-
Deployment Challenges of Industrial Intrusion Detection Systems
Authors:
Konrad Wolsing,
Eric Wagner,
Frederik Basels,
Patrick Wagner,
Klaus Wehrle
Abstract:
With the escalating threats posed by cyberattacks on Industrial Control Systems (ICSs), the development of customized Industrial Intrusion Detection Systems (IIDSs) received significant attention in research. While existing literature proposes effective IIDS solutions evaluated in controlled environments, their deployment in real-world industrial settings poses several challenges. This paper highl…
▽ More
With the escalating threats posed by cyberattacks on Industrial Control Systems (ICSs), the development of customized Industrial Intrusion Detection Systems (IIDSs) received significant attention in research. While existing literature proposes effective IIDS solutions evaluated in controlled environments, their deployment in real-world industrial settings poses several challenges. This paper highlights two critical yet often overlooked aspects that significantly impact their practical deployment, i.e., the need for sufficient amounts of data to train the IIDS models and the challenges associated with finding suitable hyperparameters, especially for IIDSs training only on genuine ICS data. Through empirical experiments conducted on multiple state-of-the-art IIDSs and diverse datasets, we establish the criticality of these issues in deploying IIDSs. Our findings show the necessity of extensive malicious training data for supervised IIDSs, which can be impractical considering the complexity of recording and labeling attacks in actual industrial environments. Furthermore, while other IIDSs circumvent the previous issue by requiring only benign training data, these can suffer from the difficulty of setting appropriate hyperparameters, which likewise can diminish their performance. By shedding light on these challenges, we aim to enhance the understanding of the limitations and considerations necessary for deploying effective cybersecurity solutions in ICSs, which might be one reason why IIDSs see few deployments.
△ Less
Submitted 4 March, 2024;
originally announced March 2024.
-
An Interdisciplinary Survey on Information Flows in Supply Chains
Authors:
Jan Pennekamp,
Roman Matzutt,
Christopher Klinkmüller,
Lennart Bader,
Martin Serror,
Eric Wagner,
Sidra Malik,
Maria Spiß,
Jessica Rahn,
Tan Gürpinar,
Eduard Vlad,
Sander J. J. Leemans,
Salil S. Kanhere,
Volker Stich,
Klaus Wehrle
Abstract:
Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010-2021 in an interdisciplinary meta-survey to make this topic holist…
▽ More
Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010-2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points.
△ Less
Submitted 28 September, 2023;
originally announced January 2024.
-
When and How to Aggregate Message Authentication Codes on Lossy Channels?
Authors:
Eric Wagner,
Martin Serror,
Klaus Wehrle,
Martin Henze
Abstract:
Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves bandwidth, a single lost message typically means that authenticati…
▽ More
Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves bandwidth, a single lost message typically means that authentication information for multiple messages cannot be verified anymore. With the significant increase of bandwidth-constrained lossy communication, as applications shift towards wireless channels, it thus becomes paramount to study the impact of packet loss on the diverse MAC aggregation schemes proposed over the past 15 years to assess when and how to aggregate message authentication. Therefore, we empirically study all relevant MAC aggregation schemes in the context of lossy channels, investigating achievable goodput improvements, the resulting verification delays, processing overhead, and resilience to denial-of-service attacks. Our analysis shows the importance of carefully choosing and configuring MAC aggregation, as selecting and correctly parameterizing the right scheme can, e.g., improve goodput by 39% to 444%, depending on the scenario. However, since no aggregation scheme performs best in all scenarios, we provide guidelines for network operators to select optimal schemes and parameterizations suiting specific network settings.
△ Less
Submitted 15 December, 2023;
originally announced December 2023.
-
Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication
Authors:
Eric Wagner,
David Heye,
Martin Serror,
Ike Kunze,
Klaus Wehrle,
Martin Henze
Abstract:
Industrial control systems increasingly rely on middlebox functionality such as intrusion detection or in-network processing. However, traditional end-to-end security protocols interfere with the necessary access to in-flight data. While recent work on middlebox-aware end-to-end security protocols for the traditional Internet promises to address the dilemma between end-to-end security guarantees a…
▽ More
Industrial control systems increasingly rely on middlebox functionality such as intrusion detection or in-network processing. However, traditional end-to-end security protocols interfere with the necessary access to in-flight data. While recent work on middlebox-aware end-to-end security protocols for the traditional Internet promises to address the dilemma between end-to-end security guarantees and middleboxes, the current state-of-the-art lacks critical features for industrial communication. Most importantly, industrial settings require fine-grained access control for middleboxes to truly operate in a least-privilege mode. Likewise, advanced applications even require that middleboxes can inject specific messages (e.g., emergency shutdowns). Meanwhile, industrial scenarios often expose tight latency and bandwidth constraints not found in the traditional Internet. As the current state-of-the-art misses critical features, we propose Middlebox-aware DTLS (Madtls), a middlebox-aware end-to-end security protocol specifically tailored to the needs of industrial networks. Madtls provides bit-level read and write access control of middleboxes to communicated data with minimal bandwidth and processing overhead, even on constrained hardware.
△ Less
Submitted 15 December, 2023;
originally announced December 2023.
-
SoK: Evaluations in Industrial Intrusion Detection Research
Authors:
Olav Lamberts,
Konrad Wolsing,
Eric Wagner,
Jan Pennekamp,
Jan Bauer,
Klaus Wehrle,
Martin Henze
Abstract:
Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This…
▽ More
Industrial systems are increasingly threatened by cyberattacks with potentially disastrous consequences. To counter such attacks, industrial intrusion detection systems strive to timely uncover even the most sophisticated breaches. Due to its criticality for society, this fast-growing field attracts researchers from diverse backgrounds, resulting in 130 new detection approaches in 2021 alone. This huge momentum facilitates the exploration of diverse promising paths but likewise risks fragmenting the research landscape and burying promising progress. Consequently, it needs sound and comprehensible evaluations to mitigate this risk and catalyze efforts into sustainable scientific progress with real-world applicability. In this paper, we therefore systematically analyze the evaluation methodologies of this field to understand the current state of industrial intrusion detection research. Our analysis of 609 publications shows that the rapid growth of this research field has positive and negative consequences. While we observe an increased use of public datasets, publications still only evaluate 1.3 datasets on average, and frequently used benchmarking metrics are ambiguous. At the same time, the adoption of newly developed benchmarking metrics sees little advancement. Finally, our systematic analysis enables us to provide actionable recommendations for all actors involved and thus bring the entire research field forward.
