Michael Rossberg

Credential Management for Automatic Identification Solutions in Supply Chain Management

Current systems for automatic identification of goods presume a single administrative domain. However, in supply chain management systems temporary cooperations of multiple companies exist, and the usage of one identification device, such as a radio-frequency identification (RFID) tag, per company is infeasible for reasons of costs, space requirements, traceability, and higher collision rate. This paper analyzes the security requirements resulting from the usage of a single tag for multiple companies and proposes a novel system architecture and accompanying cryptographic protocols that address the security objectives entity authentication, controlled access, data confidentiality and integrity, as well as untraceability of RFID tags. The architecture is designed to provide high availability and graceful degradation in case of compromise of system parts. The results of an implementation and simulation study give insights on appropriate data structures for realizing key functionality, and demonstrate the feasibility with off-the-shelf hardware.

Distributed Automatic Configuration of Complex IPsec-Infrastructures

The Internet Protocol Security Architecture IPsec is hard to deploy in large, nested, or dynamic scenarios. The major reason for this is the need for manual configuration of the cryptographic tunnels, which grows quadratically with the total amount of IPsec gateways. This way of configuration is error-prone, cost-intensive and rather static. When private addresses are used in the protected subnetworks, the problem becomes even worse as the routing cannot rely on public infrastructures. In this article, we present a fully automated approach for the distributed configuration of IPsec domains. Utilizing peer-to-peer technology, our approach scales well with respect to the number of managed IPsec gateways, reacts robust to network failures, and supports the configuration of nested networks with private address spaces. We analyze the security requirements and further desirable properties of IPsec policy negotiation, and show that the distribution of security policy configuration does not impair security of transmitted user data in the resulting virtual private network (VPN). Results of a prototype implementation and simulation study reveal that the approach offers good characteristics for example with respect to quick reconfiguration of all gateways after a central power failure (robustness), or after insertion of new gateways (scalability and agility).

A survey on automatic configuration of virtual private networks

Virtual private networks (VPN) offer a secure data exchange over public networks. Despite being cheaper than leased lines, growing sizes and dynamic behavior of VPN nodes, e.g., for mobility or reasons of denial-of-service-attacks, make a manual configuration of large, dynamic VPN expensive. Consequently, a number of different VPN auto-configuration approaches have been invented and partially deployed over the last decade. This article identifies a comprehensive set of objectives to be fulfilled by IP-based VPN auto-configuration, explains and groups mechanisms, and analyzes their strengths and weaknesses with regards to the objectives. Finally, it identifies potential future directions of autonomous VPN deployment.

Towards trustworthy mobile social networking services for disaster response

Situational awareness is crucial for effective disaster management. However, obtaining information about the actual situation is usually difficult and time-consuming. While there has been some effort in terms of incorporating the affected population as a source of information, the issue of obtaining trustworthy information has not yet received much attention. Therefore, we introduce the concept of witness-based report verification, which enables users from the affected population to evaluate reports issued by other users. We present an extensive overview of the objectives to be fulfilled by such a scheme and provide a first approach considering security and privacy. Finally, we evaluate the performance of our approach in a simulation study. Our results highlight synergetic effects of group mobility patterns that are likely in disaster situations.

Bounds for the Security of the Vivaldi Network Coordinate System

Network coordinate systems have gained much attention as they allow for an elegant estimation of distances between nodes in distributed systems. Their most prominent representative is Vivaldi, which is using a mass-spring-damper system to embed peers into a two-dimensional Euclidean coordinate space with an additional height coordinate. In unimpaired overlay networks this simple method leads to a good approximation of pair wise delays. Unfortunately, like most distributed algorithms, Vivaldi is vulnerable to Byzantine failures, leading to possible routing attacks in peer-to-peer systems. Hence, several attack methods and countermeasures have been proposed. In this article, we analyze bounds for protection of Vivaldi network coordinates and show by theory and simulation how triangle inequality violations can be exploited to create instabilities, despite the proposed countermeasures.

