveness and limited control state at the constrained nodes. We argue that the NDN request-response pattern which prevents data push is vital for IoT networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme for typical IoT scenarios that targets IoT networks consisting of hundreds of resource constrained devices at intermittent connectivity. Our approach limits the FIB tables to a minimum and naturally supports mobility, temporary network partitioning, data aggregation and near real-time reactivity. We experimentally evaluate the protocol in a real-world deployment using the IoT-Lab testbed with varying numbers of constrained devices, each wirelessly interconnected via IEEE 802.15.4 LowPANs. Implementations are built on CCN-lite with RIOT and support experiments using various single- and multi-hop scenarios.
△ Less
Submitted 11 January, 2018;
originally announced January 2018.
-
Connecting the World of Embedded Mobiles: The RIOT Approach to Ubiquitous Networking for the Internet of Things
Authors:
Martine Lenders,
Peter Kietzmann,
Oliver Hahm,
Hauke Petersen,
Cenk Gündoğan,
Emmanuel Baccelli,
Kaspar Schleiser,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
The Internet of Things (IoT) is rapidly evolving based on low-power compliant protocol standards that extend the Internet into the embedded world. Pioneering implementations have proven it is feasible to inter-network very constrained devices, but had to rely on peculiar cross-layered designs and offer a minimalistic set of features. In the long run, however, professional use and massive deploymen…
▽ More
The Internet of Things (IoT) is rapidly evolving based on low-power compliant protocol standards that extend the Internet into the embedded world. Pioneering implementations have proven it is feasible to inter-network very constrained devices, but had to rely on peculiar cross-layered designs and offer a minimalistic set of features. In the long run, however, professional use and massive deployment of IoT devices require full-featured, cleanly composed, and flexible network stacks.
This paper introduces the networking architecture that turns RIOT into a powerful IoT system, to enable low-power wireless scenarios. RIOT networking offers (i) a modular architecture with generic interfaces for plugging in drivers, protocols, or entire stacks, (ii) support for multiple heterogeneous interfaces and stacks that can concurrently operate, and (iii) GNRC, its cleanly layered, recursively composed default network stack. We contribute an in-depth analysis of the communication performance and resource efficiency of RIOT, both on a micro-benchmarking level as well as by comparing IoT communication across different platforms. Our findings show that, though it is based on significantly different design trade-offs, the networking subsystem of RIOT achieves a performance equivalent to that of Contiki and TinyOS, the two operating systems which pioneered IoT software platforms.
△ Less
Submitted 9 January, 2018;
originally announced January 2018.
-
Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering
Authors:
Andreas Reuter,
Randy Bush,
Ítalo Cunha,
Ethan Katz-Bassett,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid…
▽ More
A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist?
Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with a description of a controlled, verifiable methodology for measuring ROV and present three ASes that do implement ROV, confirmed by operators.
△ Less
Submitted 5 May, 2018; v1 submitted 13 June, 2017;
originally announced June 2017.
-
A Survey on Honeypot Software and Data Analysis
Authors:
Marcin Nawrocki,
Matthias Wählisch,
Thomas C. Schmidt,
Christian Keil,
Jochen Schönfelder
Abstract:
In this survey, we give an extensive overview on honeypots. This includes not only honeypot software but also methodologies to analyse honeypot data.
In this survey, we give an extensive overview on honeypots. This includes not only honeypot software but also methodologies to analyse honeypot data.
△ Less
Submitted 22 August, 2016;
originally announced August 2016.
-
Towards Better Internet Citizenship: Reducing the Footprint of Internet-wide Scans by Topology Aware Prefix Selection
Authors:
Johannes Klick,
Stephan Lau,
Matthias Wählisch,
Volker Roth
Abstract:
Internet service discovery is an emerging topic to study the deployment of protocols. Towards this end, our community periodically scans the entire advertised IPv4 address space. In this paper, we question this principle. Being good Internet citizens means that we should limit scan traffic to what is necessary. We conducted a study of scan data, which shows that several prefixes do not accommodate…
▽ More
Internet service discovery is an emerging topic to study the deployment of protocols. Towards this end, our community periodically scans the entire advertised IPv4 address space. In this paper, we question this principle. Being good Internet citizens means that we should limit scan traffic to what is necessary. We conducted a study of scan data, which shows that several prefixes do not accommodate any host of interest and the network topology is fairly stable. We argue that this allows us to collect representative data by scanning less. In our paper, we explore the idea to scan all prefixes once and then identify prefixes of interest for future scanning. Based on our analysis of the censys.io data set (4.1 TB data encompassing 28 full IPv4 scans within 6 months) we found that we can reduce scan traffic between 25-90% and miss only 1-10% of the hosts, depending on desired trade-offs and protocols.
△ Less
Submitted 14 September, 2016; v1 submitted 19 May, 2016;
originally announced May 2016.
-
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
Authors:
Johann Schlamp,
Matthias Wählisch,
Thomas C. Schmidt,
Georg Carle,
Ernst W. Biersack
Abstract:
The Internet routing protocol BGP expresses topological reachability and policy-based decisions simultaneously in path vectors. A complete view on the Internet backbone routing is given by the collection of all valid routes, which is infeasible to obtain due to information hiding of BGP, the lack of omnipresent collection points, and data complexity. Commonly, graph-based data models are used to…
▽ More
The Internet routing protocol BGP expresses topological reachability and policy-based decisions simultaneously in path vectors. A complete view on the Internet backbone routing is given by the collection of all valid routes, which is infeasible to obtain due to information hiding of BGP, the lack of omnipresent collection points, and data complexity. Commonly, graph-based data models are used to represent the Internet topology from a given set of BGP routing tables but fall short of explaining policy contexts. As a consequence, routing anomalies such as route leaks and interception attacks cannot be explained with graphs.
In this paper, we use formal languages to represent the global routing system in a rigorous model. Our CAIR framework translates BGP announcements into a finite route language that allows for the incremental construction of minimal route automata. CAIR preserves route diversity, is highly efficient, and well-suited to monitor BGP path changes in real-time. We formally derive implementable search patterns for route leaks and interception attacks. In contrast to the state-of-the-art, we can detect these incidents. In practical experiments, we analyze public BGP data over the last seven years.
△ Less
Submitted 2 May, 2016;
originally announced May 2016.
-
A Case for Time Slotted Channel Hop** for ICN in the IoT
Authors:
Oliver Hahm,
Cédric Adjih,
Emmanuel Baccelli,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
Recent proposals to simplify the operation of the IoT include the use of Information Centric Networking (ICN) paradigms. While this is promising, several challenges remain. In this paper, our core contributions (a) leverage ICN communication patterns to dynamically optimize the use of TSCH (Time Slotted Channel Hop**), a wireless link layer technology increasingly popular in the IoT, and (b) m…
▽ More
Recent proposals to simplify the operation of the IoT include the use of Information Centric Networking (ICN) paradigms. While this is promising, several challenges remain. In this paper, our core contributions (a) leverage ICN communication patterns to dynamically optimize the use of TSCH (Time Slotted Channel Hop**), a wireless link layer technology increasingly popular in the IoT, and (b) make IoT-style routing adaptive to names, resources, and traffic patterns throughout the network--both without cross-layering. Through a series of experiments on the FIT IoT-LAB interconnecting typical IoT hardware, we find that our approach is fully robust against wireless interference, and almost halves the energy consumed for transmission when compared to CSMA. Most importantly, our adaptive scheduling prevents the time-slotted MAC layer from sacrificing throughput and delay.
△ Less
Submitted 27 February, 2016;
originally announced February 2016.