△ Less
Submitted 6 November, 2023;
originally announced November 2023.
-
Reputation Systems for Supply Chains: The Challenge of Achieving Privacy Preservation
Authors:
Lennart Bader,
Jan Pennekamp,
Emildeon Thevaraj,
Maria Spiß,
Salil S. Kanhere,
Klaus Wehrle
Abstract:
Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volat…
▽ More
Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volatile supply chain networks introduce, (2) give an overview of the diverse landscape of privacy-preserving reputation systems and their properties, and (3) based on well-established concepts from supply chain information systems and cryptography, we further propose an initial concept that accounts for the aforementioned challenges by utilizing fully homomorphic encryption. For future work, we identify the need of evaluating whether novel systems address the supply chain-specific privacy and confidentiality needs.
△ Less
Submitted 2 November, 2023;
originally announced November 2023.
-
Does It Spin? On the Adoption and Use of QUIC's Spin Bit
Authors:
Ike Kunze,
Constantin Sander,
Klaus Wehrle
Abstract:
Encrypted QUIC traffic complicates network management as traditional transport layer semantics can no longer be used for RTT or packet loss measurements. Addressing this challenge, QUIC includes an optional, carefully designed mechanism: the spin bit. While its capabilities have already been studied in test settings, its real-world usefulness and adoption are unknown. In this paper, we thus invest…
▽ More
Encrypted QUIC traffic complicates network management as traditional transport layer semantics can no longer be used for RTT or packet loss measurements. Addressing this challenge, QUIC includes an optional, carefully designed mechanism: the spin bit. While its capabilities have already been studied in test settings, its real-world usefulness and adoption are unknown. In this paper, we thus investigate the spin bit's deployment and utility on the web.
Analyzing our long-term measurements of more than 200M domains, we find that the spin bit is enabled on ~10% of those with QUIC support and for ~50% / 60% of the underlying IPv4 / IPv6 hosts. The support is mainly driven by medium-sized cloud providers while most hyperscalers do not implement it. Assessing the utility of spin bit RTT measurements, the theoretical issue of reordering does not significantly manifest in our study and the spin bit provides accurate estimates for around 30.5% of connections using the mechanism, but drastically overestimates the RTT for another 51.7%. Overall, we conclude that the spin bit, even though an optional feature, indeed sees use in the wild and is able to provide reasonable RTT estimates for a solid share of QUIC connections, but requires solutions for making its measurements more robust.
△ Less
Submitted 4 October, 2023;
originally announced October 2023.
-
ECN with QUIC: Challenges in the Wild
Authors:
Constantin Sander,
Ike Kunze,
Leo Blöcher,
Mike Kosek,
Klaus Wehrle
Abstract:
TCP and QUIC can both leverage ECN to avoid congestion loss and its retransmission overhead. However, both protocols require support of their remote endpoints and it took two decades since the initial standardization of ECN for TCP to reach 80% ECN support and more in the wild. In contrast, the QUIC standard mandates ECN support, but there are notable ambiguities that make it unclear if and how EC…
▽ More
TCP and QUIC can both leverage ECN to avoid congestion loss and its retransmission overhead. However, both protocols require support of their remote endpoints and it took two decades since the initial standardization of ECN for TCP to reach 80% ECN support and more in the wild. In contrast, the QUIC standard mandates ECN support, but there are notable ambiguities that make it unclear if and how ECN can actually be used with QUIC on the Internet. Hence, in this paper, we analyze ECN support with QUIC in the wild: We conduct repeated measurements on more than 180M domains to identify HTTP/3 websites and analyze the underlying QUIC connections w.r.t. ECN support. We only find 20% of QUIC hosts, providing 6% of HTTP/3 websites, to mirror client ECN codepoints. Yet, mirroring ECN is only half of what is required for ECN with QUIC, as QUIC validates mirrored ECN codepoints to detect network impairments: We observe that less than 2% of QUIC hosts, providing less than 0.3% of HTTP/3 websites, pass this validation. We identify possible root causes in content providers not supporting ECN via QUIC and network impairments hindering ECN. We thus also characterize ECN with QUIC distributedly to traverse other paths and discuss our results w.r.t. QUIC and ECN innovations beyond QUIC.
△ Less
Submitted 25 September, 2023;
originally announced September 2023.
-
Poster: Accountable Processing of Reported Street Problems
Authors:
Roman Matzutt,
Jan Pennekamp,
Klaus Wehrle
Abstract:
Municipalities increasingly depend on citizens to file digital reports about issues such as potholes or illegal trash dumps to improve their response time. However, the responsible authorities may be incentivized to ignore certain reports, e.g., when addressing them inflicts high costs. In this work, we explore the applicability of blockchain technology to hold authorities accountable regarding fi…
▽ More
Municipalities increasingly depend on citizens to file digital reports about issues such as potholes or illegal trash dumps to improve their response time. However, the responsible authorities may be incentivized to ignore certain reports, e.g., when addressing them inflicts high costs. In this work, we explore the applicability of blockchain technology to hold authorities accountable regarding filed reports. Our initial assessment indicates that our approach can be extended to benefit citizens and authorities in the future.
△ Less
Submitted 24 September, 2023; v1 submitted 20 September, 2023;
originally announced September 2023.
-
Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact
Authors:
Markus Dahlmanns,
Constantin Sander,
Robin Decker,
Klaus Wehrle
Abstract:
Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets-either by mistake or out of negligence. This leakage impairs the creator's security…
▽ More
Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets-either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear.
In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.
△ Less
Submitted 8 July, 2023;
originally announced July 2023.
-
Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead
Authors:
Jan Pennekamp,
Anastasiia Belova,
Thomas Bergs,
Matthias Bodenbenner,
Andreas Bührig-Polaczek,
Markus Dahlmanns,
Ike Kunze,
Moritz Kröger,
Sandra Geisler,
Martin Henze,
Daniel Lütticke,
Benjamin Montavon,
Philipp Niemietz,
Lucia Ortjohann,
Maximilian Rudack,
Robert H. Schmitt,
Uwe Vroomen,
Klaus Wehrle,
Michael Zeng
Abstract:
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today's production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspec…
▽ More
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today's production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today's production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.
