32 Hits in 0.61 sec

The SensorCloud Protocol: Securely Outsourcing Sensor Data to the Cloud [article]

Martin Henze, René Hummen, Roman Matzutt, Klaus Wehrle
2016 arXiv   pre-print
Hummen, RWTH Aachen University -Roman Matzutt, RWTH Aachen University -Antonio Navarro Pérez, RWTH Aachen University -Thomas Partsch, Cologne University of Applied Sciences -Christian Röller, QSC AG -  ...  QSC AG -Benjamin Assadsolimani, RWTH Aachen University -Daniel Catrein, QSC AG -Dominik Chmiel, RWTH Aachen University -Martin Henze, RWTH Aachen University -Lars Hermerschmidt, RWTH Aachen University -René  ... 
arXiv:1607.03239v1 fatcat:brsb6mbzaveiff7qbeqjtsuuqa

SCSlib: Transparently Accessing Protected Sensor Data in the Cloud

Martin Henze, Sebastian Bereda, René Hummen, Klaus Wehrle
2014 Procedia Computer Science  
As sensor networks get increasingly deployed in real-world scenarios such as home and industrial automation, there is a similarly growing demand in analyzing, consolidating, and storing the data collected by these networks. The dynamic, on-demand resources offered by today's cloud computing environments promise to satisfy this demand. However, prevalent security concerns still hinder the integration of sensor networks and cloud computing. In this paper, we show how recent progress in
more » ... tion can provide the basis for protecting data from diverse sensor devices when outsourcing data processing and storage to the cloud. To this end, we present our Sensor Cloud Security Library (SCSlib) that enables cloud service developers to transparently access cryptographically protected sensor data in the cloud. SCSlib specifically allows domain specialists who are not security experts to build secure cloud services. Our evaluation proves the feasibility and applicability of SCSlib for commodity cloud computing environments.
doi:10.1016/j.procs.2014.08.055 fatcat:mbkg56c37bfsji4vh7ljcpjqla

The Cloud Needs Cross-Layer Data Handling Annotations

Martin Henze, Rene Hummen, Klaus Wehrle
2013 2013 IEEE Security and Privacy Workshops  
Nowadays, an ever-increasing number of service providers takes advantage of the cloud computing paradigm in order to efficiently offer services to private users, businesses, and governments. However, while cloud computing allows to transparently scale back-end functionality such as computing and storage, the implied distributed sharing of resources has severe implications when sensitive or otherwise privacy-relevant data is concerned. These privacy implications primarily stem from the
more » ... rency of the involved backend providers of a cloud-based service and their dedicated data handling processes. Likewise, back-end providers cannot determine the sensitivity of data that is stored or processed in the cloud. Hence, they have no means to obey the underlying privacy regulations and contracts automatically. As the cloud computing paradigm further evolves towards federated cloud environments, the envisioned integration of different cloud platforms adds yet another layer to the existing in-transparencies. In this paper, we discuss initial ideas on how to overcome these existing and dawning data handling in-transparencies and the accompanying privacy concerns. To this end, we propose to annotate data with sensitivity information as it leaves the control boundaries of the data owner and travels through to the cloud environment. This allows to signal privacy properties across the layers of the cloud computing architecture and enables the different stakeholders to react accordingly.
doi:10.1109/spw.2013.31 dblp:conf/sp/HenzeHW13 fatcat:x6tr4od2wvgdhpwu3hp6z7lvky

Comparison-Based Privacy: Nudging Privacy in Social Media (Position Paper) [chapter]

Jan Henrik Ziegeldorf, Martin Henze, René Hummen, Klaus Wehrle
2016 Lecture Notes in Computer Science  
Social media continues to lead imprudent users into oversharing, exposing them to various privacy threats. Recent research thus focusses on nudging the user into the 'right' direction. In this paper, we propose Comparison-based Privacy (CbP), a design paradigm for privacy nudges that overcomes the limitations and challenges of existing approaches. CbP is based on the observation that comparison is a natural human behavior. With CbP , we transfer this observation to decisionmaking processes in
more » ... e digital world by enabling the user to compare herself along privacy-relevant metrics to user-selected comparison groups. In doing so, our approach provides a framework for the integration of existing nudges under a self-adaptive, user-centric norm of privacy. Thus, we expect CbP not only to provide technical improvements, but to also increase user acceptance of privacy nudges. We also show how CbP can be implemented and present preliminary results.
doi:10.1007/978-3-319-29883-2_15 fatcat:ci5y3j4rx5cftpw54x7vohhemu

