Visible to the public Biblio

Filters: Author is Wehrle, Klaus  [Clear All Filters]
2023-01-06
Wolsing, Konrad, Saillard, Antoine, Bauer, Jan, Wagner, Eric, van Sloun, Christian, Fink, Ina Berenice, Schmidt, Mari, Wehrle, Klaus, Henze, Martin.  2022.  Network Attacks Against Marine Radar Systems: A Taxonomy, Simulation Environment, and Dataset. 2022 IEEE 47th Conference on Local Computer Networks (LCN). :114—122.
Shipboard marine radar systems are essential for safe navigation, helping seafarers perceive their surroundings as they provide bearing and range estimations, object detection, and tracking. Since onboard systems have become increasingly digitized, interconnecting distributed electronics, radars have been integrated into modern bridge systems. But digitization increases the risk of cyberattacks, especially as vessels cannot be considered air-gapped. Consequently, in-depth security is crucial. However, particularly radar systems are not sufficiently protected against harmful network-level adversaries. Therefore, we ask: Can seafarers believe their eyes? In this paper, we identify possible attacks on radar communication and discuss how these threaten safe vessel operation in an attack taxonomy. Furthermore, we develop a holistic simulation environment with radar, complementary nautical sensors, and prototypically implemented cyberattacks from our taxonomy. Finally, leveraging this environment, we create a comprehensive dataset (RadarPWN) with radar network attacks that provides a foundation for future security research to secure marine radar communication.
2023-01-05
Wagner, Eric, Matzutt, Roman, Pennekamp, Jan, Bader, Lennart, Bajelidze, Irakli, Wehrle, Klaus, Henze, Martin.  2022.  Scalable and Privacy-Focused Company-Centric Supply Chain Management. 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.
2022-09-09
Pennekamp, Jan, Alder, Fritz, Matzutt, Roman, Mühlberg, Jan Tobias, Piessens, Frank, Wehrle, Klaus.  2020.  Secure End-to-End Sensing in Supply Chains. 2020 IEEE Conference on Communications and Network Security (CNS). :1—6.
Trust along digitalized supply chains is challenged by the aspect that monitoring equipment may not be trustworthy or unreliable as respective measurements originate from potentially untrusted parties. To allow for dynamic relationships along supply chains, we propose a blockchain-backed supply chain monitoring architecture relying on trusted hardware. Our design provides a notion of secure end-to-end sensing of interactions even when originating from untrusted surroundings. Due to attested checkpointing, we can identify misinformation early on and reliably pinpoint the origin. A blockchain enables long-term verifiability for all (now trustworthy) IoT data within our system even if issues are detected only after the fact. Our feasibility study and cost analysis further show that our design is indeed deployable in and applicable to today’s supply chain settings.
2020-03-23
Hiller, Jens, Pennekamp, Jan, Dahlmanns, Markus, Henze, Martin, Panchenko, Andriy, Wehrle, Klaus.  2019.  Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments. 2019 IEEE 27th International Conference on Network Protocols (ICNP). :1–12.
An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.
2020-02-17
Hiller, Jens, Komanns, Karsten, Dahlmanns, Markus, Wehrle, Klaus.  2019.  Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids. 2019 AEIT International Annual Conference (AEIT). :1–6.
Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to be in control of the communication security. To this end, the SMGW intercepts all inbound and outbound communication of its premise, e.g., a factory or smart home, and forwards it on secure channels that the SMGW established itself. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.
2019-11-04
Serror, Martin, Henze, Martin, Hack, Sacha, Schuba, Marko, Wehrle, Klaus.  2018.  Towards In-Network Security for Smart Homes. Proceedings of the 13th International Conference on Availability, Reliability and Security. :18:1-18:8.

The proliferation of the Internet of Things (IoT) in the context of smart homes entails new security risks threatening the privacy and safety of end users. In this paper, we explore the design space of in-network security for smart home networks, which automatically complements existing security mechanisms with a rule-based approach, i. e., every IoT device provides a specification of the required communication to fulfill the desired services. In our approach, the home router as the central network component then enforces these communication rules with traffic filtering and anomaly detection to dynamically react to threats. We show that in-network security can be easily integrated into smart home networks based on existing approaches and thus provides additional protection for heterogeneous IoT devices and protocols. Furthermore, in-network security relieves users of difficult home network configurations, since it automatically adapts to the connected devices and services.

2017-05-30
Henze, Martin, Hiller, Jens, Schmerling, Sascha, Ziegeldorf, Jan Henrik, Wehrle, Klaus.  2016.  CPPL: Compact Privacy Policy Language. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. :99–110.

Recent technology shifts such as cloud computing, the Internet of Things, and big data lead to a significant transfer of sensitive data out of trusted edge networks. To counter resulting privacy concerns, we must ensure that this sensitive data is not inadvertently forwarded to third-parties, used for unintended purposes, or handled and stored in violation of legal requirements. Related work proposes to solve this challenge by annotating data with privacy policies before data leaves the control sphere of its owner. However, we find that existing privacy policy languages are either not flexible enough or require excessive processing, storage, or bandwidth resources which prevents their widespread deployment. To fill this gap, we propose CPPL, a Compact Privacy Policy Language which compresses privacy policies by taking advantage of flexibly specifiable domain knowledge. Our evaluation shows that CPPL reduces policy sizes by two orders of magnitude compared to related work and can check several thousand of policies per second. This allows for individual per-data item policies in the context of cloud computing, the Internet of Things, and big data.