△ Less
Submitted 17 May, 2023;
originally announced May 2023.
-
Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things
Authors:
Markus Dahlmanns,
Johannes Lohmöller,
Jan Pennekamp,
Jörn Bodenhausen,
Klaus Wehrle,
Martin Henze
Abstract:
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed t…
▽ More
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space.
Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2% vs. 0.4%), the overall adoption of TLS is comparably low (6.5% of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42% of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.
△ Less
Submitted 1 June, 2022;
originally announced June 2022.
-
Scalable and Privacy-Focused Company-Centric Supply Chain Management
Authors:
Eric Wagner,
Roman Matzutt,
Jan Pennekamp,
Lennart Bader,
Irakli Bajelidze,
Klaus Wehrle,
Martin Henze
Abstract:
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCCh…
▽ More
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.
△ Less
Submitted 22 May, 2022;
originally announced May 2022.
-
BP-MAC: Fast Authentication for Short Messages
Authors:
Eric Wagner,
Martin Serror,
Klaus Wehrle,
Martin Henze
Abstract:
Resource-constrained devices increasingly rely on wireless communication for the reliable and low-latency transmission of short messages. However, especially the implementation of adequate integrity protection of time-critical messages places a significant burden on these devices. We address this issue by proposing BP-MAC, a fast and memory-efficient approach for computing message authentication c…
▽ More
Resource-constrained devices increasingly rely on wireless communication for the reliable and low-latency transmission of short messages. However, especially the implementation of adequate integrity protection of time-critical messages places a significant burden on these devices. We address this issue by proposing BP-MAC, a fast and memory-efficient approach for computing message authentication codes based on the well-established Carter-Wegman construction. Our key idea is to offload resource-intensive computations to idle phases and thus save valuable time in latency-critical phases, i.e., when new data awaits processing. Therefore, BP-MAC leverages a universal hash function designed for the bitwise preprocessing of integrity protection to later only require a few XOR operations during the latency-critical phase. Our evaluation on embedded hardware shows that BP-MAC outperforms the state-of-the-art in terms of latency and memory overhead, notably for small messages, as required to adequately protect resource-constrained devices with stringent security and latency requirements.
△ Less
Submitted 19 May, 2022;
originally announced May 2022.
-
A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection
Authors:
Dominik Kus,
Eric Wagner,
Jan Pennekamp,
Konrad Wolsing,
Ina Berenice Fink,
Markus Dahlmanns,
Klaus Wehrle,
Martin Henze
Abstract:
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations.As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99%. However, these approac…
▽ More
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations.As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving detection rates upwards of 99%. However, these approaches are typically trained not only on benign traffic but also on attacks and then evaluated against the same type of attack used for training. Hence, their actual, real-world performance on unknown (not trained on) attacks remains unclear. In turn, the reported near-perfect detection rates of machine learning-based intrusion detection might create a false sense of security. To assess this situation and clarify the real potential of machine learning-based industrial intrusion detection, we develop an evaluation methodology and examine multiple approaches from literature for their performance on unknown attacks (excluded from training). Our results highlight an ineffectiveness in detecting unknown attacks, with detection rates drop** to between 3.2% and 14.7% for some types of attacks. Moving forward, we derive recommendations for further research on machine learning-based approaches to ensure clarity on their ability to detect unknown attacks.
△ Less
Submitted 18 May, 2022;
originally announced May 2022.
-
Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use
Authors:
Jan Pennekamp,
Erik Buchholz,
Markus Dahlmanns,
Ike Kunze,
Stefan Braun,
Eric Wagner,
Matthias Brockmann,
Klaus Wehrle,
Martin Henze
Abstract:
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative resear…
▽ More
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research.
△ Less
Submitted 21 December, 2021;
originally announced December 2021.
-
Tracking the QUIC Spin Bit on Tofino
Authors:
Ike Kunze,
Constantin Sander,
Klaus Wehrle,
Jan Rüth
Abstract:
QUIC offers security and privacy for modern web traffic by closely integrating encryption into its transport functionality. In this process, it hides transport layer information often used for network monitoring, thus obsoleting traditional measurement concepts. To still enable passive RTT estimations, QUIC introduces a dedicated measurement bit - the spin bit. While simple in its design, tracking…
▽ More
QUIC offers security and privacy for modern web traffic by closely integrating encryption into its transport functionality. In this process, it hides transport layer information often used for network monitoring, thus obsoleting traditional measurement concepts. To still enable passive RTT estimations, QUIC introduces a dedicated measurement bit - the spin bit. While simple in its design, tracking the spin bit at line-rate can become challenging for software-based solutions. Dedicated hardware trackers are also unsuitable as the spin bit is not invariant and can change in the future. Thus, this paper investigates whether P4-programmable hardware, such as the Intel Tofino, can effectively track the spin bit at line-rate. We find that the core functionality of the spin bit can be realized easily, and our prototype has an accuracy close to software-based trackers. Our prototype further protects against faulty measurements caused by reordering and prepares the data according to the needs of network operators, e.g., by classifying samples into pre-defined RTT classes. Still, distinct concepts in QUIC, such as its connection ID, are challenging with current hardware capabilities.
△ Less
Submitted 6 December, 2021;
originally announced December 2021.
-
CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively
Authors:
Roman Matzutt,
Benedikt Kalde,
Jan Pennekamp,
Arthur Drichel,
Martin Henze,
Klaus Wehrle
Abstract:
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrap** processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme wit…
▽ More
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrap** processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.
△ Less
Submitted 26 November, 2021;
originally announced November 2021.
