Michael Waidner

Security and privacy challenges in industrial internet of things

Today, embedded, mobile, and cyberphysical systems are ubiquitous and used in many applications, from industrial control systems, modern vehicles, to critical infrastructure. Current trends and initiatives, such as “Industrie 4.0” and Internet of Things (IoT), promise innovative business models and novel user experiences through strong connectivity and effective use of next generation of embedded devices. These systems generate, process, and exchange vast amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. Cyberattacks on IoT systems are very critical since they may cause physical damage and even threaten human lives. The complexity of these systems and the potential impact of cyberattacks bring upon new threats. This paper gives an introduction to Industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.

Fragmentation Considered Leaking: Port Inference for DNS Poisoning

Internet systems and networks have a long history of attacks by off-path adversaries. An off-path adversary cannot see the traffic exchanged by the legitimate end points, and in the course of an attack it attempts to impersonate some victim by injecting spoofed packets into the communication flow. Such attacks subvert the correctness and availability of Internet services and, among others, were applied for DNS cache poisoning, TCP injections, reflection DDoS attacks.

Towards Security of Internet Naming Infrastructure

We study the operational characteristics of the server-side of the Internets naming infrastructure. Our findings discover common architectures whereby name servers are hidden behind server-side caching DNS resolvers. We explore the extent and the scope of the name servers that use server-side caching resolvers, and find such configurations in at least

Personal DLP for Facebook

38,%

Federated Identity Management

of the domains in a forward DNS tree, and higher percents of the domains in a reverse DNS tree. We characterise the operators of the server-side caching resolvers and provide motivations, explaining their prevalence. n nOur experimental evaluation indicates that the caching infrastructures are typically run by third parties, and that the services, provided by the third parties, often do not deploy best practices, resulting in misconfigurations, vulnerabilities and degraded performance of the DNS servers in popular domains.

Personal Information Dashboard: Putting the Individual Back in Control

Information technology (IT) is one of the most important drivers of innovation in production and automation. In Germany, the term Industrie 4.0 summarizes various activities and developments involved in the evolution of industrial processes in production, logistics, automation, etc. Many research and development projects work on different aspects of these developments. In the view of politics, industry, and IT enterprises, sufficient IT security is considered an essential prerequisite for the future of production. Although many current IT security solutions can be applied in Industrie 4.0 context, they do not satisfy requirements of processes in Industrie 4.0. Work needs to be done on underlying security mechanisms as well as on security architectures.

Online Privacy: Towards Informational Self-Determination on the Internet

Data Loss Prevention (DLP) is a well-established security and privacy concept in enterprise environments: Enterprise DLP tools scan outgoing messages and stop unintended information flows. It may catch malicious insiders, but the main use case is avoiding data leaks due to human errors. Good DLP tools prevent careless employees from doing something they would probably regret if made aware of. Individuals using online social networks are in a very similar situation: Often they share the wrong information with the wrong people, unaware of the risks and often even unaware of the technical meaning of what they are doing. Personal DLP, introduced in this paper, extends the notion of DLP to individual users. It makes the individual users aware of risks and mistakes, and it does so based on rules explicitly set by each user, and rules derived from that users past behavior and individual settings. Personal DLP raises awareness by explaining the risks, but the final decision is always with the user.

Survey of Software Protection with Minimal Hardware

Hybrid Broadcast Broadband TV (HbbTV) is a standardized technology that delivers Web content directly to smart TVs and set-top boxes. Unlike PCs and mobile devices, smart TVs dont allow consumers to configure privacy and security options. A review of HbbTV considers the implications of this limitation.