Auflistung nach Autor:in "Fischer, Mathias"
1 - 10 von 18
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAbusers don’t get Privacy. Sensitively Logging and Blocking Tor Abuse(SICHERHEIT 2020, 2020) Marx, MatthiasTor has a significant problem with malicious traffic routed through Tor exit nodes. They create a credible reason for websites to discriminate against Tor users. The abuse also creates a strong disincentive to run exit nodes since the exit node operators have to deal with abuse messages and possible law enforcement interactions. We want to detect and mitigate the attacks that happen through Tor exit nodes without undermining Tor users’ anonymity and privacy. We use a modified version of the Tor exit node to enable NIDS (Network Intrusion Detection) monitoring and termination of malicious activity on a per-circuit level. We use the Zeek IDS (formerly Bro) to detect attacks using robust mechanisms that have very low false positive rates. Initial results indicate that, using our approach, the number of abuse cases can be reduced.
- KonferenzbeitragAnalyzing PeerFlow – A Bandwidth Estimation System for Untrustworthy Environments(SICHERHEIT 2020, 2020) Mitseva, Asya; Engel, Thomas; Panchenko, AndriyTor is the most popular low-latency anonymization network comprising over 7,000 nodes run by volunteers. To balance the user traffic load over the diverse resource capabilities of these nodes, Tor guides users to choose nodes in proportion to their available bandwidth. However, self-reported bandwidth values are not trustworthy. Recently, a new bandwidth measurement system, PeerFlow, has been proposed aiming to solve the Tor bandwidth estimation problem. In this work, we introduce the first practical analysis of PeerFlow. We proposed a set of strategies for the practical realization of probation periods in PeerFlow and showed that many Tor nodes cannot recover to their normal state after one measuring period. We also demonstrated that low-bandwidth adversaries gain significantly higher bandwidth estimates exceeding the theoretically defined security boundaries of PeerFlow.
- KonferenzbeitragApp-generated digital identities extracted through Android permission-based data access - a survey of app privacy(SICHERHEIT 2020, 2020) Momen, Nurul; Fritsch, LotharSmartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.
- KonferenzbeitragContext-based Access Control and Trust Scores in Zero Trust Campus Networks(SICHERHEIT 2020, 2020) Lukaseder, Thomas; Halter, Maya; Kargl, FrankResearch networks are used daily by thousands of students and scientific staff for education and research and therefore have a large number of sensitive and valuable resources. The currently predominant perimeter security model is failing more and more often to provide sufficient protection against attackers. This paper analyses to what extent the zero trust model that is popular in some commercial networks can also be applied to the open and heterogeneous research network of a German university. The concept presented herein to implement such an identity-based network model focuses in particular on the components which are necessary for authentication and authorization. The feasibility of the model is demonstrated by a self-implemented prototype that protects access control to a prominent eLearning system called Moodle. Non-functional performance tests show an increase in performance compared to the current system where access control is only conducted inside the web application. The Zero Trust Model enables the determination of the trustworthiness of individual identities and thus offers valuable new ways to secure a research network.
- KonferenzbeitragCryptoCAN – Ensuring Confidentiality in Controller Area Networks for Agriculture(SICHERHEIT 2020, 2020) Zimmermann, Till; Bauer, Jan; Aschenbruck, NilsThe Controller Area Network (CAN) bus is widely used in existing machinery. Facing more and more vertical integration with more complex devices and integration into public communication networks, its nature as a broadcast-only system without security measures poses serious risks to confidentiality of transmitted data. In this paper, we propose a Lightweight, Length Preserving and Robust Confidentiality Solution (LLPR-CS) to retrofit encryption in existing systems, while maintaining full interoperability with these systems. The overhead of our approach is negligible. Therefore, it can be used with existing hardware. By reinterpreting unused bits in the CAN frame format of the ISO 11898 standard, it is possible to build a fully transparent encrypted tunnel in non-confidential network parts, while keeping the ability to decrypt all traffic in an out-of-band-system without knowledge of specific cryptographic state details. By conducting a performance evaluation, we highlight the benefits of LLPR-CS and discuss its advantages compared to existing approaches.
- KonferenzbeitragDatenschutzgerechte und mehrseitig sichere IT-Plattformen für die medizinische Forschung(SICHERHEIT 2020, 2020) Petersen, TomDie medizinische Forschung ist in vielen Fällen auf die Nutzung von zu Patienten erhobenen Gesundheitsdaten angewiesen. Demgegenüber stehen jedoch die besondere Sensibilität dieser Daten und daraus resultierende Datenschutzanforderungen. Das hier vorgestellte Forschungsvorhaben beschäftigt sich mit dem Entwurf von datenschutzgerechten und sicheren IT-Plattformen für die Erhebung, Speicherung und Bereitstellung von Gesundheitsdaten zu Forschungszwecken, um diesen Zielkonflikt zu lösen. Hierzu werden rechtliche Aspekte, Sicherheitsinteressen beteiligter Akteure und mögliche Architekturen betrachtet sowie technische Maßnahmen vorgestellt, die bei der Erfüllung von Datenschutz- und Sicherheitsanforderungen genutzt werden können.