-
Challenges and Opportunities in Securing the Industrial Internet of Things
Authors:
Martin Serror,
Sacha Hack,
Martin Henze,
Marko Schuba,
Klaus Wehrle
Abstract:
Given the tremendous success of the Internet of Things in interconnecting consumer devices, we observe a natural trend to likewise interconnect devices in industrial settings, referred to as Industrial Internet of Things or Industry 4.0. While this coupling of industrial components provides many benefits, it also introduces serious security challenges. Although sharing many similarities with the c…
▽ More
Given the tremendous success of the Internet of Things in interconnecting consumer devices, we observe a natural trend to likewise interconnect devices in industrial settings, referred to as Industrial Internet of Things or Industry 4.0. While this coupling of industrial components provides many benefits, it also introduces serious security challenges. Although sharing many similarities with the consumer Internet of Things, securing the Industrial Internet of Things introduces its own challenges but also opportunities, mainly resulting from a longer lifetime of components and a larger scale of networks. In this paper, we identify the unique security goals and challenges of the Industrial Internet of Things, which, unlike consumer deployments, mainly follow from safety and productivity requirements. To address these security goals and challenges, we provide a comprehensive survey of research efforts to secure the Industrial Internet of Things, discuss their applicability, and analyze their security benefits.
△ Less
Submitted 23 November, 2021;
originally announced November 2021.
-
Sharding and HTTP/2 Connection Reuse Revisited: Why Are There Still Redundant Connections?
Authors:
Constantin Sander,
Leo Blöcher,
Klaus Wehrle,
Jan Rüth
Abstract:
HTTP/2 and HTTP/3 avoid concurrent connections but instead multiplex requests over a single connection. Besides enabling new features, this reduces overhead and enables fair bandwidth sharing. Redundant connections should hence be a story of the past with HTTP/2. However, they still exist, potentially hindering innovation and performance. Thus, we measure their spread and analyze their causes in t…
▽ More
HTTP/2 and HTTP/3 avoid concurrent connections but instead multiplex requests over a single connection. Besides enabling new features, this reduces overhead and enables fair bandwidth sharing. Redundant connections should hence be a story of the past with HTTP/2. However, they still exist, potentially hindering innovation and performance. Thus, we measure their spread and analyze their causes in this paper. We find that 36% - 72% of the 6.24M HTTP Archive and 78% of the Alexa Top 100k websites cause Chromium-based webbrowsers to open superfluous connections. We mainly attribute these to domain sharding, despite HTTP/2 efforts to revert it, and DNS load balancing, but also the Fetch Standard.
△ Less
Submitted 27 October, 2021;
originally announced October 2021.
-
Video Conferencing and Flow-Rate Fairness: A First Look at Zoom and the Impact of Flow-Queuing AQM
Authors:
Constantin Sander,
Ike Kunze,
Klaus Wehrle,
Jan Rüth
Abstract:
Congestion control is essential for the stability of the Internet and the corresponding algorithms are commonly evaluated for interoperability based on flow-rate fairness. In contrast, video conferencing software such as Zoom uses custom congestion control algorithms whose fairness behavior is mostly unknown. Aggravatingly, video conferencing has recently seen a drastic increase in use - partly ca…
▽ More
Congestion control is essential for the stability of the Internet and the corresponding algorithms are commonly evaluated for interoperability based on flow-rate fairness. In contrast, video conferencing software such as Zoom uses custom congestion control algorithms whose fairness behavior is mostly unknown. Aggravatingly, video conferencing has recently seen a drastic increase in use - partly caused by the COVID-19 pandemic - and could hence negatively affect how available Internet resources are shared. In this paper, we thus investigate the flow-rate fairness of video conferencing congestion control at the example of Zoom and influences of deploying AQM. We find that Zoom is slow to react to bandwidth changes and uses two to three times the bandwidth of TCP in low-bandwidth scenarios. Moreover, also when competing with delay aware congestion control such as BBR, we see high queuing delays. AQM reduces these queuing delays and can equalize the bandwidth use when used with flow-queuing. However, it then introduces high packet loss for Zoom, leaving the question how delay and loss affect Zoom's QoE. We hence show a preliminary user study in the appendix which indicates that the QoE is at least not improved and should be studied further.
△ Less
Submitted 2 July, 2021;
originally announced July 2021.
-
L, Q, R, and T -- Which Spin Bit Cousin Is Here to Stay?
Authors:
Ike Kunze,
Klaus Wehrle,
Jan Rüth
Abstract:
Network operators utilize traffic monitoring to locate and fix faults or performance bottlenecks. This often relies on intrinsic protocol semantics, e.g., sequence numbers, that many protocols share implicitly through their packet headers. The arrival of (almost) fully encrypted transport protocols, such as QUIC, significantly complicates this monitoring as header data is no longer visible to pass…
▽ More
Network operators utilize traffic monitoring to locate and fix faults or performance bottlenecks. This often relies on intrinsic protocol semantics, e.g., sequence numbers, that many protocols share implicitly through their packet headers. The arrival of (almost) fully encrypted transport protocols, such as QUIC, significantly complicates this monitoring as header data is no longer visible to passive observers. Recognizing this challenge, QUIC offers explicit measurement semantics by exposing the spin bit to measure a flow's RTT. Ongoing efforts in the IETF IPPM working group argue to expose further information and enable the passive quantification of packet loss. This work implements and evaluates four currently proposed measurement techniques (L-, Q-, R-, and T-bit). We find that all techniques generally provide accurate loss estimations, but that longer algorithmic intervals for Q and R, yet foremost for T, complicate detecting very small loss rates or loss on short connections. Deployment combinations of Q & R as well as Q & L, thus, have the best potential for accurately gras** the loss in networks.
△ Less
Submitted 25 June, 2021;
originally announced June 2021.
-
Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments
Authors:
Markus Dahlmanns,
Johannes Lohmöller,
Ina Berenice Fink,
Jan Pennekamp,
Klaus Wehrle,
Martin Henze
Abstract:
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are confi…
▽ More
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.
△ Less
Submitted 26 October, 2020;
originally announced October 2020.
-
Symbolic Partial-Order Execution for Testing Multi-Threaded Programs
Authors:
Daniel Schemmel,
Julian Büning,
César Rodríguez,
David Laprell,
Klaus Wehrle
Abstract:
We describe a technique for systematic testing of multi-threaded programs. We combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique that tackles path explosion due to interleaving non-determinism, with symbolic execution to handle data non-determinism. Our technique iteratively and exhaustively finds all executions of the program. It represents program executions using partia…
▽ More
We describe a technique for systematic testing of multi-threaded programs. We combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique that tackles path explosion due to interleaving non-determinism, with symbolic execution to handle data non-determinism. Our technique iteratively and exhaustively finds all executions of the program. It represents program executions using partial orders and finds the next execution using an underlying unfolding semantics. We avoid the exploration of redundant program traces using cutoff events. We implemented our technique as an extension of KLEE and evaluated it on a set of large multi-threaded C programs. Our experiments found several previously undiscovered bugs and undefined behaviors in memcached and GNU sort, showing that the new method is capable of finding bugs in industrial-size benchmarks.