Lithe: Lightweight Secure CoAP for the Internet of Things

Shahid Raza, Hossein Shafagh, Kasun Hewage, Rene Hummen, Thiemo Voigt
2013 IEEE Sensors Journal  
The Internet of Things (IoT) enables a wide range of application scenarios with potentially critical actuating and sensing tasks, e.g., in the e-health domain. For communication at the application layer, resource-constrained devices are expected to employ the constrained application protocol (CoAP) that is currently being standardized at the Internet Engineering Task Force. To protect the transmission of sensitive information, secure CoAP mandates the use of datagram transport layer security
more » ... LS) as the underlying security protocol for authenticated and confidential communication. DTLS, however, was originally designed for comparably powerful devices that are interconnected via reliable, high-bandwidth links. In this paper, we present Lithe-an integration of DTLS and CoAP for the IoT. With Lithe, we additionally propose a novel DTLS header compression scheme that aims to significantly reduce the energy consumption by leveraging the 6LoWPAN standard. Most importantly, our proposed DTLS header compression scheme does not compromise the end-to-end security properties provided by DTLS. Simultaneously, it considerably reduces the number of transmitted bytes while maintaining DTLS standard compliance. We evaluate our approach based on a DTLS implementation for the Contiki operating system. Our evaluation results show significant gains in terms of packet size, energy consumption, processing time, and network-wide response times when compressed DTLS is enabled.
doi:10.1109/jsen.2013.2277656 fatcat:ctomsnlegvamljz7tym2x3dusa

Security Challenges in the IP-based Internet of Things

Tobias Heer, Oscar Garcia-Morchon, René Hummen, Sye Loong Keoh, Sandeep S. Kumar, Klaus Wehrle
2011 Wireless personal communications  
A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thingto-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of
more » ... hings. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.
doi:10.1007/s11277-011-0385-5 fatcat:qgq2ahp7qbhgnb43mlayxgnjty

Mesh-DHT: A locality-based distributed look-up structure for Wireless Mesh Networks

Hanno Wirtz, Tobias Heer, Rene Hummen, Klaus Wehrle
2012 2012 IEEE International Conference on Communications (ICC)  
Distributed Hash Tables (DHTs) offer an elegant and fully distributed solution for reliably storing and retrieving data. Wireless Mesh Networks (WMNs) envision a fully decentralized fashion, and as such require efficient decentralized mechanisms for service discovery, mobility support and data storage and retrieval. Hence, DHTs and WMNs seem to complement each other nicely and even share common traits and challenges, such as multi-path routing and dynamic membership of unreliable nodes.
more » ... Internet-based DHT approaches are designed to emphasize performance and stability in Internet scenarios and do not consider the special conditions in WMNs. In particular, they do not focus on the impact of the physical neighbor relations of DHT nodes and assume efficient global connectivity. In contrast, in a WMN, locality of communication is essential to avoid unnecessary multi-hop data transmissions and congestion on the wireless link. We present Mesh-DHT, an approach for building a scalable DHT in WMNs that puts special emphasis on the locality of nodes and links. We construct a stable, location-aware overlay network that enables fully distributed organization of information. By design, our DHT geometry is closely aligned to the network topology of the WMN to emphasize local communication. We show that our approach preserves locality in the overlay construction, is robust against node failure, and makes efficient use of local information. These properties make our approach scalable even in the presence of hundreds of mesh nodes.
doi:10.1109/icc.2012.6364336 dblp:conf/icc/WirtzHHW12 fatcat:x2yr2usuqzad5a2i3ur7kfmzhy

6LoWPAN fragmentation attacks and mitigation mechanisms

René Hummen, Jens Hiller, Hanno Wirtz, Martin Henze, Hossein Shafagh, Klaus Wehrle
2013 Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks - WiSec '13  
6LoWPAN is an IPv6 adaptation layer that defines mechanisms to make IP connectivity viable for tightly resourceconstrained devices that communicate over low power, lossy links such as IEEE 802.15.4. It is expected to be used in a variety of scenarios ranging from home automation to industrial control systems. To support the transmission of IPv6 packets exceeding the maximum frame size of the link layer, 6LoWPAN defines a packet fragmentation mechanism. However, the best effort semantics for
more » ... ment transmissions, the lack of authentication at the 6LoWPAN layer, and the scarce memory resources of the networked devices render the design of the fragmentation mechanism vulnerable. In this paper, we provide a detailed security analysis of the 6LoWPAN fragmentation mechanism. We identify two attacks at the 6LoWPAN design-level that enable an attacker to (selectively) prevent correct packet reassembly on a target node at considerably low cost. Specifically, an attacker can mount our identified attacks by only sending a single protocol-compliant 6LoWPAN fragment. To counter these attacks, we propose two complementary, lightweight defense mechanisms, the content chaining scheme and the split buffer approach. Our evaluation shows the practicality of the identified attacks as well as the effectiveness of our proposed defense mechanisms at modest trade-offs.
doi:10.1145/2462096.2462107 dblp:conf/wisec/HummenHWHSW13 fatcat:ixgj67bphnaxhkxoxytv3zlrw4

