Visible to the public Biblio

Filters: Author is Hommel, Wolfgang  [Clear All Filters]
2022-01-31
Grabatin, Michael, Hommel, Wolfgang.  2021.  Self-sovereign Identity Management in Wireless Ad Hoc Mesh Networks. 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM). :480–486.

Verifying the identity of nodes within a wireless ad hoc mesh network and the authenticity of their messages in sufficiently secure, yet power-efficient ways is a long-standing challenge. This paper shows how the more recent concepts of self-sovereign identity management can be applied to Internet-of-Things mesh networks, using LoRaWAN as an example and applying Sovrin's decentralized identifiers and verifiable credentials in combination with Schnorr signatures for securing the communication with a focus on simplex and broadcast connections. Besides the concept and system architecture, the paper discusses an ESP32-based implementation using SX1276/SX1278 LoRa chips, adaptations made to the lmic- and MbedTLS-based software stack, and practically evaluates performance aspects in terms of data overhead, time-on-air impact, and power consumption.

2020-05-04
Steinke, Michael, Adam, Iris, Hommel, Wolfgang.  2018.  Multi-Tenancy-Capable Correlation of Security Events in 5G Networks. 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). :1–6.
The concept of network slicing in 5G mobile networks introduces new challenges for security management: Given the combination of Infrastructure-as-a-Service cloud providers, mobile network operators as Software-as-a-Service providers, and the various verticals as customers, multi-layer and multi-tenancy-capable management architectures are required. This paper addresses the challenges for correlation of security events in such 5G scenarios with a focus on event processing at telecommunication service providers. After an analysis of the specific demand for network-slice-centric security event correlation in 5G networks, ongoing standardization efforts, and related research, we propose a multi-tenancy-capable event correlation architecture along with a scalable information model. The event processing, alerting, and correlation workflow is discussed and has been implemented in a network and security management system prototype, leading to a demonstration of first results acquired in a lab setup.
2019-05-20
Hanauer, Tanja, Hommel, Wolfgang, Metzger, Stefan, Pöhn, Daniela.  2018.  A Process Framework for Stakeholder-Specific Visualization of Security Metrics. Proceedings of the 13th International Conference on Availability, Reliability and Security. :28:1-28:10.

Awareness and knowledge management are key components to achieve a high level of information security in organizations. However, practical evidence suggests that there are significant discrepancies between the typical elements of security awareness campaigns, the decisions made and goals set by top-level management, and routine operations carried out by systems administration personnel. This paper presents Vis4Sec, a process framework for the generation and distribution of stakeholder-specific visualizations of security metrics, which assists in closing the gap between theoretical and practical information security by respecting the different points of view of the involved security report audiences. An implementation for patch management on Linux servers, deployed at a large data center, is used as a running example.