△ Less
Submitted 22 July, 2020; v1 submitted 13 May, 2020;
originally announced May 2020.
-
How to Securely Prune Bitcoin's Blockchain
Authors:
Roman Matzutt,
Benedikt Kalde,
Jan Pennekamp,
Arthur Drichel,
Martin Henze,
Klaus Wehrle
Abstract:
Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such…
▽ More
Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices.
△ Less
Submitted 15 April, 2020;
originally announced April 2020.
-
Utilizing Public Blockchains for the Sybil-Resistant Bootstrap** of Distributed Anonymity Services
Authors:
Roman Matzutt,
Jan Pennekamp,
Erik Buchholz,
Klaus Wehrle
Abstract:
Distributed anonymity services, such as onion routing networks or cryptocurrency tumblers, promise privacy protection without trusted third parties. While the security of these services is often well-researched, security implications of their required bootstrap** processes are usually neglected: Users either jointly conduct the anonymization themselves, or they need to rely on a set of non-collu…
▽ More
Distributed anonymity services, such as onion routing networks or cryptocurrency tumblers, promise privacy protection without trusted third parties. While the security of these services is often well-researched, security implications of their required bootstrap** processes are usually neglected: Users either jointly conduct the anonymization themselves, or they need to rely on a set of non-colluding privacy peers. However, the typically small number of privacy peers enable single adversaries to mimic distributed services. We thus present AnonBoot, a Sybil-resistant medium to securely bootstrap distributed anonymity services via public blockchains. AnonBoot enforces that peers periodically create a small proof of work to refresh their eligibility for providing secure anonymity services. A pseudo-random, locally replicable bootstrap** process using on-chain entropy then prevents biasing the election of eligible peers. Our evaluation using Bitcoin as AnonBoot's underlying blockchain shows its feasibility to maintain a trustworthy repository of 1000 peers with only a small storage footprint while supporting arbitrarily large user bases on top of most blockchains.
△ Less
Submitted 21 April, 2020; v1 submitted 14 April, 2020;
originally announced April 2020.
-
Putting Privacy into Perspective -- Comparing Technical, Legal, and Users' View of Data Sensitivity
Authors:
Eva-Maria Schomakers,
Chantal Lidynia,
Dirk Müllmann,
Roman Matzutt,
Klaus Wehrle,
Indra Spiecker gen. Döhmann,
Martina Ziefle
Abstract:
Web 2.0, social media, cloud computing, and IoT easily connect people around the globe, overcoming time and space barriers, and offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for protecting users' privacy. From the user perspective, data disclosure depends, in part, on the perceived sensitivity of that data, and thus on a…
▽ More
Web 2.0, social media, cloud computing, and IoT easily connect people around the globe, overcoming time and space barriers, and offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for protecting users' privacy. From the user perspective, data disclosure depends, in part, on the perceived sensitivity of that data, and thus on a risk assessment of data disclosure. But in light of the new technological opportunities to process and combine data, it is questionable whether users are able to adequately evaluate the risks of data disclosures. As mediating authority, data protection laws try to protect user data, granting enhanced protection to 'special categories' of data. In this publication, the legal, technological, and user perspectives on data sensitivity are presented and compared. From a technological perspective, all data can be referred to as 'potentially sensitive.' The legal and user perspective on data sensitivity deviate as some data types are granted special protection by the law but are not perceived as very sensitive by the users, and vice versa. Merging the three perspectives, the implications for informational self-determination are discussed.
△ Less
Submitted 15 November, 2019;
originally announced November 2019.
-
Perceiving QUIC: Do Users Notice or Even Care?
Authors:
Jan Rüth,
Konrad Wolsing,
Klaus Wehrle,
Oliver Hohlfeld
Abstract:
QUIC, as the foundation for HTTP/3, is becoming an Internet reality. A plethora of studies already show that QUIC excels beyond TCP+TLS+HTTP/2. Yet, these studies compare a highly optimized QUIC Web stack against an unoptimized TCP-based stack. In this paper, we bring TCP up to speed to perform an eye-level comparison. Instead of relying on technical metrics, we perform two extensive user studies…
▽ More
QUIC, as the foundation for HTTP/3, is becoming an Internet reality. A plethora of studies already show that QUIC excels beyond TCP+TLS+HTTP/2. Yet, these studies compare a highly optimized QUIC Web stack against an unoptimized TCP-based stack. In this paper, we bring TCP up to speed to perform an eye-level comparison. Instead of relying on technical metrics, we perform two extensive user studies to investigate QUIC's impact on the quality of experience. First, we investigate if users can distinguish two protocol versions in a direct comparison, and we find that QUIC is indeed rated faster than TCP and even a tuned TCP. Yet, our second study shows that this perceived performance increase does mostly not matter to the users, and they rate QUIC and TCP indistinguishable.
△ Less
Submitted 17 October, 2019;
originally announced October 2019.
-
DeePCCI: Deep Learning-based Passive Congestion Control Identification
Authors:
Constantin Sander,
Jan Rüth,
Oliver Hohlfeld,
Klaus Wehrle
Abstract:
Transport protocols use congestion control to avoid overloading a network. Nowadays, different congestion control variants exist that influence performance. Studying their use is thus relevant, but it is hard to identify which variant is used. While passive identification approaches exist, these require detailed domain knowledge and often also rely on outdated assumptions about how congestion cont…
▽ More
Transport protocols use congestion control to avoid overloading a network. Nowadays, different congestion control variants exist that influence performance. Studying their use is thus relevant, but it is hard to identify which variant is used. While passive identification approaches exist, these require detailed domain knowledge and often also rely on outdated assumptions about how congestion control operates and what data is accessible. We present DeePCCI, a passive, deep learning-based congestion control identification approach which does not need any domain knowledge other than training traffic of a congestion control variant. By only using packet arrival data, it is also directly applicable to encrypted (transport header) traffic. DeePCCI is therefore more easily extendable and can also be used with QUIC.