Standards-based end-to-end IP security for the Internet of Things

Rene Hummen, Klaus Wehrle
2013 2013 21st IEEE International Conference on Network Protocols (ICNP)  
Peer authentication and secure data transmission are vital aspects for many scenarios in the IP-based Internet of Things (IoT). To enable end-to-end security, recent research and standardization efforts focus on a number of IP security protocol variants for the IoT, most notably Datagram TLS (DTLS), the HIP Diet EXchange (DEX), and minimal IKEv2. In this dissertation outline, we present the main motivation for employing these protocol variants in constrained network environments and discuss the
more » ... need to surpass the status quo. Most importantly, we highlight our identified challenges when employing these protocol variants in constrained network environments and provide a high-level overview of our previously proposed approaches to counteract the identified design-level protocol issues.
doi:10.1109/icnp.2013.6733648 dblp:conf/icnp/HummenW13 fatcat:cnnn7g4xmbapdoaefu2uxbnske

Tailoring end-to-end IP security protocols to the Internet of Things

Rene Hummen, Hanno Wirtz, Jan Henrik Ziegeldorf, Jens Hiller, Klaus Wehrle
2013 2013 21st IEEE International Conference on Network Protocols (ICNP)  
Recent standardization efforts focus on a number of lightweight IP security protocol variants for end-to-end security in the Internet of Things (IoT), most notably DTLS, HIP DEX, and minimal IKEv2. These protocol variants commonly consider public-key-based cryptographic primitives in their protocol design for peer authentication and key agreement. In this paper, we identify several performance and security issues that originate from these public-key-based operations on resource-constrained IoT
more » ... evices. To illustrate their impact, we additionally quantify these protocol limitations for HIP DEX. Most importantly, we find that public-key-based operations significantly hamper a peer's availability and response time during the protocol handshake. Hence, IP security protocols in the IoT must be tailored to reduce the need for expensive cryptographic operations, to protect resource-constrained peers against DoS attacks targeting these cryptographic operations, and to account for high message processing times. To this end, we present three complementary, lightweight protocol extensions for HIP DEX: i) a comprehensive session resumption mechanism, ii) a collaborative puzzle-based DoS protection mechanism, and iii) a refined retransmission mechanism. Our focus on common protocol functionality allows to generalize our proposed extensions to the wider scope of DTLS and IKE. Finally, our evaluation confirms the considerable achieved improvements at modest trade-offs.
doi:10.1109/icnp.2013.6733571 dblp:conf/icnp/HummenWZHW13 fatcat:ejmfos3uijefbg55dkozozmgsy

Collaborative municipal Wi-Fi networks - challenges and opportunities

Tobias Heer, Rene Hummen, Nicolai Viol, Hanno Wirtz, Stefan Gotz, Klaus Wehrle
2010 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops)  
Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of
more » ... private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.
doi:10.1109/percomw.2010.5470505 dblp:conf/percom/HeerHVWGW10 fatcat:olia6cis7neilm53yad2r67e5e