- KonferenzbeitragDo Privacy Concerns Prevent Employees’ Acceptance of Smart Wearables and Collaborative Robots?(SICHERHEIT 2020, 2020) Richter, AlexanderDuring the digitization of workplaces, companies are increasingly using smart wearables as well as collaborate robots. This technological progress contributes to higher productivity and efficiency in manufacturing processes, as they assist employees in carrying out their work. This changes the way employees interact and collaborate with the working environment as well as robots. When companies utilize smart wearables and collaborative robots in their processes, employees are exposed to various privacy issues, which may lead to privacy concerns and may reduce the acceptance of such devices and robots. Thus, the presented PhD research project aims to understand the employees' privacy concerns which prevent the acceptance of such devices and how to counteract them.
- KonferenzbeitragHierarchical Distributed Consensus for Smart Grids(SICHERHEIT 2020, 2020) Stübs, MariusReaching consensus in distributed systems is a topic with a long record of suggestions, discussions and approaches to solve. One instance of such a distributed system is the emerging Internet-of-Energy: Thousands of Smart Grid service providers participate in the orchestration of a multitude of intelligent energy devices and distributed energy resources (DER), to keep the balance between consumption and injection of electrical power. The traditional approach of reaching consensus with Paxos has serious drawbacks regarding scalability and dynamicality of node participation. Our work builds upon the results of Paxos and a number of its successors, such as Raft and Flexible Paxos, and takes on a more topologically driven perspective: We discuss a variant of Paxos that provides two important innovations towards applicability in future Smart Grids. First, leader election is explicitly bound to a number of nodes that are affected of the desired transaction, forming an election cluster. Election clusters (EC) are agreed upon dynamically in each round to achieve parallelizability of consensus depending on the grid topology and inter-dependability of nano- and micro-grids. Second, we describe a hierarchical extension of this scheme, where an aggregation of the achieved consensus is part of a higher level consensus scheme encompassing all nodes. This way, we achieve loose coupling combined with partial order of events, implementing a hierarchically distributed global consensus.
- KonferenzbeitragInformationssicherheit für KRITIS-Betreiber: Kritische Dienstleistungen systematisch schützen(SICHERHEIT 2020, 2020) Greven, FraukeDer Aufbau und Betrieb eines erfolgreichen Informations-Sicherheits-Management-Systems beginnt mit der passgenauen Festlegung des zu schützenden Geltungsbereichs und der Definition konkreter Schutzziele. Sie sind der Ausgangspunkt für eine ganzheitliche Risikobeurteilung und die Auswahl sowie Umsetzung geeigneter Schutzmaßnahmen. Seit 2017 sind Betreiber Kritischer Infrastrukturen verpflichtet, gegenüber dem Bundesamt für Sicherheit in der Informationstechnik (BSI) die Umsetzung angemessener technischer und organisatorischer Maßnahmen zum Schutz ihrer kritischen Dienstleistungen (kDl) nachzuweisen. Eine wichtige Arbeitshilfe stellen dabei die von KRITIS-Betreibern bzw. Branchenverbänden entwickelten und vom BSI als geeignet festgestellten Branchenspezifischen Sicherheitsstandards (B3S) dar. Das BSI unterstützt Interessierte mit einem Workshop-Konzept dabei, den Geltungsbereich auf die branchenspezifischen kDl zu fokussieren und entsprechende KRITIS- und IT-Schutzziele abzuleiten. Die Ergebnisse erleichtern KRITIS-Betreibern, ihren individuellen Geltungsbereich für die alle zwei Jahre erforderlichen Nachweise gemäß §8a (3) BSIG festzulegen. Damit kann erreicht werden, dass notwendige Prüfungen wie Sicherheitsaudits und Zertifizierungen zielgerichtet mit möglichst wenig personellem und finanziellem Aufwand durchgeführt werden können.
- KonferenzbeitragLean Privacy by Design(SICHERHEIT 2020, 2020) Zibuschka, Jan; Zimmermann, ChristianDurch agile Prozesse und Praktiken können Firmen in komplexen, offenen Ökosystemen flexbiler und effizienter agieren. Agile Methoden werden auch in Anwendungsfeldern verwendet, die sich durch besondere Datenschutz- und Sicherheitsanforderungen auszeichnen. Allerdings wird die gegenwärtig übliche Umsetzung solcher Anforderungen im SCRUM-Vorgehen von SCRUM-Teams als umständlich und schwer nachvollziehbar und seitens der Datenschutzverantwortlichen als kostenintensiv und überkompliziert empfunden. Um diese Probleme zu adressieren, schlagen wir einen auf lean thinking basierenden Ansatz zur Behandlung von Datenschutzanforderungen in agilen Entwicklungsprozessen vor.