△ Less
Submitted 4 July, 2019;
originally announced July 2019.
-
A Performance Perspective on Web Optimized Protocol Stacks: TCP+TLS+HTTP/2 vs. QUIC
Authors:
Konrad Wolsing,
Jan Rüth,
Klaus Wehrle,
Oliver Hohlfeld
Abstract:
Existing performance comparisons of QUIC and TCP compared an optimized QUIC to an unoptimized TCP stack. By neglecting available TCP improvements inherently included in QUIC, comparisons do not shed light on the performance of current web stacks. In this paper, we can show that tuning TCP parameters is not negligible and directly yields significant improvements. Nevertheless, QUIC still outperform…
▽ More
Existing performance comparisons of QUIC and TCP compared an optimized QUIC to an unoptimized TCP stack. By neglecting available TCP improvements inherently included in QUIC, comparisons do not shed light on the performance of current web stacks. In this paper, we can show that tuning TCP parameters is not negligible and directly yields significant improvements. Nevertheless, QUIC still outperforms even our tuned variant of TCP. This performance advantage is mostly caused by QUIC's reduced RTT design during connection establishment, and, in case of lossy networks due to its ability to circumvent head-of-line blocking.
△ Less
Submitted 18 June, 2019;
originally announced June 2019.
-
Blitz-starting QUIC Connections
Authors:
Jan Rüth,
Konrad Wolsing,
Martin Serror,
Klaus Wehrle,
Oliver Hohlfeld
Abstract:
In this paper, we revisit the idea to remove Slow Start from congestion control. To do so, we build upon the newly gained freedom of transport protocol extendability offered by QUIC to hint bandwidth estimates from a typical web client to a server. Using this bandwidth estimate, we bootstrap congestion windows of new connections to quickly utilize available bandwidth. This custom flow initializati…
▽ More
In this paper, we revisit the idea to remove Slow Start from congestion control. To do so, we build upon the newly gained freedom of transport protocol extendability offered by QUIC to hint bandwidth estimates from a typical web client to a server. Using this bandwidth estimate, we bootstrap congestion windows of new connections to quickly utilize available bandwidth. This custom flow initialization removes the common early exit of Slow Start and thus fuels short flow fairness with long-running connections. Our results indicate that we can drastically reduce flow completion time accepting some losses and thereby an inflated transmission volume. For example, for a typical DSL client, loading a 2 MB YouTube video chunk is accelerated by nearly 2x. In the worst case, we find an inflation of the transfer volume by 12% due to losses.
△ Less
Submitted 8 May, 2019;
originally announced May 2019.
-
Application-Agnostic Offloading of Packet Processing
Authors:
Oliver Hohlfeld,
Helge Reelfs,
Jan Rüth,
Florian Schmidt,
Torsten Zimmermann,
Jens Hiller,
Klaus Wehrle
Abstract:
As network speed increases, servers struggle to serve all requests directed at them. This challenge is rooted in a partitioned data path where the split between the kernel space networking stack and user space applications induces overheads. To address this challenge, we propose Santa, a new architecture to optimize the data path by enabling server applications to partially offload packet processi…
▽ More
As network speed increases, servers struggle to serve all requests directed at them. This challenge is rooted in a partitioned data path where the split between the kernel space networking stack and user space applications induces overheads. To address this challenge, we propose Santa, a new architecture to optimize the data path by enabling server applications to partially offload packet processing to a generic rule processor. We exemplify Santa by showing how it can drastically accelerate kernel-based packet processing - a currently neglected domain. Our evaluation of a broad class of applications, namely DNS, Memcached, and HTTP, highlights that Santa can substantially improve the server performance by a factor of 5.5, 2.1, and 2.5, respectively.
△ Less
Submitted 1 April, 2019;
originally announced April 2019.
-
The Dagstuhl Beginners Guide to Reproducibility for Experimental Networking Research
Authors:
Vaibhav Bajpai,
Anna Brunstrom,
Anja Feldmann,
Wolfgang Kellerer,
Aiko Pras,
Henning Schulzrinne,
Georgios Smaragdakis,
Matthias Wählisch,
Klaus Wehrle
Abstract:
Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.
Reproducibility is one of the key characteristics of good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice to researchers, particularly those new to the field, on designing experiments so that their work is more likely to be reproducible and to serve as a foundation for follow-on work by others.
△ Less
Submitted 12 January, 2019;
originally announced February 2019.
-
Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution
Authors:
Felix Rath,
Daniel Schemmel,
Klaus Wehrle
Abstract:
The main reason for the standardization of network protocols, like QUIC, is to ensure interoperability between implementations, which poses a challenging task. Manual tests are currently used to test the different existing implementations for interoperability, but given the complex nature of network protocols, it is hard to cover all possible edge cases.
State-of-the-art automated software testi…
▽ More
The main reason for the standardization of network protocols, like QUIC, is to ensure interoperability between implementations, which poses a challenging task. Manual tests are currently used to test the different existing implementations for interoperability, but given the complex nature of network protocols, it is hard to cover all possible edge cases.
State-of-the-art automated software testing techniques, such as Symbolic Execution (SymEx), have proven themselves capable of analyzing complex real-world software and finding hard to detect bugs. We present a SymEx-based method for finding interoperability issues in QUIC implementations, and explore its merit in a case study that analyzes the interoperability of picoquic and QUANT. We find that, while SymEx is able to analyze deep interactions between different implementations and uncovers several bugs, in order to enable efficient interoperability testing, implementations need to provide additional information about their current protocol state.
△ Less
Submitted 29 November, 2018;
originally announced November 2018.
-
Is the Web ready for HTTP/2 Server Push?