PiSA-SA: Municipal Wi-Fi Based on Wi-Fi Sharing

Tobias Heer, Thomas Jansen, Rene Hummen, Stefan Gotz, Hanno Wirtz, Eias Weingartner, Klaus Wehrle
2010 2010 Proceedings of 19th International Conference on Computer Communications and Networks  
Large-scale municipal wireless networks are currently being established all around the world. These networks provide a rich set of local services, such as tourist guides, environmental information, pedestrian navigation, and local shopping guides. As recent financial failures of prominent municipal wireless networks show, it is economically challenging to achieve the bandwidth and coverage that is necessary for such a network. At the same time, Wi-Fi-sharing communities achieve high bandwidth
more » ... d good coverage at a very low cost by capitalizing on the dense deployment of private access points in urban areas. However, from a technical, conceptual, and security perspective, Wi-Fi sharing community networks resemble a patchwork of heterogeneous networks instead of one well-planned, uniform and secure network as required for the economic success of a municipal Wi-Fi project. In this paper, we show how to realize municipal wireless services on top of a Wi-Fi-sharing infrastructure in a technically sound and economically attractive fashion while taking into account legacy devices and mobile clients. Our solution cleanly separates the roles of controlling and administering the network from providing bandwidth and wireless access. This allows municipalities to focus their resources on municipal wireless services instead of providing Wi-Fi access.
doi:10.1109/icccn.2010.5560103 dblp:conf/icccn/HeerJHGWWW10 fatcat:kurbl54qjng4fejlp3hbctk7tm

SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators [chapter]

Michael Eggert, Roger Häußling, Martin Henze, Lars Hermerschmidt, René Hummen, Daniel Kerpen, Antonio Navarro Pérez, Bernhard Rumpe, Dirk Thißen, Klaus Wehrle
2014 Trusted Cloud Computing  
Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary
more » ... rview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.
doi:10.1007/978-3-319-12718-7_13 fatcat:nlquk4frxfb6rnpy6ex3gtdr24

A Cloud design for user-controlled storage and processing of sensor data

Rene Hummen, Martin Henze, Daniel Catrein, Klaus Wehrle
2012 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings  
Ubiquitous sensing environments such as sensor networks collect large amounts of data. This data volume is destined to grow even further with the vision of the Internet of Things. Cloud computing promises to elastically store and process such sensor data. As an additional benefit, storage and processing in the Cloud enables the efficient aggregation and analysis of information from different data sources. However, sensor data often contains privacy-relevant or otherwise sensitive information.
more » ... r current Cloud platforms, the data owner looses control over her data once it enters the Cloud. This imposes adoption barriers due to legal or privacy concerns. Hence, a Cloud design is required that the data owner can trust to handle her sensitive data securely. In this paper, we analyze and define properties that a trusted Cloud design has to fulfill. Based on this analysis, we present the security architecture of SensorCloud. Our proposed security architecture enforces end-to-end data access control by the data owner reaching from the sensor network to the Cloud storage and processing subsystems as well as strict isolation up to the service-level. We evaluate the validity and feasibility of our Cloud design with an analysis of our early prototype. Our results show that our proposed security architecture is a promising extension of today's Cloud offers.
doi:10.1109/cloudcom.2012.6427523 dblp:conf/cloudcom/HummenHCW12 fatcat:sxuzusm2kvbk3ef5xwmqfmje2e

How to Optimize Joint Routing and Scheduling Models for TSN Using Integer Linear Programming

David Hellmanns, Lucas Haug, Moritz Hildebrand, Frank Dürr, Stephan Kehrer, René Hummen
2021 29th International Conference on Real-Time Networks and Systems  
Reliable real-time communication is an essential technology for industrial manufacturing but also other branches to transport missioncritical messages. IEEE Time-Sensitive Networking (TSN) is a disruptive real-time communication standard extending IEEE Ethernet with real-time mechanisms. One of the core features of TSN is the Time-Aware Shaper (TAS) enabling TDMA-based scheduling of streams within the network. TDMA has many advantages from the real-time perspective. Foremost, stream isolation
more » ... the time dimension enables tight delay and jitter bounds. Moreover, conformance to these bounds is proven by the design of the TDMA schedule. However, calculating an optimal schedule is an NP-hard problem. Therefore, various approaches to optimize the schedule calculation are proposed, such as Integer Linear Programming (ILP). Nevertheless, a systematic comparsion of the different optimization approaches with respect to their performance is missing so far. To fill this gap, we first provide a systematic classification of optimizations of ILP-based TSN scheduling. To quantify the effects of such optimization approaches, we introduce a base ILP and propose optimizations for the different categories. Using the proposed optimization, we evaluate the performance with regard to execution time and schedulability (number of solved schedules). Our results show that the optimizations lead to strongly fluctuating results. Certain intuitive optimizations can even lead to massive performance degradations. CCS CONCEPTS • Networks → Packet scheduling; • Software and its engineering → Real-time schedulability; • Computer systems organization → Real-time systems.
doi:10.1145/3453417.3453421 fatcat:s7u3yfmolfeademfu6qpjrfdbu
« Previous Showing results 1 — 15 out of 32 results