Christoph Krauß

Detecting node compromise in hybrid wireless sensor networks using attestation techniques

Node compromise is a serious threat in wireless sensor networks. Particular in networks which are organized in clusters, nodes acting as cluster heads for many cluster nodes are a valuable target for an adversary. We present two efficient hardware-based attestation protocols for detecting compromised cluster heads. Cluster heads are equipped with a Trusted Platform Module and possess much more resources than the majority of cluster nodes which are very constrained in their capabilities. A cluster node can verify the trustworthiness of a cluster head using the Trusted Platform Module as a trust anchor and therefore validate whether the system integrity of a cluster head has not been tampered with. The first protocol provides a broadcast attestation, i.e., allowing a cluster head to attest its system integrity to multiple cluster nodes simultaneously, while the second protocol is able to carry out a direct attestation between a single cluster node (or the sink) and one cluster head. In contrast to timing-based software approaches, the attestation can be performed even if nodes are multiple hops away from each other.

Defending against false-endorsement-based dos attacks in wireless sensor networks

Node compromise is a serious threat in wireless sensor networks. An adversary can use compromised sensor nodes to inject false data to deceive the base station or he can try to deplete the energy resources of the sensor nodes. One approach to mitigate the impact of node compromise exploits the redundancy property of many wireless sensor networks. If a node initiates a report generation for the base station, then this report must be endorsed by multiple neighboring sensor nodes. Already proposed schemes using this approach introduce a new possible attack, called False-Endorsement-Based Denial of Service attack, where a compromised node sends a false endorsement which invalidates the collaboratively generated report. We propose an extension scheme, which enables the detection and exclusion of false endorsing nodes and is efficient in terms of storage and energy consumption.

Sicherheit im Smart Grid

ZusammenfassungEin Smart Grid ist eine besonders schützenswerte, kritische Infrastruktur, die vielfältige Angriffsflächen bietet. Mit der zunehmenden Abhängigkeit von einem zuverlässigen und robusten Smart Grid für die Versorgungssicherheit steigen Verletzlichkeit und Verwundbarkeit durch gezielte Angriffe (Terroranschläge, Hackeraktivitäten, Manipulationsversuche). Informations- und Telekommunikationstechnik dient dabei als Tatwaffe und ist zugleich das Ziel von Angriffen. Der Beitrag zeigt, welche Schutzmaßnahmen für die Konzeption zukunftssicherer Smart Grids unerlässlich sind.

Selbstdatenschutz im vernetzten Fahrzeug

ZusammenfassungDie Vernetzung von Fahrzeugen bringt viele Mehrwerte, aber auch neue Gefahren in Bezug auf Sicherheit und Datenschutz. Dieser Artikel beleuchtet das Thema Datenschutz aus technischer, rechtlicher und Nutzerperspektive und zeigt Ansätze für die Entwicklung einer geeigneten Datenschutzlösung auf, bei welcher der Nutzer selbstbestimmt über den Umgang mit „seinen“ Daten entscheiden kann.

IT-Sicherheit und Datenschutz im vernetzten Fahrzeug

ZusammenfassungGrößter Innovationstreiber moderner vernetzter Fahrzeuge ist die Informationstechnologie. Jedoch ergeben sich hierdurch auch neue Bedrohungen für IT-Sicherheit und Datenschutz. In diesem Artikel wird ein Überblick über vernetzte Fahrzeuge, mögliche Anwendungen, die benötigten Daten und die sich ergebenden Bedrohungen gegeben. Weiterhin werden Herausforderungen für die aktuelle Forschung identifiziert.

On Using TLS to Secure In-Vehicle Networks

A trend in modern in-vehicle networks is the use of network technologies with higher bandwidth such as Automotive Ethernet. As a result, more sophisticated security technologies may be used to secure the communication. In this paper, we investigate whether the Transport Layer Security Protocol (TLS) is applicable to secure in-vehicle networks. First, we identify the security and performance requirements as well as the communication scenarios which must be supported by the TLS communication. Next, we discuss how these requirements can be realized with TLS. This also includes the discussion of the certificate management. Finally, we present and discuss our prototypical TLS implementation on a typical automotive platform and show that TLS is able to fulfill most performance requirements of the automotive industry.

Towards secure fieldbus communication

In this paper, we present an approach to secure fieldbus communication of automation systems used in security-critical applications. We propose a protocol that applies a scheme combining a stream cipher and a Message Authentication Code (MAC) to ensure integrity, confidentiality, authenticity, and freshness of transmitted telegrams over a fieldbus while maintaining real-time constraints. The security discussion shows that the protocol is secure against an adversary attacking the fieldbus communication. A first proof-of-concept implementation for the EtherCAT fieldbus protocol is implemented to perform some initial runtime analyses.

The user-centered privacy-aware control system PRICON: An interdisciplinary evaluation

The advent of connected vehicles has increased the relevance of privacy in cars. While current approaches to increase security and privacy in connected vehicles are mainly driven from technological perspectives, users do not have active control over their personal data. Therefore, the user-centered privacy-aware control system PrivacyController (PRICON) has been developed which incorporates expertise from judicial, technical and user-centered perspectives. PRICON provides users with a user-friendly possibility to define self-determined privacy policies which are applied to the vehicular system. In this paper, we report the evaluation of PRICON from a legal, technical and user-centered point-of-view. The evaluation results are discussed and practical implications are derived.

Anonymous Charging and Billing of Electric Vehicles

None of the existing and upcoming Plug-and-Charge (PnC) related standards define privacy-preserving measures for protecting privacy-sensitive charging and billing data to prevent attacks such as the generation of movement profiles. To address this issue, we analyze PnC protocols with respect to privacy, identify requirements for privacy-preserving PnC solutions, and propose a PnC protocol extension enabling users to charge Electric Vehicle (EV) anonymously and service providers to securely bill their customers. Our approach addresses the complete PnC process chain and is based on a Direct Anonymous Attestation (DAA) protocol using a Trusted Platform Module (TPM) in the vehicle. Our analysis shows that our approach effectively protects the customers privacy while introducing only minimal additional protocol overhead.

T-CUP: A TPM-Based Code Update Protocol Enabling Attestations for Sensor Networks

In this paper, we propose a secure code update protocol for TPM-equipped sensor nodes, which enables these nodes to prove their trustworthiness to other nodes using efficient attestation protocols. As main contribution, the protocol provides mechanisms to maintain the ability of performing efficient attestation protocols after a code update, although these protocols assume a trusted system state which never changes. We also present a proof of concept implementation on IRIS sensor nodes, which we have equipped with Atmel TPMs, and discuss the security of our protocol.