Authors:
Torsten Zimmermann,
Benedikt Wolters,
Oliver Hohlfeld,
Klaus Wehrle
Abstract:
HTTP/2 supersedes HTTP/1.1 to tackle the performance challenges of the modern Web. A highly anticipated feature is Server Push, enabling servers to send data without explicit client requests, thus potentially saving time. Although guidelines on how to use Server Push emerged, measurements have shown that it can easily be used in a suboptimal way and hurt instead of improving performance. We thus t…
▽ More
HTTP/2 supersedes HTTP/1.1 to tackle the performance challenges of the modern Web. A highly anticipated feature is Server Push, enabling servers to send data without explicit client requests, thus potentially saving time. Although guidelines on how to use Server Push emerged, measurements have shown that it can easily be used in a suboptimal way and hurt instead of improving performance. We thus tackle the question if the current Web can make better use of Server Push. First, we enable real-world websites to be replayed in a testbed to study the effects of different Server Push strategies. Using this, we next revisit proposed guidelines to grasp their performance impact. Finally, based on our results, we propose a novel strategy using an alternative server scheduler that enables to interleave resources. This improves the visual progress for some websites, with minor modifications to the deployment. Still, our results highlight the limits of Server Push: a deep understanding of web engineering is required to make optimal use of it, and not every site will benefit.
△ Less
Submitted 12 October, 2018;
originally announced October 2018.
-
Complying with Data Handling Requirements in Cloud Storage Systems
Authors:
Martin Henze,
Roman Matzutt,
Jens Hiller,
Erik Mühmer,
Jan Henrik Ziegeldorf,
Johannes van der Giet,
Klaus Wehrle
Abstract:
In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today's cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and priva…
▽ More
In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today's cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present PRADA, a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, PRADA introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement PRADA on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage.
△ Less
Submitted 7 June, 2020; v1 submitted 29 June, 2018;
originally announced June 2018.
-
The SensorCloud Protocol: Securely Outsourcing Sensor Data to the Cloud
Authors:
Martin Henze,
René Hummen,
Roman Matzutt,
Klaus Wehrle
Abstract:
The increasing deployment of sensor networks, ranging from home networks to industrial automation, leads to a similarly growing demand for storing and processing the collected sensor data. To satisfy this demand, the most promising approach to date is the utilization of the dynamically scalable, on-demand resources made available via the cloud computing paradigm. However, prevalent security and pr…
▽ More
The increasing deployment of sensor networks, ranging from home networks to industrial automation, leads to a similarly growing demand for storing and processing the collected sensor data. To satisfy this demand, the most promising approach to date is the utilization of the dynamically scalable, on-demand resources made available via the cloud computing paradigm. However, prevalent security and privacy concerns are a huge obstacle for the outsourcing of sensor data to the cloud. Hence, sensor data needs to be secured properly before it can be outsourced to the cloud. When securing the outsourcing of sensor data to the cloud, one important challenge lies in the representation of sensor data and the choice of security measures applied to it. In this paper, we present the SensorCloud protocol, which enables the representation of sensor data and actuator commands using JSON as well as the encoding of the object security mechanisms applied to a given sensor data item. Notably, we solely utilize mechanisms that have been or currently are in the process of being standardized at the IETF to aid the wide applicability of our approach.
△ Less
Submitted 12 July, 2016;
originally announced July 2016.
-
Finite Blocklength Performance of Multi-Terminal Wireless Industrial Networks
Authors:
Yulin Hu,
Martin Serror,
Klaus Wehrle,
James Gross
Abstract:
This work focuses on the performance of multi-terminal wireless industrial networks, where the transmissions of all terminals are required to be scheduled within a tight deadline. The transmissions thus share a fixed amount of resources, i.e., symbols, while facing short blocklengths due to the low-latency requirement. We investigate two distinct relaying strategies, namely best relay selection am…
▽ More
This work focuses on the performance of multi-terminal wireless industrial networks, where the transmissions of all terminals are required to be scheduled within a tight deadline. The transmissions thus share a fixed amount of resources, i.e., symbols, while facing short blocklengths due to the low-latency requirement. We investigate two distinct relaying strategies, namely best relay selection among the participating terminals and best antenna selection at the access point of the network. In both schemes, we incorporate the cost of acquiring instantaneous Channel State Information (CSI) at the access point within the transmission deadline. An error probability model is developed under the finite blocklength regime to provide accurate performance results. As a reference, this model is compared to the corresponding infinite bocklength error model. Both analytical models are validated by simulation. We show that the average Packet Error Rate (PER) over all terminals is convex in the target error probability at each single link. Moreover, we find that: (i) The reliability behavior is different for the two strategies, while the limiting factors are both finite blocklengths and overhead of acquiring CSI. (ii) With the same order of diversity, best antenna selection is more reliable than best relay selection. (iii) The average PER is increasing in the number of participating terminals unless the terminals also act as relay candidates. In particular, if each participating terminal is a candidate for best relay selection, the PER is convex in the number of terminals.
△ Less
Submitted 28 June, 2016;
originally announced June 2016.
-
Privacy in the Internet of Things: Threats and Challenges
Authors:
Jan Henrik Ziegeldorf,
Oscar Garcia Morchon,
Klaus Wehrle
Abstract:
The Internet of Things paradigm envisions the pervasive interconnection and cooperation of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to cover the real-world, enabling many new services that will improve people's everyday lives, spawn new businesses and make buildings, cities and transport smarter. Smart things a…
▽ More
The Internet of Things paradigm envisions the pervasive interconnection and cooperation of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to cover the real-world, enabling many new services that will improve people's everyday lives, spawn new businesses and make buildings, cities and transport smarter. Smart things allow indeed for ubiquitous data collection or tracking, but these useful features are also examples of privacy threats that are already now limiting the success of the Internet of Things vision when not implemented correctly. These threats involve new challenges such as the pervasive privacy-aware management of personal data or methods to control or avoid ubiquitous tracking and profiling. This paper analyzes the privacy issues in the Internet of Things in detail. To this end, we first discuss the evolving features and trends in the Internet of Things with the goal of scrutinizing their privacy implications. Second, we classify and examine privacy threats in this new setting, pointing out the challenges that need to be overcome to ensure that the Internet of Things becomes a reality.
△ Less
Submitted 28 May, 2015;
originally announced May 2015.