Using recurring costs for reputation management in peer-to-peer streaming systems

Due to the dependency on preceding nodes in overlay live streaming systems, only highly reliable nodes should be chosen to occupy vital positions in the overlay topology, serving large numbers of succeeding participants. Otherwise, the highly dynamic and potentially hostile environment with frequent arrivals and departures of participants may lead to high packet loss rates and a significant decrease in quality of service. Hence, a high resilience towards failure of participants and especially deliberate sabotage through malicious parties is a prerequisite for this content distribution scheme to gain acceptance by users and the market. In order to incorporate the reliability of nodes into the topology construction process a stable metric for assessing the reliability of nodes has to be defined that preserves the anonymity of the subscribers and allows coping with their stochastic behavior. In this paper we present eLeumund, an algorithm, which utilizes recurring costs as a means to compute a dependable reputation value representing a node’s reliability for the service. Our scheme maintains the privacy of all participants.

On the resistance of overlay networks against bandwidth exhaustion attacks

In order to perform private communication over public networks, such as the Internet, several different kinds of virtual overlay networks emerged. Examples are the well known Virtual Private Networks, Darknets, and anonymizing networks like Tor. All of these networks are designed to provide data delivery that is confidential, authentic and integrity protected. Nonetheless, for a secure operation also the availability must be taken into account, especially as these structures turn into vital targets for Denial-of-Service attacks. Within this article we present metrics to rate different network topologies with regard to their resistance against botnets, whose available attack bandwidth is not a limiting factor. The presented metrics consider random, greedy, and optimally operating attackers, and are used to derive several properties that very resilient overlay topologies must have. In particular a low constant node degree and high girth are identified. The results are validated by a simulation study.

Towards distributed geolocation by employing a delay-based optimization scheme

To support position-dependent services, like matchmaking algorithms for online games or geographic backup routes, the estimation of peer locations became a key requisite for a range of applications, recently. However, exact localization may be impossible, e.g., due to nodes lacking Global Positioning System (GPS) access for reasons of cost, energy, or signal unavailability. Alternative approaches, e.g., by nearby WLAN BSSIDs or IP geolocation, rely on databases and normally contain large outliers, in particular when concerning underrepresented mapping locations. This led us to the study of a complementary idea: By embedding nodes on a sphere and periodically minimizing local positioning errors by delay-based multilateration, we efficiently estimate node positions by distributed means, given a fair amount of position hints. Based on simulations that rely on real-world PlanetLab latency data, we show that global-scope peer locations can be estimated with an accuracy of a few hundred kilometers, where the novel approach outperforms a previously proposed spring-mass-based method by about 50%.

Towards a Denial-of-Service Resilient Design of Complex IPsec Overlays

By monitoring the exchanged IPsec traffic an adversary can usually easily discover the layout of virtual private networks (VPNs). Of even worse extend is the disclosure if compromised IPsec gateways are considered, for example in remote environments. This revelation enables attackers to identify vital components and may allow him to compromise the availability of the overall infrastructure by launching well-targeted denial-of-service (DoS) attacks against them. In this article we present a formal model to analyze the resilience of VPN infrastructures against DoS attacks, to estimate the impact of compromised gateways, and to formalize the planning process of more resilient infrastructures.

Geocast into the past: Towards a privacy-preserving spatiotemporal multicast for cellular networks

This article introduces the novel concept of Spatiotemporal Multicast (STM), which is the issue of sending a message to mobile devices that have been residing at a specific area during a certain time span in the past. A wide variety of applications can be envisioned for this concept, including crime investigation, disease control, and social applications. An important aspect of these applications is the need to protect the privacy of its users. In this article, we present an extensive overview of applications and objectives to be fulfilled by an STM service. Furthermore, we propose a first Cluster-based Spatiotemporal Multicast (CSTM) approach and provide a detailed discussion of its privacy features. Finally, we evaluate the performance of our scheme in a large-scale simulation setup.