-
User-driven Privacy Enforcement for Cloud-based Services in the Internet of Things
Authors:
Martin Henze,
Lars Hermerschmidt,
Daniel Kerpen,
Roger Häußling,
Bernhard Rumpe,
Klaus Wehrle
Abstract:
Internet of Things devices are envisioned to penetrate essentially all aspects of life, including homes and urbanspaces, in use cases such as health care, assisted living, and smart cities. One often proposed solution for dealing with the massive amount of data collected by these devices and offering services on top of them is the federation of the Internet of Things and cloud computing. However,…
▽ More
Internet of Things devices are envisioned to penetrate essentially all aspects of life, including homes and urbanspaces, in use cases such as health care, assisted living, and smart cities. One often proposed solution for dealing with the massive amount of data collected by these devices and offering services on top of them is the federation of the Internet of Things and cloud computing. However, user acceptance of such systems is a critical factor that hinders the adoption of this promising approach due to severe privacy concerns. We present UPECSI, an approach for user-driven privacy enforcement for cloud-based services in the Internet of Things to address this critical factor. UPECSI enables enforcement of all privacy requirements of the user once her sensitive data leaves the border of her network, provides a novel approach for the integration of privacy functionality into the development process of cloud-based services, and offers the user an adaptable and transparent configuration of her privacy requirements. Hence, UPECSI demonstrates an approach for realizing user-accepted cloud services in the Internet of Things.
△ Less
Submitted 9 December, 2014;
originally announced December 2014.
-
HotBox: Testing Temperature Effects in Sensor Networks
Authors:
Florian Schmidt,
Matteo Ceriotti,
Niklas Hauser,
Klaus Wehrle
Abstract:
Low-power wireless networks, especially in outside deployments, are exposed to a wide range of temperatures. The detrimental effect of high temperatures on communication quality is well known. To investigate these influences under controlled conditions, we present HotBox, a solution with the following properties: (1) It allows exposition of sensor motes to a wide range of temperatures with a high…
▽ More
Low-power wireless networks, especially in outside deployments, are exposed to a wide range of temperatures. The detrimental effect of high temperatures on communication quality is well known. To investigate these influences under controlled conditions, we present HotBox, a solution with the following properties: (1) It allows exposition of sensor motes to a wide range of temperatures with a high degree of accuracy. (2) It supports specifying exact spatial orientation of motes which, if not ensured, interferes with repeatable experiment setups. (3) It is reasonably easy to assemble by following the information (code, PCB schematics, hardware list and crafting instructions) available online, facilitating further use of the platforms by other researchers. After presenting HotBox, we will show its performance and prove its feasibility as evaluation platform by conducting several experiments. These experiments additionally provide further insight into the influence of temperature effects on communication performance in low-power wireless networks.
△ Less
Submitted 6 December, 2014;
originally announced December 2014.
-
POSTER: Privacy-preserving Indoor Localization
Authors:
Jan Henrik Ziegeldorf,
Nicolai Viol,
Martin Henze,
Klaus Wehrle
Abstract:
Upcoming WiFi-based localization systems for indoor environments face a conflict of privacy interests: Server-side localization violates location privacy of the users, while localization on the user's device forces the localization provider to disclose the details of the system, e.g., sophisticated classification models. We show how Secure Two-Party Computation can be used to reconcile privacy int…
▽ More
Upcoming WiFi-based localization systems for indoor environments face a conflict of privacy interests: Server-side localization violates location privacy of the users, while localization on the user's device forces the localization provider to disclose the details of the system, e.g., sophisticated classification models. We show how Secure Two-Party Computation can be used to reconcile privacy interests in a state-of-the-art localization system. Our approach provides strong privacy guarantees for all involved parties, while achieving room-level localization accuracy at reasonable overheads.
△ Less
Submitted 13 October, 2014;
originally announced October 2014.
-
Enabling Distributed Simulation of OMNeT++ INET Models
Authors:
Mirko Stoffers,
Ralf Bettermann,
James Gross,
Klaus Wehrle
Abstract:
Parallel and distributed simulation have been extensively researched for a long time. Nevertheless, many simulation models are still executed sequentially. We attribute this to the fact that many of those models are simply not capable of being executed in parallel since they violate particular constraints. In this paper, we analyze the INET model suite, which enables network simulation in OMNeT++,…
▽ More
Parallel and distributed simulation have been extensively researched for a long time. Nevertheless, many simulation models are still executed sequentially. We attribute this to the fact that many of those models are simply not capable of being executed in parallel since they violate particular constraints. In this paper, we analyze the INET model suite, which enables network simulation in OMNeT++, with regard to parallelizability. We uncovered several issues preventing parallel execution of INET models. We analyzed those issues and developed solutions allowing INET models to be run in parallel. A case study shows the feasibility of our approach. Though there are parts of the model suite that we didn't investigate yet and the performance can still be improved, the results show parallelization speedup for most configurations. The source code of our implementation is available through our web site at code.comsys.rwth-aachen.de.
△ Less
Submitted 3 September, 2014;
originally announced September 2014.
-
Support for Error Tolerance in the Real-Time Transport Protocol
Authors:
Florian Schmidt,
David Orlea,
Klaus Wehrle
Abstract:
Streaming applications often tolerate bit errors in their received data well. This is contrasted by the enforcement of correctness of the packet headers and payload by network protocols. We investigate a solution for the Real-time Transport Protocol (RTP) that is tolerant to errors by accepting erroneous data. It passes potentially corrupted stream data payloads to the codecs. If errors occur in t…
▽ More
Streaming applications often tolerate bit errors in their received data well. This is contrasted by the enforcement of correctness of the packet headers and payload by network protocols. We investigate a solution for the Real-time Transport Protocol (RTP) that is tolerant to errors by accepting erroneous data. It passes potentially corrupted stream data payloads to the codecs. If errors occur in the header, our solution recovers from these by leveraging the known state and expected header values for each stream. The solution is fully receiver-based and incrementally deployable, and as such requires neither support from the sender nor changes to the RTP specification. Evaluations show that our header error recovery scheme can recover from almost all errors, with virtually no erroneous recoveries, up to bit error rates of about 10%.
△ Less
Submitted 20 December, 2013;
originally announced December 2013.
-
SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators
Authors:
Michael Eggert,
Roger Häußling,
Martin Henze,
Lars Hermerschmidt,
René Hummen,
Daniel Kerpen,
Antonio Navarro Pérez,
Bernhard Rumpe,
Dirk Thißen,
Klaus Wehrle
Abstract:
Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that…
▽ More
Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.
△ Less
Submitted 25 October, 2013; v1 submitted 24 October, 2013;
originally announced October 2013.